[poppler] fofi/FoFiType1C.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sat Sep 22 21:04:35 UTC 2018
fofi/FoFiType1C.cc | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
New commits:
commit 8a675c046cd5689356d51ac2268b90a205fa24ed
Author: Adam Reichold <adam.reichold at t-online.de>
Date: Sat Sep 22 13:39:05 2018 +0200
Check that Type1C font dict offset and length do not overflow integer positions. oss-fuzz/8633
diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
index ebf68a44..6e42bb25 100644
--- a/fofi/FoFiType1C.cc
+++ b/fofi/FoFiType1C.cc
@@ -2188,7 +2188,7 @@ void FoFiType1C::readTopDict() {
// pointer, and reads the private dict. It also pulls the FontMatrix
// (if any) out of the FD.
void FoFiType1C::readFD(int offset, int length, Type1CPrivateDict *pDict) {
- int pos, pSize, pOffset;
+ int pSize, pOffset;
double fontMatrix[6] = {0};
GBool hasFontMatrix;
@@ -2196,9 +2196,15 @@ void FoFiType1C::readFD(int offset, int length, Type1CPrivateDict *pDict) {
fontMatrix[0] = fontMatrix[1] = fontMatrix[2] = 0; // make gcc happy
fontMatrix[3] = fontMatrix[4] = fontMatrix[5] = 0;
pSize = pOffset = 0;
- pos = offset;
+
+ int posEnd;
+ if (checkedAdd(offset, length, &posEnd)) {
+ return;
+ }
+
+ int pos = offset;
nOps = 0;
- while (pos < offset + length) {
+ while (pos < posEnd) {
pos = getOp(pos, gFalse, &parsedOk);
if (!parsedOk) {
return;
@@ -2238,8 +2244,6 @@ void FoFiType1C::readFD(int offset, int length, Type1CPrivateDict *pDict) {
void FoFiType1C::readPrivateDict(int offset, int length,
Type1CPrivateDict *pDict) {
- int pos;
-
pDict->hasFontMatrix = gFalse;
pDict->nBlueValues = 0;
pDict->nOtherBlues = 0;
@@ -2268,9 +2272,14 @@ void FoFiType1C::readPrivateDict(int offset, int length,
return;
}
- pos = offset;
+ int posEnd;
+ if (checkedAdd(offset, length, &posEnd)) {
+ return;
+ }
+
+ int pos = offset;
nOps = 0;
- while (pos < offset + length) {
+ while (pos < posEnd) {
pos = getOp(pos, gFalse, &parsedOk);
if (!parsedOk) {
break;
More information about the poppler
mailing list