patches/fribidi/*.patch: merge fixes for CVE-2022-{25308,25309,25310}.

Signed-off-by: Ørjan Malde <red@foxi.me>
author: Ørjan Malde <red@foxi.me> 2022-04-15 14:31:14 +0200
committer: Ørjan Malde <red@foxi.me> 2022-04-15 14:31:14 +0200
commit: 22c622b0cf3dd0c813c7054d442da336674b9786 (patch)
tree: b2efa6c518e3b63d4364b01735c7d51a12f35b40 /patches/fribidi/CVE-2022-25310.patch
parent: 1b0a65f28a480d4e743992de1ab6fd62f9f98f54 (diff)
download: midipix_build-22c622b0cf3dd0c813c7054d442da336674b9786.tar.bz2
midipix_build-22c622b0cf3dd0c813c7054d442da336674b9786.tar.xz
1 files changed, 25 insertions, 0 deletions
diff --git a/patches/fribidi/CVE-2022-25310.patch b/patches/fribidi/CVE-2022-25310.patch
new file mode 100644
index 0000000..a1d05c0
--- /dev/null
+++ b/patches/fribidi/CVE-2022-25310.patch
@@ -0,0 +1,25 @@
+From 175850b03e1af251d705c1d04b2b9b3c1c06e48f Mon Sep 17 00:00:00 2001
+From: Akira TAGOH <akira@tagoh.org>
+Date: Thu, 17 Feb 2022 19:06:10 +0900
+Subject: [PATCH] Fix SEGV issue in fribidi_remove_bidi_marks
+
+Escape from fribidi_remove_bidi_marks() immediately if str is null.
+
+This fixes https://github.com/fribidi/fribidi/issues/183
+---
+ lib/fribidi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/fribidi.c b/lib/fribidi.c
+index f5da0da..70bdab2 100644
+--- a/lib/fribidi.c
++++ b/lib/fribidi.c
+@@ -74,7 +74,7 @@ fribidi_remove_bidi_marks (
+   fribidi_boolean status = false;
+ 
+   if UNLIKELY
+-    (len == 0)
++    (len == 0 || str == NULL)
+     {
+       status = true;
+       goto out;
author	Ørjan Malde <red@foxi.me>	2022-04-15 14:31:14 +0200
committer	Ørjan Malde <red@foxi.me>	2022-04-15 14:31:14 +0200
commit	22c622b0cf3dd0c813c7054d442da336674b9786 (patch)
tree	b2efa6c518e3b63d4364b01735c7d51a12f35b40 /patches/fribidi/CVE-2022-25310.patch
parent	1b0a65f28a480d4e743992de1ab6fd62f9f98f54 (diff)
download	midipix_build-22c622b0cf3dd0c813c7054d442da336674b9786.tar.bz2 midipix_build-22c622b0cf3dd0c813c7054d442da336674b9786.tar.xz