From 867deb44ce59102b3c817b8228d9cbfd9d9b1fde Mon Sep 17 00:00:00 2001 From: Ken Sharp Date: Sat, 17 Nov 2018 11:20:08 +0000 Subject: Check structure types when using the r_ptr macro Two more places where we were using the r_ptr macro to cast a PostScript ref object into a structure without thoroughly checking that the object was in fact a structure of the correct type. One case did a partial check, but this is more robust. --- psi/zfcmap.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'psi/zfcmap.c') diff --git a/psi/zfcmap.c b/psi/zfcmap.c index 958221eea..4415ffc1c 100644 --- a/psi/zfcmap.c +++ b/psi/zfcmap.c @@ -310,6 +310,10 @@ cid_system_info_compatible(const gs_cid_system_info_t * psi1, /* ---------------- (Semi-)public procedures ---------------- */ +extern_st(st_cmap_tt_16bit_format4); +extern_st(st_cmap_identity); +extern_st(st_cmap_ToUnicode); + /* Get the CodeMap from a Type 0 font, and check the CIDSystemInfo of */ /* its subsidiary fonts. */ int @@ -323,16 +327,12 @@ ztype0_get_cmap(const gs_cmap_t **ppcmap, const ref *pfdepvector, uint num_fonts; uint i; - /* - * We have no way of checking whether the CodeMap is a concrete - * subclass of gs_cmap_t, so we just check that it is in fact a - * t_struct and is large enough. - */ if (dict_find_string(op, "CMap", &prcmap) <= 0 || !r_has_type(prcmap, t_dictionary) || dict_find_string(prcmap, "CodeMap", &pcodemap) <= 0 || - !r_is_struct(pcodemap) || - gs_object_size(imem, r_ptr(pcodemap, gs_cmap_t)) < sizeof(gs_cmap_t) + !r_is_struct(pcodemap) || (!r_has_stype(pcodemap, imem, st_cmap_tt_16bit_format4) && + !r_has_stype(pcodemap, imem, st_cmap_identity) && !r_has_stype(pcodemap, imem, st_cmap_ToUnicode) && + !r_has_stype(pcodemap, imem, st_cmap_adobe1)) ) return_error(gs_error_invalidfont); pcmap = r_ptr(pcodemap, gs_cmap_t); -- cgit v1.2.1