Chiebot-Mirror
/
freetype
mirror of https://github.com/freetype/freetype.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[sfnt] Fix Savannah bug #43589.

Browse Source 
* src/sfnt/sfobjs.c (woff_open_font): Protect against addition
overflow.
2.6.5
Werner Lemberg 10 years ago
parent 602040b111
commit f46add1389
2 changed files with 11 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      ChangeLog
  2. 6
      src/sfnt/sfobjs.c

7
ChangeLog
Unescape View File

@ -1,3 +1,10 @@
2014-11-12 Werner Lemberg <wl@gnu.org>
[sfnt] Fix Savannah bug #43589.
* src/sfnt/sfobjs.c (woff_open_font): Protect against addition
overflow.
2014-11-12 Werner Lemberg <wl@gnu.org>
[sfnt] Fix Savannah bug #43588.

6
src/sfnt/sfobjs.c
Unescape View File

@ -567,8 +567,10 @@
if ( table->Offset != woff_offset ||
table->Offset + table->CompLength > woff.length ||
sfnt_offset + table->OrigLength > woff.totalSfntSize ||
table->CompLength > woff.length ||
table->Offset > woff.length - table->CompLength ||
table->OrigLength > woff.totalSfntSize ||
sfnt_offset > woff.totalSfntSize - table->OrigLength ||
table->CompLength > table->OrigLength )
{
error = FT_THROW( Invalid_Table );

Write Preview
Loading…
Cancel
Save