[Pkg-chromium-commit] chromium-browser/chromium-browser.squeeze: 721 [72134] High Memory corruption in SVG fonts. Credit to Andreas Kling.

Giuseppe Iuculano iuculano at debian.org
Fri Mar 4 14:41:18 UTC 2011 

Branch name: chromium-browser/chromium-browser.squeeze
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.squeeze
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 721
Revision Id: iuculano at debian.org-20110304144118-9bzrpewmo4tn00z3
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : [72134] High Memory corruption in SVG fonts. Credit to Andreas Kling.


--------------------------------------------------------
  ** Added :
        - debian/patches/72134.patch

  ** Modified :
        - debian/changelog
        - debian/patches/series

-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2011-03-04 14:37:37 +0000
+++ b/debian/changelog	2011-03-04 14:41:18 +0000
@@ -15,8 +15,9 @@
     - [71855] High Integer overflow in textarea handling. Credit to miaubiz.
     - [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome
       Security Team (Inferno).
+    - [72134] High Memory corruption in SVG fonts. Credit to Andreas Kling.
 
- -- Giuseppe Iuculano <iuculano at debian.org>  Fri, 04 Mar 2011 15:37:06 +0100
+ -- Giuseppe Iuculano <iuculano at debian.org>  Fri, 04 Mar 2011 15:40:58 +0100
 
 chromium-browser (6.0.472.63~r59945-5+squeeze2) stable-security; urgency=high
 

=== added file 'debian/patches/72134.patch'
--- a/debian/patches/72134.patch	1970-01-01 00:00:00 +0000
+++ b/debian/patches/72134.patch	2011-03-04 14:41:18 +0000
@@ -0,0 +1,11 @@
+--- a/src/third_party/WebKit/WebCore/svg/SVGFont.cpp
++++ b/src/third_party/WebKit/WebCore/svg/SVGFont.cpp
+@@ -242,7 +242,7 @@ struct SVGTextRunWalker {
+     {
+         ASSERT(0 <= from && from <= to && to - from <= run.length());
+ 
+-        const String text = Font::normalizeSpaces(String(run.data(from), run.length()));
++        const String text = Font::normalizeSpaces(String(run.data(from), to - from));
+         Vector<SVGGlyphIdentifier::ArabicForm> chars(charactersWithArabicForm(text, run.rtl()));
+ 
+         SVGGlyphIdentifier identifier;

=== modified file 'debian/patches/series'
--- a/debian/patches/series	2011-03-04 14:37:37 +0000
+++ b/debian/patches/series	2011-03-04 14:41:18 +0000
@@ -65,3 +65,4 @@
 71115.patch
 71855.patch
 71960.patch
+72134.patch

More information about the Pkg-chromium-commit mailing list