[Bug 11237] New: heap corruption in freetype font loader

17 Jan 2008


      http://bugs.winehq.org/show_bug.cgi?id=11237
Summary: heap corruption in freetype font loader
           Product: Wine
           Version: 0.9.53.
          Platform: Other
               URL: http://www.bahn.de/p/view/static/spiele/virtuelle_bahnfa
                    hrt.exe
        OS/Version: other
            Status: NEW
          Severity: major
          Priority: P2
         Component: fonts
        AssignedTo: wine-bugs@winehq.org
        ReportedBy: marcus@jet.franken.de
The "Virtuelle Bahnfahrt" Screensaver of the German Rail company
has a heap corruption in its About Dialog.
To reproduce:
- download URL
- install by running "wine virtuelle_bahnfahrt.exe"
- run by:
  cd .wine/drive_c/windows
  wine Virtuelle\ Bahnfahrt.scr
this will result in heap corruption.
I tracked this down to dlls/gdi32/freetype.c, and it loads a bitmap font
which is larger than the requested size.
I will attach a patch that fixes the problem.
-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[Bug 11237] New: heap corruption in freetype font loader