File CVE-2019-13283.patch of Package poppler-qt.27866

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-13283.patch of Package poppler-qt.27866

From c758fc980834882528eeae82568494e46d189cc5 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Thu, 24 May 2018 23:19:16 +0200
Subject: [PATCH] FoFiType1::parse: Fix invalid memory access

Make sure there's enough line left before calling strncmp

fixes oss-fuzz/8425
---
 fofi/FoFiType1.cc | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
index dbe95b67..ae9dfc4d 100644
--- a/fofi/FoFiType1.cc
+++ b/fofi/FoFiType1.cc
@@ -226,7 +226,9 @@ void FoFiType1::parse() {
        ++i) {
 
     // get font name
-    if (!name && !strncmp(line, "/FontName", 9)) {
+    if (!name &&
+	(line + 9 <= (char*)file + len) &&
+	!strncmp(line, "/FontName", 9)) {
       strncpy(buf, line, 255);
       buf[255] = '\0';
       if ((p = strchr(buf+9, '/')) &&
@@ -237,9 +239,11 @@ void FoFiType1::parse() {
 
     // get encoding
     } else if (!encoding &&
+	       (line + 30 <= (char*)file + len) &&
 	       !strncmp(line, "/Encoding StandardEncoding def", 30)) {
       encoding = (char **)fofiType1StandardEncoding;
     } else if (!encoding &&
+	       (line + 19 <= (char*)file + len) &&
 	       !strncmp(line, "/Encoding 256 array", 19)) {
       encoding = (char **)gmallocn(256, sizeof(char *));
       for (j = 0; j < 256; ++j) {
@@ -331,7 +335,9 @@ void FoFiType1::parse() {
       }
       //~ check for getinterval/putinterval junk
 
-    } else if (!gotMatrix && !strncmp(line, "/FontMatrix", 11)) {
+    } else if (!gotMatrix &&
+	       (line + 11 <= (char*)file + len) &&
+	       !strncmp(line, "/FontMatrix", 11)) {
       strncpy(buf, line + 11, 255);
       buf[255] = '\0';
       if ((p = strchr(buf, '['))) {
-- 
2.21.0

Places

File CVE-2019-13283.patch of Package poppler-qt.27866

Places