ReceiveTempSMS
/
Al-Qurtas-Islamic-bank-The-Best-Bank-in-Iraq
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix Savannah bug #43547. 

* src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset'
values.
This commit is contained in:
Werner Lemberg 2014-11-06 22:32:46 +01:00
parent f49a100a6c
commit 0e2f5d518c
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2014-11-06 Werner Lemberg <wl@gnu.org>
Fix Savannah bug #43547.
* src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset'
values.
2014-11-06 Werner Lemberg <wl@gnu.org> 2014-11-06 Werner Lemberg <wl@gnu.org>
* src/pcf/pcfread.c (pcf_read_TOC): Avoid memory leak. * src/pcf/pcfread.c (pcf_read_TOC): Avoid memory leak.

15
src/pcf/pcfread.c
View File

@ -154,6 +154,21 @@ THE SOFTWARE.
break; break;
} }
/* we now check whether the `size' and `offset' values are reasonable: */
/* `offset' + `size' must not exceed the stream size */
tables = face->toc.tables;
for ( n = 0; n < toc->count; n++ )
{
/* we need two checks to avoid overflow */
if ( ( tables->size > stream->size ) ||
( tables->offset > stream->size - tables->size ) )
{
error = FT_THROW( Invalid_Table );
goto Exit;
}
tables++;
}
#ifdef FT_DEBUG_LEVEL_TRACE #ifdef FT_DEBUG_LEVEL_TRACE
{ {