oss-fuzz 52636: Check ref type before using

For Type42/TTF fonts we store the sfnts data in an array of strings, which the FAPI code "seeks" through to read the font data. In this case, one of the elements in the array is an integer rather than string, and since we weren't checking the ref type, using is as a string would crash. Add a check for the ref type, and throw an error if it's not a string.
author: Chris Liddell <chris.liddell@artifex.com> 2022-10-24 10:01:41 +0100
committer: Chris Liddell <chris.liddell@artifex.com> 2022-10-24 14:28:05 +0100
commit: 4017df5f53dcc7cd80c97c1f4642462dfce5a0d5 (patch)
tree: ec080f574a35554a31fad9837a39f86c84290208 /psi
parent: 073c1adebeef38317ae0e6cb0f6d366ddaadb38a (diff)
download: ghostpdl-4017df5f53dcc7cd80c97c1f4642462dfce5a0d5.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/psi/zfapi.c b/psi/zfapi.c
index aa7369a1e..6852e718c 100644
--- a/psi/zfapi.c
+++ b/psi/zfapi.c
@@ -103,6 +103,10 @@ sfnts_next_elem(sfnts_reader *r)
             r->error = code;
             return;
         }
+        if (!r_has_type(&s, t_string)) {
+            r->error = gs_note_error(gs_error_typecheck);
+            return;
+        }
     	r->p = s.value.const_bytes;
     	r->length = r_size(&s) & ~(uint) 1; /* See Adobe Technical Note # 5012, section 4.2. */
     } while (r->length == 0);
author	Chris Liddell <chris.liddell@artifex.com>	2022-10-24 10:01:41 +0100
committer	Chris Liddell <chris.liddell@artifex.com>	2022-10-24 14:28:05 +0100
commit	4017df5f53dcc7cd80c97c1f4642462dfce5a0d5 (patch)
tree	ec080f574a35554a31fad9837a39f86c84290208 /psi
parent	073c1adebeef38317ae0e6cb0f6d366ddaadb38a (diff)
download	ghostpdl-4017df5f53dcc7cd80c97c1f4642462dfce5a0d5.tar.gz