diff options
author | Werner Lemberg <wl@gnu.org> | 2009-03-20 07:19:45 +0100 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2009-03-20 07:19:45 +0100 |
commit | 0a05ba257b6ddd87dacf8d54b626e4b360e0a596 (patch) | |
tree | f6b70f5d10cc8ac6b659a0a76448e37e5dc2107e | |
parent | 0545ec1ca36b27cb928128870a83e5f668980bc5 (diff) | |
download | freetype2-0a05ba257b6ddd87dacf8d54b626e4b360e0a596.tar.gz |
Protect against malformed compressed data.
Problem reported by Tavis Ormandy <taviso@google.com>.
* src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is
zero.
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | src/lzw/ftzopen.c | 3 |
2 files changed, 12 insertions, 0 deletions
@@ -1,5 +1,14 @@ 2009-03-20 Werner Lemberg <wl@gnu.org> + Protect against malformed compressed data. + + Problem reported by Tavis Ormandy <taviso@google.com>. + + * src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is + zero. + +2009-03-20 Werner Lemberg <wl@gnu.org> + Protect against invalid SID values in CFFs. Problem reported by Tavis Ormandy <taviso@google.com>. diff --git a/src/lzw/ftzopen.c b/src/lzw/ftzopen.c index fc7831510..c0483de62 100644 --- a/src/lzw/ftzopen.c +++ b/src/lzw/ftzopen.c @@ -332,6 +332,9 @@ while ( code >= 256U ) { + if ( !state->prefix ) + goto Eof; + FTLZW_STACK_PUSH( state->suffix[code - 256] ); code = state->prefix[code - 256]; } |