fofi/FoFiTrueType.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
New commits: commit 6fed4c9ff25fd99e164c94519128803db0593e96 Author: Albert Astals Cid <aa...@kde.org> Date: Sat Jan 16 12:31:36 2021 +0100 FoFiTrueType::cvtSfnts: Fix uninitialized memory read on broken files Initialize maxUsedGlyph after the early check returns oss-fuzz/29629 diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc index 3d4dd724..a720be94 100644 --- a/fofi/FoFiTrueType.cc +++ b/fofi/FoFiTrueType.cc @@ -1132,6 +1132,8 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const bool needVhea, needVmtx; int advance; + *maxUsedGlyph = -1; + // construct the 'head' table, zero out the font checksum i = seekTable("head"); if (i < 0 || i >= nTables) { @@ -1182,7 +1184,6 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const locaTable[nGlyphs].len = 0; std::sort(locaTable, locaTable + nGlyphs + 1, cmpTrueTypeLocaIdxFunctor()); pos = 0; - *maxUsedGlyph = -1; for (i = 0; i <= nGlyphs; ++i) { locaTable[i].newOffset = pos; pos += locaTable[i].len; _______________________________________________ poppler mailing list poppler@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/poppler