[poppler] 2 commits - fofi/FoFiType1C.cc

[GitLab Mirror]

 fofi/FoFiType1C.cc |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

New commits:
commit 6c9f9a491a221fb1fccfe758bc92308ff1a692d1
Author: Albert Astals Cid <aacid at kde.org>
Date:   Tue Jan 5 13:10:30 2021 +0100

    FoFiType1C::cvtGlyph: Fix uninitialized memory read on broken files
    
    oss-fuzz/29269

diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
index 2dd4675d..ca1327c2 100644
--- a/fofi/FoFiType1C.cc
+++ b/fofi/FoFiType1C.cc
@@ -1433,9 +1433,11 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, const Type
                     cvtNum(ops[k + 5].num, ops[k + 5].isFP, charBuf);
                     charBuf->append((char)8);
                 }
-                cvtNum(ops[k].num, ops[k].isFP, charBuf);
-                cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf);
-                charBuf->append((char)5);
+                if (likely(k + 1 < nOps)) {
+                    cvtNum(ops[k].num, ops[k].isFP, charBuf);
+                    cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf);
+                    charBuf->append((char)5);
+                }
                 nOps = 0;
                 openPath = true;
                 break;
commit d5ac5a3aef453a55c175cb091e304cc463dd0ef8
Author: Albert Astals Cid <aacid at kde.org>
Date:   Tue Jan 5 13:07:04 2021 +0100

    Fix two k that should have been k+1

diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
index 4c2e9a77..2dd4675d 100644
--- a/fofi/FoFiType1C.cc
+++ b/fofi/FoFiType1C.cc
@@ -13,7 +13,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2009, 2010, 2017-2020 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2009, 2010, 2017-2021 Albert Astals Cid <aacid at kde.org>
 // Copyright (C) 2012 Thomas Freitag <Thomas.Freitag at alfa.de>
 // Copyright (C) 2018 Adam Reichold <adam.reichold at t-online.de>
 // Copyright (C) 2019 Tomoyuki Kubota <himajin100000 at gmail.com>
@@ -1434,7 +1434,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, const Type
                     charBuf->append((char)8);
                 }
                 cvtNum(ops[k].num, ops[k].isFP, charBuf);
-                cvtNum(ops[k + 1].num, ops[k].isFP, charBuf);
+                cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf);
                 charBuf->append((char)5);
                 nOps = 0;
                 openPath = true;
@@ -1445,7 +1445,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, const Type
                 }
                 for (k = 0; k < nOps - 6; k += 2) {
                     cvtNum(ops[k].num, ops[k].isFP, charBuf);
-                    cvtNum(ops[k + 1].num, ops[k].isFP, charBuf);
+                    cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf);
                     charBuf->append((char)5);
                 }
                 cvtNum(ops[k].num, ops[k].isFP, charBuf);