From 6a4718a3a0584c976b10d4e3a2cc58dc5f4a8242 Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Tue, 5 Mar 2019 17:25:19 +0800 Subject: [PATCH] Fix use of uninitialized memory. * src/psaux/psintrp.c (cf2_interpT2CharString): The call to `cf2_arrstack_setCount' may fail because the allocator ran out of memory. When this happens the stack is still written to before the error condition is checked. This means that FreeType writes outside of allocated memory. This commit moves the error check prior to the stack assignment, hence the function now properly returns with an error condition. --- ChangeLog | 12 ++++++++++++ src/psaux/psintrp.c | 6 +++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 614b65ea1..2cb180dc8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2019-03-05 Sebastian Rasmussen + + [psaux] Fix use of uninitialized memory. + + * src/psaux/psintrp.c (cf2_interpT2CharString): The call to + `cf2_arrstack_setCount' may fail because the allocator ran out of + memory. When this happens the stack is still written to before the + error condition is checked. This means that FreeType writes outside + of allocated memory. This commit moves the error check prior to the + stack assignment, hence the function now properly returns with an + error condition. + 2019-02-23 Werner Lemberg * src/base/ftbitmap.c (FT_Bitmap_Blend): No fractional offsets. diff --git a/src/psaux/psintrp.c b/src/psaux/psintrp.c index ed5ced131..e2f3accdd 100644 --- a/src/psaux/psintrp.c +++ b/src/psaux/psintrp.c @@ -612,14 +612,14 @@ cf2_arrstack_setCount( &subrStack, CF2_MAX_SUBR + 1 ); charstring = (CF2_Buffer)cf2_arrstack_getBuffer( &subrStack ); - *charstring = *buf; /* structure copy */ - - charstringIndex = 0; /* entry is valid now */ /* catch errors so far */ if ( *error ) goto exit; + *charstring = *buf; /* structure copy */ + charstringIndex = 0; /* entry is valid now */ + /* main interpreter loop */ while ( 1 ) {