ref: 0af21dcf13ce44b1624feb3186f0609599355288
parent: 38a3dd55660cdaea2c187e8f24c793cdefba1d3f
author: Werner Lemberg <[email protected]>
date: Sat Oct 17 05:29:52 EDT 2015
* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2015-10-17 Werner Lemberg <[email protected]>
+ * src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.
+
+2015-10-17 Werner Lemberg <[email protected]>
+
* src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222).
2015-10-17 Werner Lemberg <[email protected]>
--- a/src/cid/cidload.c
+++ b/src/cid/cidload.c
@@ -401,6 +401,16 @@
FT_ERROR(( "cid_parse_dict: No font dictionary found\n" ));
return FT_THROW( Invalid_File_Format );
}
+
+ /* allow at most 32bit offsets */
+ if ( face->cid.fd_bytes > 4 || face->cid.gd_bytes > 4 )
+ {+ FT_ERROR(( "cid_parse_dict:"
+ " Values of `FDBytes' or `GDBytes' larger than 4\n"
+ " "
+ " are not supported\n" ));
+ return FT_THROW( Invalid_File_Format );
+ }
}
return parser->root.error;