summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlbert Astals Cid <aacid@kde.org>2021-05-12 23:39:14 +0200
committerAlbert Astals Cid <aacid@kde.org>2021-05-12 23:39:14 +0200
commit2e8ad35f95965459ebef9a20ba1a98f7fe982e26 (patch)
treef52d0ec6d95925aa0fc9b29e152763cd88e5841e
parent60eae9d0cfc05bd14f3081e4bb128de868fc5e93 (diff)
FoFiTrueType::cvtSfnts: Protect against integer overflow
oss-fuzz/34214
-rw-r--r--fofi/FoFiTrueType.cc12
1 files changed, 9 insertions, 3 deletions
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index 7a3f8c58..ce592b8c 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1186,9 +1186,15 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const
pos = 0;
for (i = 0; i <= nGlyphs; ++i) {
locaTable[i].newOffset = pos;
- pos += locaTable[i].len;
- if (pos & 3) {
- pos += 4 - (pos & 3);
+
+ int newPos;
+ if (unlikely(checkedAdd(pos, locaTable[i].len, &newPos))) {
+ ok = false;
+ } else {
+ pos = newPos;
+ if (pos & 3) {
+ pos += 4 - (pos & 3);
+ }
}
if (locaTable[i].len > 0) {
*maxUsedGlyph = i;