From 0af21dcf13ce44b1624feb3186f0609599355288 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Sat, 17 Oct 2015 09:29:52 +0200 Subject: [PATCH] * src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size. --- ChangeLog | 4 ++++ src/cid/cidload.c | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/ChangeLog b/ChangeLog index 425bdd30e..0971afcb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2015-10-17 Werner Lemberg + + * src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size. + 2015-10-17 Werner Lemberg * src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222). diff --git a/src/cid/cidload.c b/src/cid/cidload.c index c94b881ea..c579c1466 100644 --- a/src/cid/cidload.c +++ b/src/cid/cidload.c @@ -401,6 +401,16 @@ FT_ERROR(( "cid_parse_dict: No font dictionary found\n" )); return FT_THROW( Invalid_File_Format ); } + + /* allow at most 32bit offsets */ + if ( face->cid.fd_bytes > 4 || face->cid.gd_bytes > 4 ) + { + FT_ERROR(( "cid_parse_dict:" + " Values of `FDBytes' or `GDBytes' larger than 4\n" + " " + " are not supported\n" )); + return FT_THROW( Invalid_File_Format ); + } } return parser->root.error;