Bug 705552 : XPS interpreter

Fixed an issue in which deobfuscating a font file that was less than 32 bytes would cause buffer overflow. A warning is now signaled when this happens.
author: Ethan Vrhel <ethanvrhel@gmail.com> 2022-07-08 14:57:06 -0700
committer: Ethan Vrhel <ethanvrhel@gmail.com> 2022-07-11 13:11:15 -0700
commit: 5430ae838e18651e389731eedd7bd94d862e95b1 (patch)
tree: 08b23752a6a90ca394676838049c8ed4626fc5bd /xps
parent: a43953f51cf80b7ef73c799316a80ae3840b1b3b (diff)
download: ghostpdl-5430ae838e18651e389731eedd7bd94d862e95b1.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/xps/xpsglyphs.c b/xps/xpsglyphs.c
index 76e17e7fe..59b3427dd 100644
--- a/xps/xpsglyphs.c
+++ b/xps/xpsglyphs.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2001-2021 Artifex Software, Inc.
+/* Copyright (C) 2001-2022 Artifex Software, Inc.
    All Rights Reserved.
 
    This software is provided AS-IS with no warranty, either express or
@@ -91,6 +91,13 @@ xps_deobfuscate_font_resource(xps_context_t *ctx, xps_part_t *part)
     char *p;
     int i;
 
+    /* Ensure the part has at least 32 bytes we can write */
+    if (part->size < 32)
+    {
+        gs_warn("obfuscated font part is too small");
+        return;
+    }
+
     p = strrchr(part->name, '/');
     if (!p)
         p = part->name;
author	Ethan Vrhel <ethanvrhel@gmail.com>	2022-07-08 14:57:06 -0700
committer	Ethan Vrhel <ethanvrhel@gmail.com>	2022-07-11 13:11:15 -0700
commit	5430ae838e18651e389731eedd7bd94d862e95b1 (patch)
tree	08b23752a6a90ca394676838049c8ed4626fc5bd /xps
parent	a43953f51cf80b7ef73c799316a80ae3840b1b3b (diff)
download	ghostpdl-5430ae838e18651e389731eedd7bd94d862e95b1.tar.gz