[Libreoffice-commits] core.git: vcl/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Tue Sep 15 18:07:42 UTC 2020
vcl/source/font/fontcharmap.cxx | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit a014c82522834c972e247a28d8e5f42998ae3c0e
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Sep 15 16:36:17 2020 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue Sep 15 20:06:56 2020 +0200
ofz#25684 keep ParseCMAP within legal area
Change-Id: Iee18b5a9390b79efa67414ea2d229d2816c84e18
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102776
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index 05a800fe1af7..a8a217ac9a5f 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -151,6 +151,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
continue;
int nTmpOffset = GetUInt( p+4 );
+
+ if (nTmpOffset + 2 > nLength)
+ continue;
+
int nTmpFormat = GetUShort( pCmap + nTmpOffset );
if( nTmpFormat == 12 ) // 32bit code -> glyph map format
nValue += 3;
More information about the Libreoffice-commits
mailing list