|
From: | J Decker |
Subject: | Re: [ft] Possible issue in FreeType |
Date: | Wed, 27 May 2015 20:43:03 -0700 |
Hi all
I'm Jose Guzman from a security team at Intel.
We're using freetype in a GNU-Linux project and I'm analyzing the code
to try to find possible issues/gaps/risks.
Since I'm not too familiar with the package yet I have a question about
one particular piece of code that could result in an invalid memory
segment read or stack fault.
Version: 2.5.5
File src/tools/apinames.c
Function: static void names_dump(...)
Line: ~186
In the case that the process flow executes code inside the "if"
statement at line 170: "if ( dot != NULL )", there is a line of code
where "dll_name" points to a local variable "temp" which becomes invalid
outside "if" block. So in the next for loop "dll_name" variable could
point to an invalid memory segment.
I really appreciate if anyone can address this question and tell me
whether is a real issue or not since you know much better the package
and can analyze the code deeply.
Thanks in advance,
-Jose G.
_______________________________________________
Freetype mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/freetype
[Prev in Thread] | Current Thread | [Next in Thread] |