kc3-lang/freetype

Browse

Commit 0af21dcf13ce44b1624feb3186f0609599355288

Werner Lemberg 2015-10-17T09:29:52

* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

diff --git a/ChangeLog b/ChangeLog
index 425bdd3..0971afc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2015-10-17  Werner Lemberg  <wl@gnu.org>
 
+	* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.
+
+2015-10-17  Werner Lemberg  <wl@gnu.org>
+
 	* src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222).
 
 2015-10-17  Werner Lemberg  <wl@gnu.org>
diff --git a/src/cid/cidload.c b/src/cid/cidload.c
index c94b881..c579c14 100644
--- a/src/cid/cidload.c
+++ b/src/cid/cidload.c
@@ -401,6 +401,16 @@
         FT_ERROR(( "cid_parse_dict: No font dictionary found\n" ));
         return FT_THROW( Invalid_File_Format );
       }
+
+      /* allow at most 32bit offsets */
+      if ( face->cid.fd_bytes > 4 || face->cid.gd_bytes > 4 )
+      {
+        FT_ERROR(( "cid_parse_dict:"
+                   " Values of `FDBytes' or `GDBytes' larger than 4\n"
+                   "               "
+                   " are not supported\n" ));
+        return FT_THROW( Invalid_File_Format );
+      }
     }
 
     return parser->root.error;
kmx.io     mail     discord kmxgit v0.4.0