pdfwrite - check allocated memory

Observed with OSS-fuzz 50113 and this command line: -K1048576 -r200x200 -sBandListStorage=memory -dMaxBitmap=0 -dBufferSpace=450k -dMediaPosition=1 -dcupsColorSpace=1 -dSAFER -dNOPAUSE -dBATCH -dNOINTERPOLATE -dNOMEDIAATTRS -sDEVICE=pdfwrite -sOutputFile=out.pdf We tried to allocate memory to hold a number of Unicode code points, but we didn't check to see if the allocation succeeded. In this case it fails, and we then tried to use the pointer. Check the allocation and return an error if it fails.
author: Ken Sharp <ken.sharp@artifex.com> 2022-08-17 18:52:32 +0100
committer: Ken Sharp <ken.sharp@artifex.com> 2022-08-17 18:52:32 +0100
commit: f31bb9804bd1bc3bc744fad90320279691979154 (patch)
tree: 212e833046f07659893ae3a9bef2fd9a78c8a15c
parent: aeaf6250a8c66a583cad420e2accee8b3c957e5b (diff)
download: ghostpdl-f31bb9804bd1bc3bc744fad90320279691979154.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/devices/vector/gdevpdte.c b/devices/vector/gdevpdte.c
index 5e50d2cf2..9760094b0 100644
--- a/devices/vector/gdevpdte.c
+++ b/devices/vector/gdevpdte.c
@@ -382,6 +382,8 @@ pdf_add_ToUnicode(gx_device_pdf *pdev, gs_font *font, pdf_font_resource_t *pdfon
 
         if (!unicode) {
             unicode = (ushort *)gs_alloc_bytes(pdev->memory, length * sizeof(short), "temporary Unicode array");
+            if (unicode == NULL)
+                return_error(gs_error_VMerror);
             length = font->procs.decode_glyph((gs_font *)font, glyph, ch, unicode, length);
         }
author	Ken Sharp <ken.sharp@artifex.com>	2022-08-17 18:52:32 +0100
committer	Ken Sharp <ken.sharp@artifex.com>	2022-08-17 18:52:32 +0100
commit	f31bb9804bd1bc3bc744fad90320279691979154 (patch)
tree	212e833046f07659893ae3a9bef2fd9a78c8a15c
parent	aeaf6250a8c66a583cad420e2accee8b3c957e5b (diff)
download	ghostpdl-f31bb9804bd1bc3bc744fad90320279691979154.tar.gz