diff options
| author | Chris Liddell <chris.liddell@artifex.com> | 2023-02-21 14:40:13 +0000 |
|---|---|---|
| committer | Chris Liddell <chris.liddell@artifex.com> | 2023-02-21 16:46:10 +0000 |
| commit | 8cfe505e168185fecd1b573711c68252aefb9f77 (patch) | |
| tree | c8a2a177bb92898ee16e98fc54c33a0f175e22c5 /pdf | |
| parent | bb739c7141769a6ae94f8a7d34c7df5632840775 (diff) | |
| download | ghostpdl-8cfe505e168185fecd1b573711c68252aefb9f77.tar.gz | |
oss-fuzz 56156: CFF - Allow for (the intended) 64 digit real number
The code intends a 64 digit, null terminated ASCII string representing a real
number, but the buffer was only declared as 64 bytes long, should be 65 to be
the intended length plus the null termination.
Diffstat (limited to 'pdf')
| -rw-r--r-- | pdf/pdf_font1C.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pdf/pdf_font1C.c b/pdf/pdf_font1C.c index 5582af33c..c08a9457c 100644 --- a/pdf/pdf_font1C.c +++ b/pdf/pdf_font1C.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2019-2022 Artifex Software, Inc. +/* Copyright (C) 2019-2023 Artifex Software, Inc. All Rights Reserved. This software is provided AS-IS with no warranty, either express or @@ -688,7 +688,7 @@ format3_fdselect_proc(const byte *p, const byte *pe, unsigned int i) static byte * pdfi_read_cff_real(byte *p, byte *e, float *val) { - char buf[64]; + char buf[65]; char *txt = buf; /* b0 was 30 */ |