[poppler] fofi/FoFiType1.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Mon May 28 21:51:55 UTC 2018
fofi/FoFiType1.cc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
New commits:
commit b8cf8b04cbd1c0c5643cc77ed7b0b60525ecf080
Author: Albert Astals Cid <aacid at kde.org>
Date: Mon May 28 23:51:32 2018 +0200
FoFiType1::parse: Don't copy to buf more than the available file
fixes oss-fuzz/8576
diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
index b38c2b4c..2806d92f 100644
--- a/fofi/FoFiType1.cc
+++ b/fofi/FoFiType1.cc
@@ -340,8 +340,10 @@ void FoFiType1::parse() {
} else if (!gotMatrix &&
(line + 11 <= (char*)file + len) &&
!strncmp(line, "/FontMatrix", 11)) {
- strncpy(buf, line + 11, 255);
- buf[255] = '\0';
+ const auto availableFile = (char*)file + len - (line + 11);
+ const int bufLen = availableFile < 255 ? availableFile : 255;
+ strncpy(buf, line + 11, bufLen);
+ buf[bufLen] = '\0';
if ((p = strchr(buf, '['))) {
++p;
if ((p2 = strchr(p, ']'))) {
More information about the poppler
mailing list