From ba8a528b1963a6803a4176db7a1dd545ff289bdb Mon Sep 17 00:00:00 2001 From: Bungeman Date: Mon, 19 Oct 2015 23:27:06 +0200 Subject: [PATCH] [cid] Better handle invalid glyph stream offsets (#46221). * src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph length. --- ChangeLog | 7 +++++++ src/cid/cidgload.c | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0073d6560..19c2a8d64 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2015-10-18 Bungeman + + [cid] Better handle invalid glyph stream offsets (#46221). + + * src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph + length. + 2015-10-18 Werner Lemberg [psaux] Fix tracing of negative numbers. diff --git a/src/cid/cidgload.c b/src/cid/cidgload.c index 1fbf23dcd..d402f8e16 100644 --- a/src/cid/cidgload.c +++ b/src/cid/cidgload.c @@ -157,6 +157,12 @@ /* Adjustment for seed bytes. */ cs_offset = decoder->lenIV >= 0 ? (FT_UInt)decoder->lenIV : 0; + if ( cs_offset > glyph_length ) + { + FT_TRACE0(( "cid_load_glyph: invalid glyph stream offsets\n" )); + error = FT_THROW( Invalid_Offset ); + goto Exit; + } /* Decrypt only if lenIV >= 0. */ if ( decoder->lenIV >= 0 )