[poppler] fofi/FoFiTrueType.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sun May 9 20:51:17 UTC 2021
fofi/FoFiTrueType.cc | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
New commits:
commit 60eae9d0cfc05bd14f3081e4bb128de868fc5e93
Author: Albert Astals Cid <aacid at kde.org>
Date: Sun May 9 22:46:46 2021 +0200
FoFiTrueType::cvtSfnts: Protect against integer overflow
oss-fuzz/34113
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index a720be94..7a3f8c58 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1295,9 +1295,14 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const
newTables[k].checksum = checksum;
newTables[k].offset = pos;
newTables[k].len = length;
- pos += length;
- if (pos & 3) {
- pos += 4 - (length & 3);
+ int newPos;
+ if (unlikely(checkedAdd(pos, length, &newPos))) {
+ ok = false;
+ } else {
+ pos = newPos;
+ if (pos & 3) {
+ pos += 4 - (length & 3);
+ }
}
++k;
}
More information about the poppler
mailing list