Protect against malformed compressed data.

Problem reported by Tavis Ormandy <taviso@google.com>. * src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is zero.
author: Werner Lemberg <wl@gnu.org> 2009-03-20 07:19:45 +0100
committer: Werner Lemberg <wl@gnu.org> 2009-03-20 07:19:45 +0100
commit: 0a05ba257b6ddd87dacf8d54b626e4b360e0a596 (patch)
tree: f6b70f5d10cc8ac6b659a0a76448e37e5dc2107e
parent: 0545ec1ca36b27cb928128870a83e5f668980bc5 (diff)
download: freetype2-0a05ba257b6ddd87dacf8d54b626e4b360e0a596.tar.gz
2 files changed, 12 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 512d99ccd..f208f51ec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2009-03-20  Werner Lemberg  <wl@gnu.org>
 
+	Protect against malformed compressed data.
+
+	Problem reported by Tavis Ormandy <taviso@google.com>.
+
+	* src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is
+	zero.
+
+2009-03-20  Werner Lemberg  <wl@gnu.org>
+
 	Protect against invalid SID values in CFFs.
 
 	Problem reported by Tavis Ormandy <taviso@google.com>.
diff --git a/src/lzw/ftzopen.c b/src/lzw/ftzopen.c
index fc7831510..c0483de62 100644
--- a/src/lzw/ftzopen.c
+++ b/src/lzw/ftzopen.c
@@ -332,6 +332,9 @@
 
           while ( code >= 256U )
           {
+            if ( !state->prefix )
+              goto Eof;
+
             FTLZW_STACK_PUSH( state->suffix[code - 256] );
             code = state->prefix[code - 256];
           }
author	Werner Lemberg <wl@gnu.org>	2009-03-20 07:19:45 +0100
committer	Werner Lemberg <wl@gnu.org>	2009-03-20 07:19:45 +0100
commit	0a05ba257b6ddd87dacf8d54b626e4b360e0a596 (patch)
tree	f6b70f5d10cc8ac6b659a0a76448e37e5dc2107e
parent	0545ec1ca36b27cb928128870a83e5f668980bc5 (diff)
download	freetype2-0a05ba257b6ddd87dacf8d54b626e4b360e0a596.tar.gz