kc3-lang/freetype

Browse

Commit 01b508f2470a482308187a26b2a9af6bddce87e7

Werner Lemberg 2012-07-18T10:38:54

Fix Savannah bug #36832. * src/type1/t1load.c (parse_charstrings): Reject negative number of glyphs. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

diff --git a/ChangeLog b/ChangeLog
index 6b09d2e..19ccf31 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-07-16  Werner Lemberg  <wl@gnu.org>
+
+	Fix Savannah bug #36832.
+
+	* src/type1/t1load.c (parse_charstrings): Reject negative number of
+	glyphs.
+
 2012-07-13  Werner Lemberg  <wl@gnu.org>
 
 	Fix Savannah bug #36829.
diff --git a/src/type1/t1load.c b/src/type1/t1load.c
index c830f1b..608496a 100644
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@@ -1514,6 +1514,12 @@
 
 
     num_glyphs = (FT_Int)T1_ToInt( parser );
+    if ( num_glyphs < 0 )
+    {
+      error = T1_Err_Invalid_File_Format;
+      goto Fail;
+    }
+
     /* some fonts like Optima-Oblique not only define the /CharStrings */
     /* array but access it also                                        */
     if ( num_glyphs == 0 || parser->root.error )
kmx.io     mail     discord kmxgit v0.4.0