ref: f0cc1738e2914851ab50c0fe121e45f40f7f95d6
parent: d8f9a453b2105d2290401bf6f9338dce0f36af9b
author: Ben Wagner <[email protected]>
date: Mon Dec 14 02:00:41 EST 2015
[base] Check error when seeking to data supplied offset (#46635). * src/base/ftobjs.c (open_face_PS_from_sfnt_stream): `ft_lookup_PS_in_sfnt_stream' returns offset and and length from user supplied data. Use of this these values must be checked.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-12-10 Ben Wagner <[email protected]>
+
+ [base] Check error when seeking to data supplied offset (#46635).
+
+ * src/base/ftobjs.c (open_face_PS_from_sfnt_stream):
+ `ft_lookup_PS_in_sfnt_stream' returns offset and and length from
+ user supplied data. Use of this these values must be checked.
+
2015-12-13 Werner Lemberg <[email protected]>
[autofit] Add support for Myanmar script.
@@ -551,7 +559,7 @@
Handle them.
(af_autofitter_init): Initialize them.
-2015-11-02 Bungeman <[email protected]>
+2015-11-02 Ben Wagner <[email protected]>
[ftfuzzer] Add support for multiple files (patch #8779).
@@ -759,7 +767,7 @@
* src/type1/t1afm.c (T1_Read_Metrics): Fix memory leak (#46229).
-2015-10-19 Bungeman <[email protected]>
+2015-10-19 Ben Wagner <[email protected]>
[cid] Better handle invalid glyph stream offsets (#46221).
@@ -837,7 +845,7 @@
* src/tools/ftfuzzer/README: New file.
-2015-10-15 Bungeman <[email protected]>
+2015-10-15 Ben Wagner <[email protected]>
[bdf] Fix memory leak (#46213).
@@ -860,7 +868,7 @@
The used indices were off by 1.
-2015-10-15 Bungeman <[email protected]>
+2015-10-15 Ben Wagner <[email protected]>
Werner Lemberg <[email protected]>
* src/tools/ftfuzzer/ftfuzzer.cc: Handle fixed sizes (#46211).
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -1521,7 +1521,8 @@
if ( error )
goto Exit;
- if ( FT_Stream_Seek( stream, pos + offset ) )
+ error = FT_Stream_Seek( stream, pos + offset );
+ if ( error )
goto Exit;
if ( FT_ALLOC( sfnt_ps, (FT_Long)length ) )