[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master e294a95 2/2: * src/cid/cidload.c (parse_fd_array): Pr
|
From: |
Werner Lemberg |
|
Subject: |
[freetype2] master e294a95 2/2: * src/cid/cidload.c (parse_fd_array): Protect against trancation. |
|
Date: |
Mon, 11 Oct 2021 23:26:52 -0400 (EDT) |
branch: master
commit e294a95ca85f4d1aa2cd1a6e00e572acd7f03871
Author: Alexei Podtelezhnikov <apodtele@gmail.com>
Commit: Alexei Podtelezhnikov <apodtele@gmail.com>
* src/cid/cidload.c (parse_fd_array): Protect against trancation.
---
src/cid/cidload.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/cid/cidload.c b/src/cid/cidload.c
index 2f38485..a1ac883 100644
--- a/src/cid/cidload.c
+++ b/src/cid/cidload.c
@@ -244,12 +244,17 @@
FT_Memory memory = face->root.memory;
FT_Stream stream = parser->stream;
FT_Error error = FT_Err_Ok;
- FT_UInt num_dicts, max_dicts;
+ FT_Long num_dicts, max_dicts;
- num_dicts = (FT_UInt)cid_parser_to_int( parser );
+ num_dicts = cid_parser_to_int( parser );
+ if ( num_dicts < 0 || num_dicts > FT_INT_MAX )
+ {
+ FT_ERROR(( "parse_fd_array: invalid number of dictionaries\n" ));
+ goto Exit;
+ }
- FT_TRACE4(( " %u\n", num_dicts ));
+ FT_TRACE4(( " %ld\n", num_dicts ));
/*
* A single entry in the FDArray must (at least) contain the following
@@ -267,11 +272,11 @@
* need a `dup X' at the very beginning and a `put' at the end, so a
* rough guess using 100 bytes as the minimum is justified.
*/
- max_dicts = (FT_UInt)( stream->size / 100 );
+ max_dicts = (FT_Long)( stream->size / 100 );
if ( num_dicts > max_dicts )
{
FT_TRACE0(( "parse_fd_array: adjusting FDArray size"
- " (from %u to %u)\n",
+ " (from %ld to %ld)\n",
num_dicts, max_dicts ));
num_dicts = max_dicts;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master e294a95 2/2: * src/cid/cidload.c (parse_fd_array): Protect against trancation.,
Werner Lemberg <=