ref: 6a4718a3a0584c976b10d4e3a2cc58dc5f4a8242
parent: 6d65c60fca0ebce88e2bcfeac92a7a791e03bf42
author: Sebastian Rasmussen <[email protected]>
date: Tue Mar 5 12:25:19 EST 2019
Fix use of uninitialized memory. * src/psaux/psintrp.c (cf2_interpT2CharString): The call to `cf2_arrstack_setCount' may fail because the allocator ran out of memory. When this happens the stack is still written to before the error condition is checked. This means that FreeType writes outside of allocated memory. This commit moves the error check prior to the stack assignment, hence the function now properly returns with an error condition.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2019-03-05 Sebastian Rasmussen <[email protected]>
+
+ [psaux] Fix use of uninitialized memory.
+
+ * src/psaux/psintrp.c (cf2_interpT2CharString): The call to
+ `cf2_arrstack_setCount' may fail because the allocator ran out of
+ memory. When this happens the stack is still written to before the
+ error condition is checked. This means that FreeType writes outside
+ of allocated memory. This commit moves the error check prior to the
+ stack assignment, hence the function now properly returns with an
+ error condition.
+
2019-02-23 Werner Lemberg <[email protected]>
* src/base/ftbitmap.c (FT_Bitmap_Blend): No fractional offsets.
--- a/src/psaux/psintrp.c
+++ b/src/psaux/psintrp.c
@@ -612,13 +612,13 @@
cf2_arrstack_setCount( &subrStack, CF2_MAX_SUBR + 1 );
charstring = (CF2_Buffer)cf2_arrstack_getBuffer( &subrStack );
- *charstring = *buf; /* structure copy */
- charstringIndex = 0; /* entry is valid now */
-
/* catch errors so far */
if ( *error )
goto exit;
+
+ *charstring = *buf; /* structure copy */
+ charstringIndex = 0; /* entry is valid now */
/* main interpreter loop */
while ( 1 )