[psaux] Fix potential buffer overflow (#45922). * src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is enclosed in balanced expressions, ensure that the cursor position doesn't get larger than the current limit.
diff --git a/ChangeLog b/ChangeLog
index 1241306..c185380 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2015-09-11 Werner Lemberg <wl@gnu.org>
+ [psaux] Fix potential buffer overflow (#45922).
+
+ * src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is
+ enclosed in balanced expressions, ensure that the cursor position
+ doesn't get larger than the current limit.
+
+2015-09-11 Werner Lemberg <wl@gnu.org>
+
[base] Avoid crash while tracing `load_mac_face'.
Reported in Savannah bug #45919.
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
index c7cbc67..54eabe2 100644
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -594,6 +594,9 @@
error = FT_THROW( Invalid_File_Format );
}
+ if ( cur > limit )
+ cur = limit;
+
parser->error = error;
parser->cursor = cur;
}