diff options
| author | Chris Liddell <chris.liddell@artifex.com> | 2017-06-14 10:14:51 +0100 |
|---|---|---|
| committer | Chris Liddell <chris.liddell@artifex.com> | 2017-06-14 10:16:05 +0100 |
| commit | 3ee55637480d5e319a5de0481b01c3346855cbc9 (patch) | |
| tree | 3aebe05f0dd7b086fc4e2ca6e20df354bf79535e | |
| parent | 3c2aebbedd37fab054e80f2e315de07d7e9b5bdb (diff) | |
| download | ghostpdl-3ee55637480d5e319a5de0481b01c3346855cbc9.tar.gz | |
Bug 698050: xps: bounds check offset for requested cmap table
| -rw-r--r-- | xps/ghostxps.h | 2 | ||||
| -rw-r--r-- | xps/xpsfont.c | 9 | ||||
| -rw-r--r-- | xps/xpsglyphs.c | 4 |
3 files changed, 10 insertions, 5 deletions
diff --git a/xps/ghostxps.h b/xps/ghostxps.h index 623ea5df6..89f43e30a 100644 --- a/xps/ghostxps.h +++ b/xps/ghostxps.h @@ -267,7 +267,7 @@ void xps_free_font(xps_context_t *ctx, xps_font_t *font); int xps_count_font_encodings(xps_font_t *font); void xps_identify_font_encoding(xps_font_t *font, int idx, int *pid, int *eid); -void xps_select_font_encoding(xps_font_t *font, int idx); +int xps_select_font_encoding(xps_font_t *font, int idx); int xps_decode_font_char(xps_font_t *font, int key); int xps_encode_font_char(xps_font_t *font, int key); diff --git a/xps/xpsfont.c b/xps/xpsfont.c index 36aef4cf0..7ae7d2239 100644 --- a/xps/xpsfont.c +++ b/xps/xpsfont.c @@ -331,19 +331,24 @@ xps_identify_font_encoding(xps_font_t *font, int idx, int *pid, int *eid) * Select a cmap subtable for use with encoding functions. */ -void +int xps_select_font_encoding(xps_font_t *font, int idx) { byte *cmapdata, *entry; int pid, eid; if (idx < 0 || idx >= font->cmapsubcount) - return; + return 0; cmapdata = font->data + font->cmaptable; entry = cmapdata + 4 + idx * 8; pid = u16(entry + 0); eid = u16(entry + 2); font->cmapsubtable = font->cmaptable + u32(entry + 4); + if (font->cmapsubtable >= font->length) { + font->cmapsubtable = 0; + return 0; + } font->usepua = (pid == 3 && eid == 0); + return 1; } /* diff --git a/xps/xpsglyphs.c b/xps/xpsglyphs.c index 44947028d..061355f2e 100644 --- a/xps/xpsglyphs.c +++ b/xps/xpsglyphs.c @@ -144,8 +144,8 @@ xps_select_best_font_encoding(xps_font_t *font) xps_identify_font_encoding(font, i, &pid, &eid); if (pid == xps_cmap_list[k].pid && eid == xps_cmap_list[k].eid) { - xps_select_font_encoding(font, i); - return; + if (xps_select_font_encoding(font, i)) + return; } } } |