ref: 1c85479d2d1de54a4b592ffbef0ae24f498053d2
parent: c56d8851ea987023cc73981a70d261b3f6427545
author: Werner Lemberg <[email protected]>
date: Tue Jul 4 04:08:54 EDT 2017
[truetype] Prevent address overflow (#51365). * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-07-04 Werner Lemberg <[email protected]>
+
+ [truetype] Prevent address overflow (#51365).
+
+ * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.
+
2017-07-03 Alexei Podtelezhnikov <[email protected]>
* src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code.
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -60,8 +60,10 @@
#define FT_Stream_FTell( stream ) \
(FT_ULong)( (stream)->cursor - (stream)->base )
-#define FT_Stream_SeekSet( stream, off ) \
- ( (stream)->cursor = (stream)->base + (off) )
+#define FT_Stream_SeekSet( stream, off ) \
+ (stream)->cursor = ( (off) < (stream)->limit - (stream)->base ) \
+ ? (stream)->base + (off) \
+ : (stream)->limit
/*************************************************************************/