[freetype2] master c4cd34a: [cff] Better check of number of blends.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master c4cd34a: [cff] Better check of number of blends.

From:	Werner LEMBERG
Subject:	[freetype2] master c4cd34a: [cff] Better check of number of blends.
Date:	Wed, 28 Dec 2016 07:33:50 +0000 (UTC)

branch: master
commit c4cd34a9e0f95704c256c1f9ab558bedf4a8129b
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [cff] Better check of number of blends.
    
    * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdBLEND>,
    src/cff/cffparse.c (cff_parse_blend): Compare number of blends with
    stack size.
---
 ChangeLog          |    8 ++++++++
 src/cff/cf2intrp.c |    9 +++++----
 src/cff/cffparse.c |    6 ++++++
 3 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 133ce21..627b938 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2016-12-28  Werner Lemberg  <address@hidden>
+
+       [cff] Better check of number of blends.
+
+       * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdBLEND>,
+       src/cff/cffparse.c (cff_parse_blend): Compare number of blends with
+       stack size.
+
 2016-12-27  Werner Lemberg  <address@hidden>
 
        Documentation updates.
diff --git a/src/cff/cf2intrp.c b/src/cff/cf2intrp.c
index 078f6fe..ef52999 100644
--- a/src/cff/cf2intrp.c
+++ b/src/cff/cf2intrp.c
@@ -693,12 +693,13 @@
           }
 
           /* do the blend */
+          numBlends = (FT_UInt)cf2_stack_popInt( opStack );
+          if ( numBlends > stackSize )
           {
-            FT_Int  temp = cf2_stack_popInt( opStack );
-
-
-            numBlends = temp > 0 ? (FT_UInt)temp : 0;
+            lastError = FT_THROW( Invalid_Glyph_Format );
+            goto exit;
           }
+
           cf2_doBlend( &font->blend, opStack, numBlends );
 
           font->blend.usedBV = TRUE;
diff --git a/src/cff/cffparse.c b/src/cff/cffparse.c
index a848631..ee538c3 100644
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@@ -907,6 +907,12 @@
     }
 
     numBlends = (FT_UInt)cff_parse_num( parser, parser->top - 1 );
+    if ( numBlends > parser->stackSize )
+    {
+      FT_ERROR(( "cff_parse_blend: Invalid number of blends\n" ));
+      error = FT_THROW( Invalid_File_Format );
+      goto Exit;
+    }
 
     FT_TRACE4(( "   %d values blended\n", numBlends ));

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master c4cd34a: [cff] Better check of number of blends., Werner LEMBERG <=

Prev by Date: [freetype2] master 48fd5bb: Documentation updates.
Next by Date: [freetype2] master c4a1ef3: [cff] Catch `blend' op in non-variant fonts.
Previous by thread: [freetype2] master 48fd5bb: Documentation updates.
Next by thread: [freetype2] master c4a1ef3: [cff] Catch `blend' op in non-variant fonts.
Index(es):
- Date
- Thread