[poppler] poppler/fofi: FoFiTrueType.cc,1.1.1.1,1.1.1.1.2.1
Kristian Høgsberg
krh at freedesktop.org
Mon Dec 12 14:43:29 PST 2005
Update of /cvs/poppler/poppler/fofi
In directory gabe:/tmp/cvs-serv26067/fofi
Modified Files:
Tag: POPPLER_0_4_X
FoFiTrueType.cc
Log Message:
2005-12-12 Kristian Høgsberg <krh at redhat.com>
* poppler/TextOutputDev.cc:
* qt/poppler-qt.h: GCC-4.1 fixes (#5031).
* qt/Makefile.am (noinst_PROGRAMS): Only build qt test program if
splash is enabled.
* poppler/CairoOutputDev.cc: Remove unused grid snapping code,
sidestepping #4507.
* glib/poppler-document.h: Fix glib-mkenums warning (#4600).
* poppler/Makefile.am (libpoppler_la_LIBADD): Add $(FREETYPE_LIBS)
(#4514).
* poppler/TextOutputDev.cc (TextWord::visitSelection,
TextWord::visitSelection): Fix selection crash (#4402).
* poppler/CairoOutputDev.h: Fix wrong cairo-ft.h include (#4413).
* poppler/JPXStream.cc:
* poppler/Stream.cc:
* poppler/Stream.h: CVE-2005-3191 security fix.
* fofi/FoFiTrueType.cc:
* poppler/SplashOutputDev.cc: CAN-2005-2097 security fix.
Index: FoFiTrueType.cc
===================================================================
RCS file: /cvs/poppler/poppler/fofi/FoFiTrueType.cc,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.2.1
diff -u -d -r1.1.1.1 -r1.1.1.1.2.1
--- FoFiTrueType.cc 3 Mar 2005 19:45:58 -0000 1.1.1.1
+++ FoFiTrueType.cc 12 Dec 2005 22:43:27 -0000 1.1.1.1.2.1
@@ -1343,6 +1343,27 @@
return;
}
+ // make sure the loca table is sane (correct length and entries are
+ // in bounds)
+ i = seekTable("loca");
+ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
+ parsedOk = gFalse;
+ return;
+ }
+ for (j = 0; j <= nGlyphs; ++j) {
+ if (locaFmt) {
+ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
+ } else {
+ pos = getU16BE(tables[i].offset + j*2, &parsedOk);
+ }
+ if (pos < 0 || pos > len) {
+ parsedOk = gFalse;
+ }
+ }
+ if (!parsedOk) {
+ return;
+ }
+
// read the post table
readPostTable();
if (!parsedOk) {
More information about the poppler
mailing list