kc3-lang/freetype

Browse

Commit 8edfcbed53f669279b5d7dccea72d0903b75ee9c

Werner Lemberg 2015-10-17T08:11:16

[psaux] Fix heap buffer overflow (#46221). * src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>: Fix limit check. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

diff --git a/ChangeLog b/ChangeLog
index 442b4f3..8e08126 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,11 @@
-2015-10-15  Werner Lemberg  <wl@gnu.org>
+2015-10-17  Werner Lemberg  <wl@gnu.org>
+
+	[psaux] Fix heap buffer overflow (#46221).
+
+	* src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>:
+	Fix limit check.
+
+2015-10-17  Werner Lemberg  <wl@gnu.org>
 
 	* src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220).
 
diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
index 2e19928..c2d080e 100644
--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@@ -512,7 +512,7 @@
         break;
 
       case 12:
-        if ( ip > limit )
+        if ( ip >= limit )
         {
           FT_ERROR(( "t1_decoder_parse_charstrings:"
                      " invalid escape (12+EOF)\n" ));
kmx.io     mail     discord kmxgit v0.4.0