oss-fuzz 50306: Add bounds check in Type 2 charstring interpreter

Missing stack bounds check
author: Chris Liddell <chris.liddell@artifex.com> 2022-08-17 08:29:34 +0100
committer: Chris Liddell <chris.liddell@artifex.com> 2022-08-17 08:30:59 +0100
commit: 05efb77627aa0e05ab59ec1d6cb6988e1eb9710e (patch)
tree: a7537d3bf8f27324f09cf410ffd62243a713af3f
parent: 9f8ad8cff4ca7d6ce8b772b109b8aa77a84ba97a (diff)
download: ghostpdl-05efb77627aa0e05ab59ec1d6cb6988e1eb9710e.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/base/gstype2.c b/base/gstype2.c
index 35b7f3f2b..2e7a4ce7e 100644
--- a/base/gstype2.c
+++ b/base/gstype2.c
@@ -690,6 +690,8 @@ gs_type2_interpret(gs_type1_state * pcis, const gs_glyph_data_t *pgd,
                         csp -= 3;
                         break;
                     case ce2_neg:
+                        if (!CS_CHECK_CSTACK_BOUNDS(csp, cstack))
+                            return_error(gs_error_invalidfont);
                         *csp = -*csp;
                         break;
                     case ce2_eq:
author	Chris Liddell <chris.liddell@artifex.com>	2022-08-17 08:29:34 +0100
committer	Chris Liddell <chris.liddell@artifex.com>	2022-08-17 08:30:59 +0100
commit	05efb77627aa0e05ab59ec1d6cb6988e1eb9710e (patch)
tree	a7537d3bf8f27324f09cf410ffd62243a713af3f
parent	9f8ad8cff4ca7d6ce8b772b109b8aa77a84ba97a (diff)
download	ghostpdl-05efb77627aa0e05ab59ec1d6cb6988e1eb9710e.tar.gz