[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master db5a4a9: [psaux] Fix potential buffer overflow (#4592
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master db5a4a9: [psaux] Fix potential buffer overflow (#45922). |
|
Date: |
Sat, 12 Sep 2015 06:33:10 +0000 |
branch: master
commit db5a4a9ae7b0048f033361744421da8569642f73
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[psaux] Fix potential buffer overflow (#45922).
* src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is
enclosed in balanced expressions, ensure that the cursor position
doesn't get larger than the current limit.
---
ChangeLog | 8 ++++++++
src/psaux/psobjs.c | 3 +++
2 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 1241306..c185380 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2015-09-11 Werner Lemberg <address@hidden>
+ [psaux] Fix potential buffer overflow (#45922).
+
+ * src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is
+ enclosed in balanced expressions, ensure that the cursor position
+ doesn't get larger than the current limit.
+
+2015-09-11 Werner Lemberg <address@hidden>
+
[base] Avoid crash while tracing `load_mac_face'.
Reported in Savannah bug #45919.
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
index c7cbc67..54eabe2 100644
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -594,6 +594,9 @@
error = FT_THROW( Invalid_File_Format );
}
+ if ( cur > limit )
+ cur = limit;
+
parser->error = error;
parser->cursor = cur;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master db5a4a9: [psaux] Fix potential buffer overflow (#45922).,
Werner LEMBERG <=