From c252baedefcd280faacdb9afe4aadfc6b8f8dc28 Mon Sep 17 00:00:00 2001
From: yujingbo <yujingbo@kylinos.cn>
Date: Fri, 24 Oct 2025 09:42:28 +0800
Subject: [PATCH] fix CVE-2025-50949

(cherry picked from commit de75e3ab04cf5b0ef8908115bfe2923db5935f69)
---
 CVE-2025-50949.patch | 35 +++++++++++++++++++++++++++++++++++
 fontforge.spec       |  6 +++++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-50949.patch

diff --git a/CVE-2025-50949.patch b/CVE-2025-50949.patch
new file mode 100644
index 0000000..7bb914c
--- /dev/null
+++ b/CVE-2025-50949.patch
@@ -0,0 +1,35 @@
+From 701e4d7569d6bd777704ab3364d7d1c519d89a91 Mon Sep 17 00:00:00 2001
+From: zhailiangliang <zhailiangliang@loongson.cn>
+Date: Mon, 4 Nov 2024 08:56:07 +0000
+Subject: [PATCH] fix memleak in function DlgCreate8
+
+---
+ gdraw/gaskdlg.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/gdraw/gaskdlg.c b/gdraw/gaskdlg.c
+index aed52cf..89f16f4 100644
+--- a/gdraw/gaskdlg.c
++++ b/gdraw/gaskdlg.c
+@@ -449,13 +449,14 @@ static GWindow DlgCreate8(const char *title,const char *question,va_list ap,
+     extern GBox _GGadget_defaultbutton_box;
+ 
+     if ( d!=NULL )
+-	memset(d,0,sizeof(*d));
++        memset(d,0,sizeof(*d));
+     /*vsnprintf(buf,sizeof(buf)/sizeof(buf[0]),question,ap);*/
+     g_vasprintf( &buf, (const gchar *) question, ap );
+     if ( screen_display==NULL ) {
+-	fprintf(stderr, "%s\n", buf );
+-	if ( d!=NULL ) d->done = true;
+-return( NULL );
++        fprintf(stderr, "%s\n", buf);
++        if ( d!=NULL ) d->done = true;
++        free(buf);
++        return( NULL );
+     }
+     /*ubuf = utf82u_copy(buf);*/
+     ubuf = (unichar_t *) g_utf8_to_ucs4( (const gchar *) buf, -1, NULL, NULL, NULL);
+-- 
+2.33.0
+
diff --git a/fontforge.spec b/fontforge.spec
index 0d12404..168a47b 100644
--- a/fontforge.spec
+++ b/fontforge.spec
@@ -2,7 +2,7 @@
 
 Name:           fontforge
 Version:        20200314
-Release:        8
+Release:        9
 Summary:        Outline and bitmap font editor
 License:        GPLv3+
 URL:            http://fontforge.github.io/
@@ -12,6 +12,7 @@ Patch0001:      fontforge-20200314-Call-gdk_set_allowed_backends-before-gdk_init
 Patch0002:      fontforge-20200314-sphinx-make-changes-to-support-Sphinx-3.patch
 # https://github.com/fontforge/fontforge/commit/216eb14b558df344b206bf82e2bdaf03a1f2f429
 Patch0003:      CVE-2024-25081_CVE-2024-25082.patch
+Patch0004:      CVE-2025-50949.patch
 
 Requires:       xdg-utils potrace hicolor-icon-theme
 BuildRequires:  gcc-c++ cmake libjpeg-devel libtiff-devel libpng-devel giflib-devel libxml2-devel
@@ -113,6 +114,9 @@ popd
 %{_mandir}/man1/*.1*
 
 %changelog
+* Fri Oct 24 2025 yujingbo <yujingbo@kylinos.cn> - 20200314-9
+- Fix CVE-2025-50949
+
 * Tue Feb 27 2024 yaoxin <yao_xin001@hoperun.com> - 20200314-8
 - Fix CVE-2024-25081 and CVE-2024-25082
 
-- 
Gitee