[freetype2] master 3df92aa: [winfonts] Check alignment shift count for r

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master 3df92aa: [winfonts] Check alignment shift count for r

From:	Werner LEMBERG
Subject:	[freetype2] master 3df92aa: [winfonts] Check alignment shift count for resource data (#45938).
Date:	Sun, 13 Sep 2015 07:22:20 +0000

branch: master
commit 3df92aa04cf7c537ac9b3f64a8e03168db10c60a
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [winfonts] Check alignment shift count for resource data (#45938).
    
    * src/winfonts/winfnt.c (fnt_face_get_dll_font): Implement it.
---
 ChangeLog             |    6 ++++++
 src/winfonts/winfnt.c |   15 +++++++++++++++
 2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 47cfcf3..14e3ae1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2015-09-13  Werner Lemberg  <address@hidden>
 
+       [winfonts] Check alignment shift count for resource data (#45938).
+
+       * src/winfonts/winfnt.c (fnt_face_get_dll_font): Implement it.
+
+2015-09-13  Werner Lemberg  <address@hidden>
+
        [type1] Fix potential buffer overflow (#45923).
 
        * src/type1/t1parse.c (T1_Get_Private_Dict): Assure `cur' doesn't
diff --git a/src/winfonts/winfnt.c b/src/winfonts/winfnt.c
index 36e3eb0..4bfa55a 100644
--- a/src/winfonts/winfnt.c
+++ b/src/winfonts/winfnt.c
@@ -320,6 +320,21 @@
 
         size_shift = FT_GET_USHORT_LE();
 
+        /* Microsoft's specification of the executable-file header format */
+        /* for `New Executable' (NE) doesn't give a limit for the         */
+        /* alignment shift count; however, in 1985, the year of the       */
+        /* specification release, only 32bit values were supported, thus  */
+        /* anything larger than 16 doesn't make sense in general, given   */
+        /* that file offsets are 16bit values, shifted by the alignment   */
+        /* shift count                                                    */
+        if ( size_shift > 16 )
+        {
+          FT_TRACE2(( "invalid alignment shift count for resource data\n" ));
+          error = FT_THROW( Invalid_File_Format );
+          goto Exit;
+        }
+
+
         for (;;)
         {
           FT_UShort  type_id, count;

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master 3df92aa: [winfonts] Check alignment shift count for resource data (#45938)., Werner LEMBERG <=

Prev by Date: [freetype2] master e305861: [type1] Fix potential buffer overflow (#45923).
Next by Date: [freetype2-demos] master 64e9494: * Makefile (FT_H): Updated to recent directory changes (#45954).
Previous by thread: [freetype2] master e305861: [type1] Fix potential buffer overflow (#45923).
Next by thread: [freetype2-demos] master 64e9494: * Makefile (FT_H): Updated to recent directory changes (#45954).
Index(es):
- Date
- Thread