[Libreoffice-commits] core.git: Branch 'libreoffice-7-0' - vcl/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Wed Sep 16 12:03:35 UTC 2020
vcl/source/font/fontcharmap.cxx | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 33d63c77c12b949dca9121dd684978d12ae501c1
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Sep 15 16:36:17 2020 +0100
Commit: Xisco Fauli <xiscofauli at libreoffice.org>
CommitDate: Wed Sep 16 14:02:57 2020 +0200
ofz#25684 keep ParseCMAP within legal area
Change-Id: Iee18b5a9390b79efa67414ea2d229d2816c84e18
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102756
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli at libreoffice.org>
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index 7225f385ad56..9ba392935c60 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -150,6 +150,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
continue;
int nTmpOffset = GetUInt( p+4 );
+
+ if (nTmpOffset + 2 > nLength)
+ continue;
+
int nTmpFormat = GetUShort( pCmap + nTmpOffset );
if( nTmpFormat == 12 ) // 32bit code -> glyph map format
nValue += 3;
More information about the Libreoffice-commits
mailing list