ref: 548f68d805159d01342b16ccb5ac25704bf0d126
parent: 8d7b9198e3830bb1ae37ac3b3f44c60582c86f81
author: Werner Lemberg <[email protected]>
date: Tue Aug 16 05:46:40 EDT 2016
[lzw] Avoid invalid left shift. * src/lzw/ftzopen.c (ft_lzwstate_get_code): Limit `num_bits'.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2016-08-16 Werner Lemberg <[email protected]>
+ [lzw] Avoid invalid left shift.
+
+ * src/lzw/ftzopen.c (ft_lzwstate_get_code): Limit `num_bits'.
+
+2016-08-16 Werner Lemberg <[email protected]>
+
[lzw] Avoid buffer overrun.
Reported as
--- a/src/lzw/ftzopen.c
+++ b/src/lzw/ftzopen.c
@@ -65,6 +65,9 @@
FT_Int result;
+ if ( num_bits > LZW_MAX_BITS )
+ return -1;
+
if ( state->buf_clear ||
offset >= state->buf_size ||
state->free_ent >= state->free_bits )