Chiebot-Mirror
/
freetype
mirror of https://github.com/freetype/freetype.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[type1] Fix potential buffer overflow (#45923).

Browse Source 
* src/type1/t1parse.c (T1_Get_Private_Dict): Assure `cur' doesn't
point to end of file buffer.
2.6.5
Werner Lemberg 9 years ago
parent e40e8b33a1
commit e3058617f3
2 changed files with 16 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      ChangeLog
  2. 9
      src/type1/t1parse.c

7
ChangeLog
Unescape View File

@ -1,3 +1,10 @@
2015-09-13 Werner Lemberg <wl@gnu.org>
[type1] Fix potential buffer overflow (#45923).
* src/type1/t1parse.c (T1_Get_Private_Dict): Assure `cur' doesn't
point to end of file buffer.
2015-09-13 Werner Lemberg <wl@gnu.org>
[gzip] Fix access of small compressed files (#45937).

9
src/type1/t1parse.c
Unescape View File

@ -389,6 +389,15 @@
cur = limit;
limit = parser->base_dict + parser->base_len;
if ( cur >= limit )
{
FT_ERROR(( "T1_Get_Private_Dict:"
" premature end in private dictionary\n" ));
error = FT_THROW( Invalid_File_Format );
goto Exit;
}
goto Again;
/* now determine where to write the _encrypted_ binary private */

Write Preview
Loading…
Cancel
Save