From b8cf8b04cbd1c0c5643cc77ed7b0b60525ecf080 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 28 May 2018 23:51:32 +0200
Subject: FoFiType1::parse: Don't copy to buf more than the available file

fixes oss-fuzz/8576
---
 fofi/FoFiType1.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'fofi')

diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
index b38c2b4c..2806d92f 100644
--- a/fofi/FoFiType1.cc
+++ b/fofi/FoFiType1.cc
@@ -340,8 +340,10 @@ void FoFiType1::parse() {
     } else if (!gotMatrix &&
 	       (line + 11 <= (char*)file + len) &&
 	       !strncmp(line, "/FontMatrix", 11)) {
-      strncpy(buf, line + 11, 255);
-      buf[255] = '\0';
+      const auto availableFile = (char*)file + len - (line + 11);
+      const int bufLen = availableFile < 255 ? availableFile : 255;
+      strncpy(buf, line + 11, bufLen);
+      buf[bufLen] = '\0';
       if ((p = strchr(buf, '['))) {
 	++p;
 	if ((p2 = strchr(p, ']'))) {
-- 
cgit v1.2.3