[Git][freetype/freetype][master] * src/cid/cidload.c (cid_face_open): Streamline CIDCount check.

[Alexei Podtelezhnikov (@apodtele)]

Alexei Podtelezhnikov pushed to branch master at FreeType / FreeType

Commits:

• 012b4f2d
  by Alexei Podtelezhnikov at 2021-10-08T22:14:12-04:00

  * src/cid/cidload.c (cid_face_open): Streamline CIDCount check.
  

1 changed file:

• src/cid/cidload.c

Changes:

src/cid/cidload.c

---

...	...	@@ -776,7 +776,6 @@
776	776	CID_FaceInfo cid = &face->cid;
777	777
778	778	FT_ULong binary_length;
779		- FT_ULong entry_len;
780	779
781	780
782	781	cid_init_loader( &loader, face );
...	...	@@ -853,7 +852,24 @@
853	852	}
854	853
855	854	binary_length = face->cid_stream->size - cid->data_offset;
856		- entry_len = cid->fd_bytes + cid->gd_bytes;
	855	+
	856	+ if ( cid->cidmap_offset > binary_length )
	857	+ {
	858	+ FT_ERROR(( "cid_face_open: Invalid `CIDMapOffset' value\n" ));
	859	+ error = FT_THROW( Invalid_File_Format );
	860	+ goto Exit;
	861	+ }
	862	+
	863	+ /* the initial pre-check prevents the multiplication overflow */
	864	+ if ( cid->cid_count > FT_ULONG_MAX / 8 ||
	865	+ cid->cid_count * ( cid->fd_bytes + cid->gd_bytes ) >
	866	+ binary_length - cid->cidmap_offset )
	867	+ {
	868	+ FT_ERROR(( "cid_face_open: Invalid `CIDCount' value\n" ));
	869	+ error = FT_THROW( Invalid_File_Format );
	870	+ goto Exit;
	871	+ }
	872	+
857	873
858	874	for ( n = 0; n < cid->num_dicts; n++ )
859	875	{
...	...	@@ -902,8 +918,8 @@
902	918	goto Exit;
903	919	}
904	920
905		- /* The first condition prevents the multiplication overflow */
906		- if ( dict->num_subrs > UINT_MAX / 4 ||
	921	+ /* the initial pre-check prevents the multiplication overflow */
	922	+ if ( dict->num_subrs > FT_UINT_MAX / 4 ||
907	923	dict->num_subrs * dict->sd_bytes >
908	924	binary_length - dict->subrmap_offset )
909	925	{
...	...	@@ -913,22 +929,6 @@
913	929	}
914	930	}
915	931
916		- if ( cid->cidmap_offset > binary_length )
917		- {
918		- FT_ERROR(( "cid_face_open: Invalid `CIDMapOffset' value\n" ));
919		- error = FT_THROW( Invalid_File_Format );
920		- goto Exit;
921		- }
922		-
923		- if ( entry_len &&
924		- cid->cid_count >
925		- ( binary_length - cid->cidmap_offset ) / entry_len )
926		- {
927		- FT_ERROR(( "cid_face_open: Invalid `CIDCount' value\n" ));
928		- error = FT_THROW( Invalid_File_Format );
929		- goto Exit;
930		- }
931		-
932	932	/* we can now safely proceed */
933	933	error = cid_read_subrs( face );
934	934

—
View it on GitLab.
You're receiving this email because of your account on gitlab.freedesktop.org. If you'd like to receive fewer emails, you can adjust your notification settings.