diff options
author | Albert Astals Cid <aacid@kde.org> | 2021-05-09 22:46:46 +0200 |
---|---|---|
committer | Albert Astals Cid <aacid@kde.org> | 2021-05-09 22:46:46 +0200 |
commit | 60eae9d0cfc05bd14f3081e4bb128de868fc5e93 (patch) | |
tree | 22333c2f9ace16722053eaeb5160c0210311d6fc | |
parent | 4ef3535bffedd217707ea16f2ba415dbcdc1ed41 (diff) |
FoFiTrueType::cvtSfnts: Protect against integer overflow
oss-fuzz/34113
-rw-r--r-- | fofi/FoFiTrueType.cc | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc index a720be94..7a3f8c58 100644 --- a/fofi/FoFiTrueType.cc +++ b/fofi/FoFiTrueType.cc @@ -1295,9 +1295,14 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const newTables[k].checksum = checksum; newTables[k].offset = pos; newTables[k].len = length; - pos += length; - if (pos & 3) { - pos += 4 - (length & 3); + int newPos; + if (unlikely(checkedAdd(pos, length, &newPos))) { + ok = false; + } else { + pos = newPos; + if (pos & 3) { + pos += 4 - (length & 3); + } } ++k; } |