[lzw] Avoid buffer overrun.

Reported as

  https://bugzilla.mozilla.org/show_bug.cgi?id=1273283

* src/lzw/ftzopen.c (ft_lzwstate_refill): Ensure `buf_size' doesn't
underflow.
This commit is contained in:
Werner Lemberg 2016-08-16 08:07:58 +02:00
parent cf4224adb9
commit 8d7b9198e3
2 changed files with 17 additions and 1 deletions

View File

@ -1,3 +1,14 @@
2016-08-16 Werner Lemberg <wl@gnu.org>
[lzw] Avoid buffer overrun.
Reported as
https://bugzilla.mozilla.org/show_bug.cgi?id=1273283
* src/lzw/ftzopen.c (ft_lzwstate_refill): Ensure `buf_size' doesn't
underflow.
2016-08-16 Werner Lemberg <wl@gnu.org>
[truetype] Fix compiler warning.

View File

@ -42,7 +42,12 @@
state->buf_total += count;
state->in_eof = FT_BOOL( count < state->num_bits );
state->buf_offset = 0;
state->buf_size = ( state->buf_size << 3 ) - ( state->num_bits - 1 );
state->buf_size <<= 3;
if ( state->buf_size > state->num_bits )
state->buf_size -= state->num_bits - 1;
else
return -1; /* not enough data */
if ( count == 0 ) /* end of file */
return -1;