[Libreoffice-commits] core.git: Branch 'libreoffice-7-0' - vcl/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Wed Sep 23 09:12:39 UTC 2020
vcl/source/font/fontcharmap.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 40136386078ae0aac76806719899eb489cde28db
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue Sep 22 16:43:01 2020 +0100
Commit: Michael Stahl <michael.stahl at cib.de>
CommitDate: Wed Sep 23 11:12:06 2020 +0200
ofz#25855 overflow in nTmpOffset
we already know nLength is >= 24 so just move the calc to the other term
Change-Id: Ic52f1686ccf81e6b13d7eb7e74dbd9cb51c8ea01
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/103186
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl at cib.de>
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index 027df3ce6df1..fcf0c2c64f52 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -151,7 +151,7 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
int nTmpOffset = GetUInt( p+4 );
- if (nTmpOffset + 2 > nLength || nTmpOffset < 0)
+ if (nTmpOffset > nLength - 2 || nTmpOffset < 0)
continue;
int nTmpFormat = GetUShort( pCmap + nTmpOffset );
More information about the Libreoffice-commits
mailing list