ref: 8edfcbed53f669279b5d7dccea72d0903b75ee9c
parent: a5ecfb4ce6f4f42f5346c664b57ab80c2bdf3664
author: Werner Lemberg <[email protected]>
date: Sat Oct 17 04:11:16 EDT 2015
[psaux] Fix heap buffer overflow (#46221). * src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>: Fix limit check.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,11 @@
-2015-10-15 Werner Lemberg <[email protected]>
+2015-10-17 Werner Lemberg <[email protected]>
+
+ [psaux] Fix heap buffer overflow (#46221).
+
+ * src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>:
+ Fix limit check.
+
+2015-10-17 Werner Lemberg <[email protected]>
* src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220).
--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@@ -512,7 +512,7 @@
break;
case 12:
- if ( ip > limit )
+ if ( ip >= limit )
{FT_ERROR(( "t1_decoder_parse_charstrings:"
" invalid escape (12+EOF)\n" ));