diff options
author | Ken Sharp <ken.sharp@artifex.com> | 2022-08-17 18:52:32 +0100 |
---|---|---|
committer | Ken Sharp <ken.sharp@artifex.com> | 2022-08-17 18:52:32 +0100 |
commit | f31bb9804bd1bc3bc744fad90320279691979154 (patch) | |
tree | 212e833046f07659893ae3a9bef2fd9a78c8a15c | |
parent | aeaf6250a8c66a583cad420e2accee8b3c957e5b (diff) | |
download | ghostpdl-f31bb9804bd1bc3bc744fad90320279691979154.tar.gz |
pdfwrite - check allocated memory
Observed with OSS-fuzz 50113 and this command line:
-K1048576 -r200x200 -sBandListStorage=memory -dMaxBitmap=0 -dBufferSpace=450k -dMediaPosition=1 -dcupsColorSpace=1 -dSAFER -dNOPAUSE -dBATCH -dNOINTERPOLATE -dNOMEDIAATTRS -sDEVICE=pdfwrite -sOutputFile=out.pdf
We tried to allocate memory to hold a number of Unicode code points, but
we didn't check to see if the allocation succeeded. In this case it
fails, and we then tried to use the pointer.
Check the allocation and return an error if it fails.
-rw-r--r-- | devices/vector/gdevpdte.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/devices/vector/gdevpdte.c b/devices/vector/gdevpdte.c index 5e50d2cf2..9760094b0 100644 --- a/devices/vector/gdevpdte.c +++ b/devices/vector/gdevpdte.c @@ -382,6 +382,8 @@ pdf_add_ToUnicode(gx_device_pdf *pdev, gs_font *font, pdf_font_resource_t *pdfon if (!unicode) { unicode = (ushort *)gs_alloc_bytes(pdev->memory, length * sizeof(short), "temporary Unicode array"); + if (unicode == NULL) + return_error(gs_error_VMerror); length = font->procs.decode_glyph((gs_font *)font, glyph, ch, unicode, length); } |