ReceiveTempSMS
/
Al-Qurtas-Islamic-bank-The-Best-Bank-in-Iraq
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[type42] Fix heap buffer overflow (#46269). 

* src/type42/t42parse.c (t42_parse_sfnts): Fix off-by-one error in
bounds checking.
This commit is contained in:
Werner Lemberg 2015-10-21 20:29:12 +02:00
parent 3cfd51233c
commit 87fefc594e
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2015-10-21 Werner Lemberg <wl@gnu.org>
[type42] Fix heap buffer overflow (#46269).
* src/type42/t42parse.c (t42_parse_sfnts): Fix off-by-one error in
bounds checking.
2015-10-21 Dave Arnold <darnold@adobe.com>
[cff] Fix limit in assert for max hints.

2
src/type42/t42parse.c
View File

@ -640,7 +640,7 @@
string_buf = parser->root.cursor + 1; /* one space after `RD' */
if ( (FT_ULong)( limit - parser->root.cursor ) < string_size )
if ( (FT_ULong)( limit - parser->root.cursor ) <= string_size )
{
FT_ERROR(( "t42_parse_sfnts: too much binary data\n" ));
error = FT_THROW( Invalid_File_Format );