Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
ft2demos
bnc485889-overflow1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bnc485889-overflow1.patch of Package ft2demos
From 0545ec1ca36b27cb928128870a83e5f668980bc5 Mon Sep 17 00:00:00 2001 From: Werner Lemberg <wl@gnu.org> Date: Fri, 20 Mar 2009 05:49:10 +0000 Subject: Protect against invalid SID values in CFFs. Problem reported by Tavis Ormandy <taviso@google.com>. * src/cff/cffload.c (cff_charset_load): Reject SID values larger than 64999. --- diff --git a/src/cff/cffload.c b/src/cff/cffload.c index 22163fb..24b899d 100644 --- a/src/cff/cffload.c +++ b/src/cff/cffload.c @@ -842,7 +842,20 @@ goto Exit; for ( j = 1; j < num_glyphs; j++ ) - charset->sids[j] = FT_GET_USHORT(); + { + FT_UShort sid = FT_GET_USHORT(); + + + /* this constant is given in the CFF specification */ + if ( sid < 65000 ) + charset->sids[j] = sid; + else + { + FT_ERROR(( "cff_charset_load:" + " invalid SID value %d set to zero\n", sid )); + charset->sids[j] = 0; + } + } FT_FRAME_EXIT(); } @@ -875,6 +888,20 @@ goto Exit; } + /* check whether the range contains at least one valid glyph; */ + /* the constant is given in the CFF specification */ + if ( glyph_sid >= 65000 ) { + FT_ERROR(( "cff_charset_load: invalid SID range\n" )); + error = CFF_Err_Invalid_File_Format; + goto Exit; + } + + /* try to rescue some of the SIDs if `nleft' is too large */ + if ( nleft > 65000 - 1 || glyph_sid >= 65000 - nleft ) { + FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" )); + nleft = 65000 - 1 - glyph_sid; + } + /* Fill in the range of sids -- `nleft + 1' glyphs. */ for ( i = 0; j < num_glyphs && i <= nleft; i++, j++, glyph_sid++ ) charset->sids[j] = glyph_sid; -- cgit v0.8.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor