Coverity ID 383603 - fix potential buffer overrun

If fnamelen was very long (4091 or more) then later when we add in the fontdirstr we could end up running off the end of a buffer (fstr) which is set as being gp_filename_sizeof bytes long. Change the length check to account for this possibility.
author: Ken Sharp <ken.sharp@artifex.com> 2023-03-02 10:27:15 +0000
committer: Ken Sharp <ken.sharp@artifex.com> 2023-03-02 10:27:15 +0000
commit: c599825a135ef1bb0bc4e896d7f543ed74974bd2 (patch)
tree: 6b7c8d3ea9245f5a85358d3cde366458711a2579 /pdf
parent: 23650fc9ed8da17db6f6199cfceb02db5557053e (diff)
download: ghostpdl-c599825a135ef1bb0bc4e896d7f543ed74974bd2.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/pdf/pdf_file.c b/pdf/pdf_file.c
index c1423863f..d98eb83e8 100644
--- a/pdf/pdf_file.c
+++ b/pdf/pdf_file.c
@@ -1867,7 +1867,7 @@ static int pdfi_open_font_file_inner(pdf_context *ctx, const char *fname, const
     const char *fontdirstr = "Font/";
     const int fontdirstrlen = strlen(fontdirstr);
 
-    if (fname == NULL || fnamelen == 0 || fnamelen >= gp_file_name_sizeof)
+    if (fname == NULL || fnamelen == 0 || fnamelen >= (gp_file_name_sizeof - fontdirstrlen))
         *s = NULL;
     else if (gp_file_name_is_absolute(fname, fnamelen) || fname[0] == '%') {
         /* If it's an absolute path or an explicit PS style device, just try to open it */
author	Ken Sharp <ken.sharp@artifex.com>	2023-03-02 10:27:15 +0000
committer	Ken Sharp <ken.sharp@artifex.com>	2023-03-02 10:27:15 +0000
commit	c599825a135ef1bb0bc4e896d7f543ed74974bd2 (patch)
tree	6b7c8d3ea9245f5a85358d3cde366458711a2579 /pdf
parent	23650fc9ed8da17db6f6199cfceb02db5557053e (diff)
download	ghostpdl-c599825a135ef1bb0bc4e896d7f543ed74974bd2.tar.gz