diff options
author | Ethan Vrhel <ethanvrhel@gmail.com> | 2022-07-08 14:57:06 -0700 |
---|---|---|
committer | Ethan Vrhel <ethanvrhel@gmail.com> | 2022-07-11 13:11:15 -0700 |
commit | 5430ae838e18651e389731eedd7bd94d862e95b1 (patch) | |
tree | 08b23752a6a90ca394676838049c8ed4626fc5bd /xps | |
parent | a43953f51cf80b7ef73c799316a80ae3840b1b3b (diff) | |
download | ghostpdl-5430ae838e18651e389731eedd7bd94d862e95b1.tar.gz |
Bug 705552 : XPS interpreter
Fixed an issue in which deobfuscating a font file that was less than
32 bytes would cause buffer overflow. A warning is now signaled when
this happens.
Diffstat (limited to 'xps')
-rw-r--r-- | xps/xpsglyphs.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/xps/xpsglyphs.c b/xps/xpsglyphs.c index 76e17e7fe..59b3427dd 100644 --- a/xps/xpsglyphs.c +++ b/xps/xpsglyphs.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2001-2021 Artifex Software, Inc. +/* Copyright (C) 2001-2022 Artifex Software, Inc. All Rights Reserved. This software is provided AS-IS with no warranty, either express or @@ -91,6 +91,13 @@ xps_deobfuscate_font_resource(xps_context_t *ctx, xps_part_t *part) char *p; int i; + /* Ensure the part has at least 32 bytes we can write */ + if (part->size < 32) + { + gs_warn("obfuscated font part is too small"); + return; + } + p = strrchr(part->name, '/'); if (!p) p = part->name; |