kc3-lang/freetype

Browse

Commit b94381134efd41c6885d38e08d14106feec7284b

Werner Lemberg 2014-12-11T13:33:14

* src/type42/t42parse.c (t42_parse_sfnts): Check `string_size'. Problem reported by Dennis Felsing <dennis@felsin9.de>. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

diff --git a/ChangeLog b/ChangeLog
index 2119c95..12fab2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-12-11  Werner Lemberg  <wl@gnu.org>
+
+	* src/type42/t42parse.c (t42_parse_sfnts): Check `string_size'.
+
+	Problem reported by Dennis Felsing <dennis@felsin9.de>.
+
 2014-12-09  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
 
 	[gxvalid] Fix a naming convention conflicting with ftvalid.
diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c
index fd3d669..bdecba9 100644
--- a/src/type42/t42parse.c
+++ b/src/type42/t42parse.c
@@ -580,6 +580,12 @@
 
         /* don't include delimiters */
         string_size = (FT_Long)( ( parser->root.cursor - cur - 2 + 1 ) / 2 );
+        if ( !string_size )
+        {
+          FT_ERROR(( "t42_parse_sfnts: invalid data in sfnts array\n" ));
+          error = FT_THROW( Invalid_File_Format );
+          goto Fail;
+        }
         if ( FT_REALLOC( string_buf, old_string_size, string_size ) )
           goto Fail;
kmx.io     mail     discord kmxgit v0.4.0