minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity

* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.

This commit is contained in:
Werner Lemberg 2015-10-17 09:29:52 +02:00
parent 38a3dd5566
commit 0af21dcf13
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2015-10-17 Werner Lemberg <wl@gnu.org>
* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.
2015-10-17 Werner Lemberg <wl@gnu.org>
* src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222).

10
src/cid/cidload.c
View File

@ -401,6 +401,16 @@
FT_ERROR(( "cid_parse_dict: No font dictionary found\n" ));
return FT_THROW( Invalid_File_Format );
}
/* allow at most 32bit offsets */
if ( face->cid.fd_bytes > 4 || face->cid.gd_bytes > 4 )
{
FT_ERROR(( "cid_parse_dict:"
" Values of `FDBytes' or `GDBytes' larger than 4\n"
" "
" are not supported\n" ));
return FT_THROW( Invalid_File_Format );
}
}
return parser->root.error;