minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity

[base] Reject invalid sfnt Mac resource (#47891). 

* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Check validity
of `CID ' and `TYPE1' table offset and length.
This commit is contained in:
Werner Lemberg 2016-05-16 20:16:35 +02:00
parent 09f0e0fcbe
commit bebac3cf5b
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -1,3 +1,10 @@
2016-05-16 Werner Lemberg <wl@gnu.org>
[base] Reject invalid sfnt Mac resource (#47891).
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Check validity
of `CID ' and `TYPE1' table offset and length.
2016-05-16 Werner Lemberg <wl@gnu.org>
[cid] Fix scanning for `StartData' and `/sfnts' (#47892).

17
src/base/ftobjs.c
View File

@ -1483,6 +1483,7 @@
if ( face_index >= 0 && pstable_index == face_index )
return FT_Err_Ok;
}
return FT_THROW( Table_Missing );
}
@ -1520,6 +1521,19 @@
if ( error )
goto Exit;
if ( offset > stream->size )
{
FT_TRACE2(( "open_face_PS_from_sfnt_stream: invalid table offset\n" ));
error = FT_THROW( Invalid_Table );
goto Exit;
}
else if ( length > stream->size - offset )
{
FT_TRACE2(( "open_face_PS_from_sfnt_stream: invalid table length\n" ));
error = FT_THROW( Invalid_Table );
goto Exit;
}
error = FT_Stream_Seek( stream, pos + offset );
if ( error )
goto Exit;
@ -1528,7 +1542,8 @@
goto Exit;
error = FT_Stream_Read( stream, (FT_Byte *)sfnt_ps, length );
if ( error ) {
if ( error )
{
FT_FREE( sfnt_ps );
goto Exit;
}