diff options
| author | Albert Astals Cid <aacid@kde.org> | 2018-05-24 23:19:16 +0200 |
|---|---|---|
| committer | Albert Astals Cid <aacid@kde.org> | 2018-05-24 23:19:16 +0200 |
| commit | c758fc980834882528eeae82568494e46d189cc5 (patch) | |
| tree | e14e87b82e29b08a7cce2f12103957f8bdb129cc /fofi | |
| parent | 07318f3899248f67a58148b29a9555ff47a1b083 (diff) | |
FoFiType1::parse: Fix invalid memory access
Make sure there's enough line left before calling strncmp
fixes oss-fuzz/8425
Diffstat (limited to 'fofi')
| -rw-r--r-- | fofi/FoFiType1.cc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc index dbe95b67..ae9dfc4d 100644 --- a/fofi/FoFiType1.cc +++ b/fofi/FoFiType1.cc @@ -226,7 +226,9 @@ void FoFiType1::parse() { ++i) { // get font name - if (!name && !strncmp(line, "/FontName", 9)) { + if (!name && + (line + 9 <= (char*)file + len) && + !strncmp(line, "/FontName", 9)) { strncpy(buf, line, 255); buf[255] = '\0'; if ((p = strchr(buf+9, '/')) && @@ -237,9 +239,11 @@ void FoFiType1::parse() { // get encoding } else if (!encoding && + (line + 30 <= (char*)file + len) && !strncmp(line, "/Encoding StandardEncoding def", 30)) { encoding = (char **)fofiType1StandardEncoding; } else if (!encoding && + (line + 19 <= (char*)file + len) && !strncmp(line, "/Encoding 256 array", 19)) { encoding = (char **)gmallocn(256, sizeof(char *)); for (j = 0; j < 256; ++j) { @@ -331,7 +335,9 @@ void FoFiType1::parse() { } //~ check for getinterval/putinterval junk - } else if (!gotMatrix && !strncmp(line, "/FontMatrix", 11)) { + } else if (!gotMatrix && + (line + 11 <= (char*)file + len) && + !strncmp(line, "/FontMatrix", 11)) { strncpy(buf, line + 11, 255); buf[255] = '\0'; if ((p = strchr(buf, '['))) { |