summaryrefslogtreecommitdiff
path: root/fofi
diff options
context:
space:
mode:
authorAlbert Astals Cid <aacid@kde.org>2018-05-28 23:51:32 +0200
committerAlbert Astals Cid <aacid@kde.org>2018-05-28 23:51:32 +0200
commitb8cf8b04cbd1c0c5643cc77ed7b0b60525ecf080 (patch)
tree9928c242a2887e08d93c2c4f5bde66cbbb2307e8 /fofi
parent10a3dc2a9c92349e498ea36bb342b821dcfc9d76 (diff)
FoFiType1::parse: Don't copy to buf more than the available file
fixes oss-fuzz/8576
Diffstat (limited to 'fofi')
-rw-r--r--fofi/FoFiType1.cc6
1 files changed, 4 insertions, 2 deletions
diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
index b38c2b4c..2806d92f 100644
--- a/fofi/FoFiType1.cc
+++ b/fofi/FoFiType1.cc
@@ -340,8 +340,10 @@ void FoFiType1::parse() {
} else if (!gotMatrix &&
(line + 11 <= (char*)file + len) &&
!strncmp(line, "/FontMatrix", 11)) {
- strncpy(buf, line + 11, 255);
- buf[255] = '\0';
+ const auto availableFile = (char*)file + len - (line + 11);
+ const int bufLen = availableFile < 255 ? availableFile : 255;
+ strncpy(buf, line + 11, bufLen);
+ buf[bufLen] = '\0';
if ((p = strchr(buf, '['))) {
++p;
if ((p2 = strchr(p, ']'))) {