diff options
| author | Chris Liddell <chris.liddell@artifex.com> | 2021-08-26 17:11:40 +0100 |
|---|---|---|
| committer | Chris Liddell <chris.liddell@artifex.com> | 2021-08-27 14:49:30 +0100 |
| commit | ddcabcbccb133b6c2b16b148737d8b81c7521679 (patch) | |
| tree | cd2862c3624d1aad4f0d4394d6ab2bd3dc0652f0 /pcl/pl | |
| parent | 8b6c8a577375d482f81e0688ee54a0697ce18e4e (diff) | |
| download | ghostpdl-ddcabcbccb133b6c2b16b148737d8b81c7521679.tar.gz | |
Bug 704255: Fix bounds checking of fco file name string
When UFST is in use, the build creates a string containing a list of the
accessible FCOs (separated by "gp_file_name_list_separator" characters) which
we loop over, enumerating the fonts available in each.
The bounds checking of that string was just incorrect.
Thanks to Norbert for pointing out the problem, and suggesting part of the
fix.
Diffstat (limited to 'pcl/pl')
| -rw-r--r-- | pcl/pl/pllfont.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/pcl/pl/pllfont.c b/pcl/pl/pllfont.c index 5f55d9a48..ad38b2fa1 100644 --- a/pcl/pl/pllfont.c +++ b/pcl/pl/pllfont.c @@ -395,12 +395,13 @@ pl_load_built_in_mtype_fonts(const char *pathname, gs_memory_t * mem, fco_start = fco = (char *)pl_fapi_ufst_get_fco_list(mem); fco_lim = fco_start + strlen(fco_start) + 1; - for (k = 0; strlen(fco) > 0 && fco < fco_lim; k++) { + for (k = 0; fco < fco_lim && strlen(fco) > 0; k++) { status = 0; /* build and open (get handle) for the k'th fco file name */ gs_strlcpy((char *)pthnm, ufst_root_dir, sizeof pthnm); - for (i = 2; fco[i] != gp_file_name_list_separator && (&fco[i]) < fco_lim; i++); + for (i = 2; fco[i] != gp_file_name_list_separator && (&fco[i]) < fco_lim - 1; i++) + ; strncat(pthnm, fco, i); fco += (i + 1); |