diff options
author | Ken Sharp <ken.sharp@artifex.com> | 2023-03-02 10:27:15 +0000 |
---|---|---|
committer | Ken Sharp <ken.sharp@artifex.com> | 2023-03-02 10:27:15 +0000 |
commit | c599825a135ef1bb0bc4e896d7f543ed74974bd2 (patch) | |
tree | 6b7c8d3ea9245f5a85358d3cde366458711a2579 /pdf | |
parent | 23650fc9ed8da17db6f6199cfceb02db5557053e (diff) | |
download | ghostpdl-c599825a135ef1bb0bc4e896d7f543ed74974bd2.tar.gz |
Coverity ID 383603 - fix potential buffer overrun
If fnamelen was very long (4091 or more) then later when we add in
the fontdirstr we could end up running off the end of a buffer (fstr)
which is set as being gp_filename_sizeof bytes long.
Change the length check to account for this possibility.
Diffstat (limited to 'pdf')
-rw-r--r-- | pdf/pdf_file.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pdf/pdf_file.c b/pdf/pdf_file.c index c1423863f..d98eb83e8 100644 --- a/pdf/pdf_file.c +++ b/pdf/pdf_file.c @@ -1867,7 +1867,7 @@ static int pdfi_open_font_file_inner(pdf_context *ctx, const char *fname, const const char *fontdirstr = "Font/"; const int fontdirstrlen = strlen(fontdirstr); - if (fname == NULL || fnamelen == 0 || fnamelen >= gp_file_name_sizeof) + if (fname == NULL || fnamelen == 0 || fnamelen >= (gp_file_name_sizeof - fontdirstrlen)) *s = NULL; else if (gp_file_name_is_absolute(fname, fnamelen) || fname[0] == '%') { /* If it's an absolute path or an explicit PS style device, just try to open it */ |