ref: ef1eba75187adfac750f326b563fe543dd5ff4e6
parent: 0e2f5d518c60e2978f26400d110eff178fa7e3c3
author: Werner Lemberg <[email protected]>
date: Thu Nov 6 18:25:05 EST 2014
Fix Savannah bug #43548. * src/pcf/pcfread (pcf_get_encodings): Add sanity checks for row and column values.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2014-11-06 Werner Lemberg <[email protected]>
+ Fix Savannah bug #43548.
+
+ * src/pcf/pcfread (pcf_get_encodings): Add sanity checks for row and
+ column values.
+
+2014-11-06 Werner Lemberg <[email protected]>
+
Fix Savannah bug #43547.
* src/pcf/pcfread.c (pcf_read_TOC): Check `size' and `offset'
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -830,6 +830,15 @@
if ( !PCF_FORMAT_MATCH( format, PCF_DEFAULT_FORMAT ) )
return FT_THROW( Invalid_File_Format );
+ /* sanity checks */
+ if ( firstCol < 0 ||
+ firstCol > lastCol ||
+ lastCol > 0xFF ||
+ firstRow < 0 ||
+ firstRow > lastRow ||
+ lastRow > 0xFF )
+ return FT_THROW( Invalid_Table );
+
FT_TRACE4(( "pdf_get_encodings:\n" ));
FT_TRACE4(( " firstCol %d, lastCol %d, firstRow %d, lastRow %d\n",