diff options
author | Werner Lemberg <wl@gnu.org> | 2017-07-04 08:08:54 +0200 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2017-07-04 08:08:54 +0200 |
commit | 1c85479d2d1de54a4b592ffbef0ae24f498053d2 (patch) | |
tree | 9c070e0ee4186c18283da1764795cff6609693b1 | |
parent | c56d8851ea987023cc73981a70d261b3f6427545 (diff) | |
download | freetype2-1c85479d2d1de54a4b592ffbef0ae24f498053d2.tar.gz |
[truetype] Prevent address overflow (#51365).
* src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | src/truetype/ttgxvar.c | 6 |
2 files changed, 10 insertions, 2 deletions
@@ -1,3 +1,9 @@ +2017-07-04 Werner Lemberg <wl@gnu.org> + + [truetype] Prevent address overflow (#51365). + + * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard. + 2017-07-03 Alexei Podtelezhnikov <apodtele@gmail.com> * src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code. diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c index f2049796d..9125afd10 100644 --- a/src/truetype/ttgxvar.c +++ b/src/truetype/ttgxvar.c @@ -60,8 +60,10 @@ #define FT_Stream_FTell( stream ) \ (FT_ULong)( (stream)->cursor - (stream)->base ) -#define FT_Stream_SeekSet( stream, off ) \ - ( (stream)->cursor = (stream)->base + (off) ) +#define FT_Stream_SeekSet( stream, off ) \ + (stream)->cursor = ( (off) < (stream)->limit - (stream)->base ) \ + ? (stream)->base + (off) \ + : (stream)->limit /*************************************************************************/ |