[poppler] fofi/FoFiTrueType.cc

GitLab Mirror Wed, 12 May 2021 14:45:19 -0700

 fofi/FoFiTrueType.cc |   12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)


New commits:
commit 2e8ad35f95965459ebef9a20ba1a98f7fe982e26
Author: Albert Astals Cid <aa...@kde.org>
Date:   Wed May 12 23:39:14 2021 +0200

    FoFiTrueType::cvtSfnts: Protect against integer overflow
    
    oss-fuzz/34214

diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index 7a3f8c58..ce592b8c 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1186,9 +1186,15 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, 
void *outputStream, const
     pos = 0;
     for (i = 0; i <= nGlyphs; ++i) {
         locaTable[i].newOffset = pos;
-        pos += locaTable[i].len;
-        if (pos & 3) {
-            pos += 4 - (pos & 3);
+
+        int newPos;
+        if (unlikely(checkedAdd(pos, locaTable[i].len, &newPos))) {
+            ok = false;
+        } else {
+            pos = newPos;
+            if (pos & 3) {
+                pos += 4 - (pos & 3);
+            }
         }
         if (locaTable[i].len > 0) {
             *maxUsedGlyph = i;
_______________________________________________
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler

[poppler] fofi/FoFiTrueType.cc

Reply via email to