[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master ba8a528 2/2: [cid] Better handle invalid glyph stream
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master ba8a528 2/2: [cid] Better handle invalid glyph stream offsets (#46221). |
|
Date: |
Mon, 19 Oct 2015 21:27:52 +0000 |
branch: master
commit ba8a528b1963a6803a4176db7a1dd545ff289bdb
Author: Bungeman <address@hidden>
Commit: Werner Lemberg <address@hidden>
[cid] Better handle invalid glyph stream offsets (#46221).
* src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph
length.
---
ChangeLog | 7 +++++++
src/cid/cidgload.c | 6 ++++++
2 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 0073d65..19c2a8d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-10-18 Bungeman <address@hidden>
+
+ [cid] Better handle invalid glyph stream offsets (#46221).
+
+ * src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph
+ length.
+
2015-10-18 Werner Lemberg <address@hidden>
[psaux] Fix tracing of negative numbers.
diff --git a/src/cid/cidgload.c b/src/cid/cidgload.c
index 1fbf23d..d402f8e 100644
--- a/src/cid/cidgload.c
+++ b/src/cid/cidgload.c
@@ -157,6 +157,12 @@
/* Adjustment for seed bytes. */
cs_offset = decoder->lenIV >= 0 ? (FT_UInt)decoder->lenIV : 0;
+ if ( cs_offset > glyph_length )
+ {
+ FT_TRACE0(( "cid_load_glyph: invalid glyph stream offsets\n" ));
+ error = FT_THROW( Invalid_Offset );
+ goto Exit;
+ }
/* Decrypt only if lenIV >= 0. */
if ( decoder->lenIV >= 0 )
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master ba8a528 2/2: [cid] Better handle invalid glyph stream offsets (#46221).,
Werner LEMBERG <=