ref: d353f6e0123a0acffe5068b2e5d0cd2b5c93d196
parent: c12956e700641ed330c6a2ef764963b57ccdabc4
author: Werner Lemberg <[email protected]>
date: Sat Oct 10 02:54:46 EDT 2015
* src/pcf/pcfread.c (pcf_read_TOC): Check stream size (#46162).
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2015-10-10 Werner Lemberg <[email protected]>
+
+ * src/pcf/pcfread.c (pcf_read_TOC): Check stream size (#46162).
+
2015-10-09 Werner Lemberg <[email protected]>
* src/gzip/ftgzip.c (FT_Stream_OpenGzip): Use real stream size.
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -106,6 +106,9 @@
toc->count == 0 )
return FT_THROW( Invalid_File_Format );
+ if ( stream->size < 16 )
+ return FT_THROW( Invalid_File_Format );
+
/* we need 16 bytes per TOC entry */
if ( toc->count > stream->size >> 4 )
{