diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2022-03-03 09:59:35 +0000 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2022-03-03 13:36:08 +0000 |
commit | 476f3fe96b853fbe96062bff1c29355cabbaac61 (patch) | |
tree | 3a5c747f5b94015649683917f3eef26071712c48 /pdf/pdf_font1C.c | |
parent | 7106d160f0d5eb740230fc8c0827f5d97714ea0e (diff) | |
download | ghostpdl-476f3fe96b853fbe96062bff1c29355cabbaac61.tar.gz |
oss-fuzz 45173: CFF corrupt string index, give up and error out
Diffstat (limited to 'pdf/pdf_font1C.c')
-rw-r--r-- | pdf/pdf_font1C.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/pdf/pdf_font1C.c b/pdf/pdf_font1C.c index 89cc46c94..e68acbebc 100644 --- a/pdf/pdf_font1C.c +++ b/pdf/pdf_font1C.c @@ -1212,6 +1212,11 @@ pdfi_count_cff_index(byte *p, byte *e, int *countp) p += offsize; p--; /* stupid offsets */ + if (last < 0) { + gs_throw(-1, "corrupt index"); + return 0; + } + if (p + last > e) { gs_throw(-1, "not enough data for index data"); return 0; @@ -1650,6 +1655,7 @@ pdfi_read_cff(pdf_context *ctx, pdfi_gs_cff_font_priv *ptpriv) /* String index */ pstore = p; p = pdfi_find_cff_index(p, e, 0, &strp, &stre); + offsets.strings_off = pstore - font->cffdata; p = pdfi_count_cff_index(pstore, e, &count); |