[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 8edfcbe: [psaux] Fix heap buffer overflow (#46221).
From: |
Werner LEMBERG |
Subject: |
[freetype2] master 8edfcbe: [psaux] Fix heap buffer overflow (#46221). |
Date: |
Sat, 17 Oct 2015 06:11:29 +0000 |
branch: master
commit 8edfcbed53f669279b5d7dccea72d0903b75ee9c
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[psaux] Fix heap buffer overflow (#46221).
* src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>:
Fix limit check.
---
ChangeLog | 9 ++++++++-
src/psaux/t1decode.c | 2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 442b4f3..8e08126 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,11 @@
-2015-10-15 Werner Lemberg <address@hidden>
+2015-10-17 Werner Lemberg <address@hidden>
+
+ [psaux] Fix heap buffer overflow (#46221).
+
+ * src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>:
+ Fix limit check.
+
+2015-10-17 Werner Lemberg <address@hidden>
* src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220).
diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
index 2e19928..c2d080e 100644
--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@@ -512,7 +512,7 @@
break;
case 12:
- if ( ip > limit )
+ if ( ip >= limit )
{
FT_ERROR(( "t1_decoder_parse_charstrings:"
" invalid escape (12+EOF)\n" ));
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 8edfcbe: [psaux] Fix heap buffer overflow (#46221).,
Werner LEMBERG <=