[ft] Possible issue in FreeType

freetype

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft] Possible issue in FreeType

From:	Guzman Mosqueda, Jose R
Subject:	[ft] Possible issue in FreeType
Date:	Wed, 27 May 2015 22:44:49 +0000

Hi all

I'm Jose Guzman from a security team at Intel.
We're using freetype in a GNU-Linux project and I'm analyzing the code
to try to find possible issues/gaps/risks.
Since I'm not too familiar with the package yet I have a question about
one particular piece of code that could result in an invalid memory
segment read or stack fault.

Version: 2.5.5
File src/tools/apinames.c
Function: static void names_dump(...)
Line: ~186

In the case that the process flow executes code inside the "if"
statement at line 170: "if ( dot != NULL )", there is a line of code
where "dll_name" points to a local variable "temp" which becomes invalid
outside "if" block. So in the next for loop "dll_name" variable could
point to an invalid memory segment.

I really appreciate if anyone can address this question and tell me
whether is a real issue or not since you know much better the package
and can analyze the code deeply.

Thanks in advance,
-Jose G.

[Prev in Thread]

Current Thread

[Next in Thread]

[ft] Possible issue in FreeType, Guzman Mosqueda, Jose R <=
- Re: [ft] Possible issue in FreeType, J Decker, 2015/05/27
  - Re: [ft] Possible issue in FreeType, Jan Engelhardt, 2015/05/28
    - Re: [ft] Possible issue in FreeType, J Decker, 2015/05/28
  - Re: [ft] Possible issue in FreeType, Werner LEMBERG, 2015/05/28
    - Re: [ft] Possible issue in FreeType, Guzman Mosqueda, Jose R, 2015/05/28

Prev by Date: Re: [ft] How to use freetype for embedded projects?
Next by Date: Re: [ft] Possible issue in FreeType
Previous by thread: [ft] How to use freetype for embedded projects?
Next by thread: Re: [ft] Possible issue in FreeType
Index(es):
- Date
- Thread