From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/pango: add upstream security fix for CVE-2018-15120
Date: Fri, 18 Jan 2019 10:22:12 +0100 [thread overview]
Message-ID: <20190118092213.23862-1-peter@korsgaard.com> (raw)
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other
products, allows remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via crafted text with
invalid Unicode sequences.
https://nvd.nist.gov/vuln/detail/CVE-2018-15120
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...-assertion-with-invalid-Unicode-sequences.patch | 38 ++++++++++++++++++++++
1 file changed, 38 insertions(+)
create mode 100644 package/pango/0002-Prevent-an-assertion-with-invalid-Unicode-sequences.patch
diff --git a/package/pango/0002-Prevent-an-assertion-with-invalid-Unicode-sequences.patch b/package/pango/0002-Prevent-an-assertion-with-invalid-Unicode-sequences.patch
new file mode 100644
index 0000000000..010981e8b4
--- /dev/null
+++ b/package/pango/0002-Prevent-an-assertion-with-invalid-Unicode-sequences.patch
@@ -0,0 +1,38 @@
+From 71aaeaf020340412b8d012fe23a556c0420eda5f Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 17 Aug 2018 22:29:36 -0400
+Subject: [PATCH] Prevent an assertion with invalid Unicode sequences
+
+Invalid Unicode sequences, such as 0x2665 0xfe0e 0xfe0f,
+can trick the Emoji iter code into returning an empty
+segment, which then triggers an assertion in the itemizer.
+
+Prevent this by ensuring that we make progress.
+
+This issue was reported by Jeffrey M.
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ pango/pango-emoji.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/pango/pango-emoji.c b/pango/pango-emoji.c
+index 0e332dff..29472452 100644
+--- a/pango/pango-emoji.c
++++ b/pango/pango-emoji.c
+@@ -253,6 +253,12 @@ _pango_emoji_iter_next (PangoEmojiIter *iter)
+ if (iter->is_emoji == PANGO_EMOJI_TYPE_IS_EMOJI (current_emoji_type))
+ {
+ iter->is_emoji = !PANGO_EMOJI_TYPE_IS_EMOJI (current_emoji_type);
++
++ /* Make sure we make progress. Weird sequences, like a VC15 followed
++ * by VC16, can trick us into stalling otherwise. */
++ if (iter->start == iter->end)
++ iter->end = g_utf8_next_char (iter->end);
++
+ return TRUE;
+ }
+ }
+--
+2.11.0
+
--
2.11.0
next reply other threads:[~2019-01-18 9:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-18 9:22 Peter Korsgaard [this message]
2019-01-19 15:34 ` [Buildroot] [PATCH] package/pango: add upstream security fix for CVE-2018-15120 Peter Korsgaard
2019-01-29 16:12 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190118092213.23862-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox