[poppler] fofi/FoFiTrueType.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sat Jan 16 11:39:40 UTC 2021
fofi/FoFiTrueType.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit 6fed4c9ff25fd99e164c94519128803db0593e96
Author: Albert Astals Cid <aacid at kde.org>
Date: Sat Jan 16 12:31:36 2021 +0100
FoFiTrueType::cvtSfnts: Fix uninitialized memory read on broken files
Initialize maxUsedGlyph after the early check returns
oss-fuzz/29629
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index 3d4dd724..a720be94 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1132,6 +1132,8 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const
bool needVhea, needVmtx;
int advance;
+ *maxUsedGlyph = -1;
+
// construct the 'head' table, zero out the font checksum
i = seekTable("head");
if (i < 0 || i >= nTables) {
@@ -1182,7 +1184,6 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const
locaTable[nGlyphs].len = 0;
std::sort(locaTable, locaTable + nGlyphs + 1, cmpTrueTypeLocaIdxFunctor());
pos = 0;
- *maxUsedGlyph = -1;
for (i = 0; i <= nGlyphs; ++i) {
locaTable[i].newOffset = pos;
pos += locaTable[i].len;
More information about the poppler
mailing list