[psaux] Fix heap buffer overflow (#46221).

* src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>: Fix limit check.
9 years ago · 8edfcbed53
parent a5ecfb4ce6
commit 8edfcbed53
2 changed files with 9 additions and 2 deletions
--- a/9
+++ b/9
@ -1,4 +1,11 @@
-2015-10-15  Werner Lemberg  <wl@gnu.org>
+2015-10-17  Werner Lemberg  <wl@gnu.org>
+
+	[psaux] Fix heap buffer overflow (#46221).
+
+	* src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>:
+	Fix limit check.
+
+2015-10-17  Werner Lemberg  <wl@gnu.org>

 	* src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220).

--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@ -512,7 +512,7 @@
        break;

      case 12:
-        if ( ip > limit )
+        if ( ip >= limit )
        {
          FT_ERROR(( "t1_decoder_parse_charstrings:"
                     " invalid escape (12+EOF)\n" ));