[poppler] fofi/FoFiType1C.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon May 9 21:41:24 UTC 2022
fofi/FoFiType1C.cc | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
New commits:
commit b2f48cfc89b0ef73e0eed56ca819bf6add04eb96
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed May 4 00:13:56 2022 +0200
Fix uninitialized memory read on broken files
diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
index a1511f1b..887bd28e 100644
--- a/fofi/FoFiType1C.cc
+++ b/fofi/FoFiType1C.cc
@@ -2244,11 +2244,11 @@ void FoFiType1C::readPrivateDict(int offset, int length, Type1CPrivateDict *pDic
void FoFiType1C::readFDSelect()
{
- int fdSelectFmt, pos, nRanges, gid0, gid1, fd, i, j;
+ int fdSelectFmt, pos, nRanges, gid0, gid1, fd;
fdSelect = (unsigned char *)gmalloc(nGlyphs);
if (topDict.fdSelectOffset == 0) {
- for (i = 0; i < nGlyphs; ++i) {
+ for (int i = 0; i < nGlyphs; ++i) {
fdSelect[i] = 0;
}
} else {
@@ -2268,7 +2268,7 @@ void FoFiType1C::readFDSelect()
pos += 2;
gid0 = getU16BE(pos, &parsedOk);
pos += 2;
- for (i = 1; i <= nRanges; ++i) {
+ for (int i = 1; i <= nRanges; ++i) {
fd = getU8(pos++, &parsedOk);
gid1 = getU16BE(pos, &parsedOk);
if (!parsedOk) {
@@ -2280,14 +2280,17 @@ void FoFiType1C::readFDSelect()
parsedOk = false;
return;
}
- for (j = gid0; j < gid1; ++j) {
+ for (int j = gid0; j < gid1; ++j) {
fdSelect[j] = fd;
}
gid0 = gid1;
}
+ for (int i = gid0; i < nGlyphs; ++i) {
+ fdSelect[i] = 0;
+ }
} else {
//~ error(-1, "Unknown FDSelect table format in CID font");
- for (i = 0; i < nGlyphs; ++i) {
+ for (int i = 0; i < nGlyphs; ++i) {
fdSelect[i] = 0;
}
}
More information about the poppler
mailing list