[sfnt] Fix Savannah bug #43591.
* src/sfnt/ttsbit.c (tt_sbit_decoder_init): Protect against addition and multiplication overflow.
This commit is contained in:
parent
677ddf4f1d
commit
257c270bd2
@ -1,3 +1,10 @@
|
||||
2014-11-12 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[sfnt] Fix Savannah bug #43591.
|
||||
|
||||
* src/sfnt/ttsbit.c (tt_sbit_decoder_init): Protect against addition
|
||||
and multiplication overflow.
|
||||
|
||||
2014-11-12 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[sfnt] Fix Savannah bug #43590.
|
||||
|
@ -394,9 +394,11 @@
|
||||
p += 34;
|
||||
decoder->bit_depth = *p;
|
||||
|
||||
if ( decoder->strike_index_array > face->sbit_table_size ||
|
||||
decoder->strike_index_array + 8 * decoder->strike_index_count >
|
||||
face->sbit_table_size )
|
||||
/* decoder->strike_index_array + */
|
||||
/* 8 * decoder->strike_index_count > face->sbit_table_size ? */
|
||||
if ( decoder->strike_index_array > face->sbit_table_size ||
|
||||
decoder->strike_index_count >
|
||||
( face->sbit_table_size - decoder->strike_index_array ) / 8 )
|
||||
error = FT_THROW( Invalid_File_Format );
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user