[poppler] fofi/FoFiType1.cc
Carlos Garcia Campos
carlosgc at kemper.freedesktop.org
Tue Oct 21 07:44:54 PDT 2014
fofi/FoFiType1.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit f966b8766d40b2c912e69a1e17ef8cc4bd52be95
Author: Carlos Garcia Campos <carlosgc at gnome.org>
Date: Tue Oct 21 16:42:27 2014 +0200
fofi: Fix a crash when parsing an invalid font due to a integer overflow
This fixes a crash rendering trust_metrics.f2495.f0.pdf.
diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
index 8fa10a0..2245184 100644
--- a/fofi/FoFiType1.cc
+++ b/fofi/FoFiType1.cc
@@ -263,7 +263,7 @@ void FoFiType1::parse() {
} else {
break;
}
- for (; *p >= '0' && *p < '0' + base; ++p) {
+ for (; *p >= '0' && *p < '0' + base && code < INT_MAX / (base + (*p - '0')); ++p) {
code = code * base + (*p - '0');
}
for (; *p == ' ' || *p == '\t'; ++p) ;
More information about the poppler
mailing list