[ft] UVS support in freetype-2.4.x is broken under legacy-compatible configuration
<mpsuzuki <at> hiroshima-u.ac.jp>
2010-11-04 15:35:42 GMT
I apologize that UVS support of freetype-2.4.x is broken under
legacy-compatible configuration (it's default configuration for
'configure && make && make install'-ed binary).
The bug causes a crash by NULL pointer dereference in UVS
support functions, but I think it is not exploitable bug.
Even if a malicious font is given, the client won't be
crashed by this bug, as far as the client does not call UVS
It is already fixed in latest revision on GIT. The detailed
analysis and the patch (applicable to all revisions since
the bug was introduced) is available from savannah bugzilla: