Fix Savannah bug #30658.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check the total length of collected POST segments does not overrun the allocated buffer.
This commit is contained in:
parent
223cb1b57c
commit
81f3472c0b
@ -1,3 +1,11 @@
|
||||
2010-08-06 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
|
||||
|
||||
Fix Savannah bug #30658.
|
||||
|
||||
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check the total
|
||||
length of collected POST segments does not overrun the allocated
|
||||
buffer.
|
||||
|
||||
2010-08-06 Yuriy Kaminskiy <yumkam@mail.ru>
|
||||
|
||||
Fix conditional usage of FT_MulFix_i386.
|
||||
|
@ -1574,6 +1574,7 @@
|
||||
FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
|
||||
i, offsets[i], rlen, flags ));
|
||||
|
||||
/* postpone the check of rlen longer than buffer until FT_Stream_Read() */
|
||||
if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */
|
||||
continue;
|
||||
|
||||
@ -1613,6 +1614,10 @@
|
||||
pfb_data[pfb_pos++] = 0;
|
||||
}
|
||||
|
||||
error = FT_Err_Cannot_Open_Resource;
|
||||
if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
|
||||
goto Exit2;
|
||||
|
||||
error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );
|
||||
if ( error )
|
||||
goto Exit2;
|
||||
|
Loading…
Reference in New Issue
Block a user