diff options
| author | Chris Liddell <chris.liddell@artifex.com> | 2022-08-29 16:25:07 +0100 |
|---|---|---|
| committer | Chris Liddell <chris.liddell@artifex.com> | 2022-09-02 15:59:07 +0100 |
| commit | c8e196adf0cdc4fa2461fa1cdfde3dfed823d5d4 (patch) | |
| tree | 088c619b10e763bc22963570e54e81c4a2867858 | |
| parent | 17dcfba9a0e2302d83ed8f92feaecee56b74df3c (diff) | |
| download | ghostpdl-c8e196adf0cdc4fa2461fa1cdfde3dfed823d5d4.tar.gz | |
oss-fuzz 50720: CFF - validate fontname string length
| -rw-r--r-- | pdf/pdf_font1C.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pdf/pdf_font1C.c b/pdf/pdf_font1C.c index 382a9dea3..c228b0996 100644 --- a/pdf/pdf_font1C.c +++ b/pdf/pdf_font1C.c @@ -952,9 +952,10 @@ pdfi_read_cff_dict(byte *p, byte *e, pdfi_gs_cff_font_priv *ptpriv, cff_font_off code = pdfi_make_string_from_sid(font->ctx, (pdf_obj **) &fnamestr, font, offsets, args[0].ival); if (code >= 0) { - memcpy(ptpriv->font_name.chars, fnamestr->data, fnamestr->length); - memcpy(ptpriv->key_name.chars, fnamestr->data, fnamestr->length); - ptpriv->font_name.size = ptpriv->key_name.size = fnamestr->length; + int nlen = fnamestr->length > gs_font_name_max ? gs_font_name_max : fnamestr->length; + memcpy(ptpriv->font_name.chars, fnamestr->data, nlen); + memcpy(ptpriv->key_name.chars, fnamestr->data, nlen); + ptpriv->font_name.size = ptpriv->key_name.size = nlen; pdfi_countdown(fnamestr); } break; |