summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlbert Astals Cid <aacid@kde.org>2021-05-09 22:46:46 +0200
committerAlbert Astals Cid <aacid@kde.org>2021-05-09 22:46:46 +0200
commit60eae9d0cfc05bd14f3081e4bb128de868fc5e93 (patch)
tree22333c2f9ace16722053eaeb5160c0210311d6fc
parent4ef3535bffedd217707ea16f2ba415dbcdc1ed41 (diff)
FoFiTrueType::cvtSfnts: Protect against integer overflow
oss-fuzz/34113
-rw-r--r--fofi/FoFiTrueType.cc11
1 files changed, 8 insertions, 3 deletions
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index a720be94..7a3f8c58 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1295,9 +1295,14 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const
newTables[k].checksum = checksum;
newTables[k].offset = pos;
newTables[k].len = length;
- pos += length;
- if (pos & 3) {
- pos += 4 - (length & 3);
+ int newPos;
+ if (unlikely(checkedAdd(pos, length, &newPos))) {
+ ok = false;
+ } else {
+ pos = newPos;
+ if (pos & 3) {
+ pos += 4 - (length & 3);
+ }
}
++k;
}