[cid] Better handle invalid glyph stream offsets (#46221).

* src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph
length.
This commit is contained in:
Bungeman 2015-10-19 23:27:06 +02:00 committed by Werner Lemberg
parent 2961b66c70
commit ba8a528b19
2 changed files with 13 additions and 0 deletions

View File

@ -1,3 +1,10 @@
2015-10-18 Bungeman <bungeman@gmail.com>
[cid] Better handle invalid glyph stream offsets (#46221).
* src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph
length.
2015-10-18 Werner Lemberg <wl@gnu.org>
[psaux] Fix tracing of negative numbers.

View File

@ -157,6 +157,12 @@
/* Adjustment for seed bytes. */
cs_offset = decoder->lenIV >= 0 ? (FT_UInt)decoder->lenIV : 0;
if ( cs_offset > glyph_length )
{
FT_TRACE0(( "cid_load_glyph: invalid glyph stream offsets\n" ));
error = FT_THROW( Invalid_Offset );
goto Exit;
}
/* Decrypt only if lenIV >= 0. */
if ( decoder->lenIV >= 0 )