[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 8d7b919 2/2: [lzw] Avoid buffer overrun.
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master 8d7b919 2/2: [lzw] Avoid buffer overrun. |
|
Date: |
Tue, 16 Aug 2016 06:08:43 +0000 (UTC) |
branch: master
commit 8d7b9198e3830bb1ae37ac3b3f44c60582c86f81
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[lzw] Avoid buffer overrun.
Reported as
https://bugzilla.mozilla.org/show_bug.cgi?id=1273283
* src/lzw/ftzopen.c (ft_lzwstate_refill): Ensure `buf_size' doesn't
underflow.
---
ChangeLog | 11 +++++++++++
src/lzw/ftzopen.c | 7 ++++++-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 3cf0002..da002ab 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2016-08-16 Werner Lemberg <address@hidden>
+ [lzw] Avoid buffer overrun.
+
+ Reported as
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1273283
+
+ * src/lzw/ftzopen.c (ft_lzwstate_refill): Ensure `buf_size' doesn't
+ underflow.
+
+2016-08-16 Werner Lemberg <address@hidden>
+
[truetype] Fix compiler warning.
* src/truetype/ttgload.c (load_truetype_glyph): Add cast.
diff --git a/src/lzw/ftzopen.c b/src/lzw/ftzopen.c
index e17b3c5..32839cc 100644
--- a/src/lzw/ftzopen.c
+++ b/src/lzw/ftzopen.c
@@ -42,7 +42,12 @@
state->buf_total += count;
state->in_eof = FT_BOOL( count < state->num_bits );
state->buf_offset = 0;
- state->buf_size = ( state->buf_size << 3 ) - ( state->num_bits - 1 );
+
+ state->buf_size <<= 3;
+ if ( state->buf_size > state->num_bits )
+ state->buf_size -= state->num_bits - 1;
+ else
+ return -1; /* not enough data */
if ( count == 0 ) /* end of file */
return -1;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 8d7b919 2/2: [lzw] Avoid buffer overrun.,
Werner LEMBERG <=