Projects
openEuler:Mainline
cairo
_service:tar_scm:bugfix-fix-heap-buffer-overflo...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:bugfix-fix-heap-buffer-overflow-in-cairo_cff_parse_charstring.patch of Package cairo
From 4e515dd14a67b9069610e4a10baee300fb08421a Mon Sep 17 00:00:00 2001 From: sun_hai_10 <sunhai10@huawei.com> Date: Wed, 14 Jun 2023 16:44:30 +0800 Subject: [PATCH] fix heap buffer overflow in cairo_cff_parse_charstring --- src/cairo-cff-subset.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c index 64fc69e..c94a4d0 100644 --- a/src/cairo-cff-subset.c +++ b/src/cairo-cff-subset.c @@ -1789,7 +1789,13 @@ cairo_cff_font_subset_charstrings_and_subroutines (cairo_cff_font_t *font) } else { glyph = font->scaled_font_subset->glyphs[i]; } - element = _cairo_array_index (&font->charstrings_index, glyph); + + cairo_array_t *array = &font->charstrings_index; + element = _cairo_array_index (array, glyph); + if (element == NULL) + return CAIRO_INT_STATUS_NO_MEMORY; + if (array->element_size < element->length) + return CAIRO_INT_STATUS_UNSUPPORTED; status = cff_index_append (&font->charstrings_subset_index, element->data, element->length); -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2