fofi/FoFiType1C.cc | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
New commits: commit 6c9f9a491a221fb1fccfe758bc92308ff1a692d1 Author: Albert Astals Cid <aa...@kde.org> Date: Tue Jan 5 13:10:30 2021 +0100 FoFiType1C::cvtGlyph: Fix uninitialized memory read on broken files oss-fuzz/29269 diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc index 2dd4675d..ca1327c2 100644 --- a/fofi/FoFiType1C.cc +++ b/fofi/FoFiType1C.cc @@ -1433,9 +1433,11 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, const Type cvtNum(ops[k + 5].num, ops[k + 5].isFP, charBuf); charBuf->append((char)8); } - cvtNum(ops[k].num, ops[k].isFP, charBuf); - cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf); - charBuf->append((char)5); + if (likely(k + 1 < nOps)) { + cvtNum(ops[k].num, ops[k].isFP, charBuf); + cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf); + charBuf->append((char)5); + } nOps = 0; openPath = true; break; commit d5ac5a3aef453a55c175cb091e304cc463dd0ef8 Author: Albert Astals Cid <aa...@kde.org> Date: Tue Jan 5 13:07:04 2021 +0100 Fix two k that should have been k+1 diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc index 4c2e9a77..2dd4675d 100644 --- a/fofi/FoFiType1C.cc +++ b/fofi/FoFiType1C.cc @@ -13,7 +13,7 @@ // All changes made under the Poppler project to this file are licensed // under GPL version 2 or later // -// Copyright (C) 2009, 2010, 2017-2020 Albert Astals Cid <aa...@kde.org> +// Copyright (C) 2009, 2010, 2017-2021 Albert Astals Cid <aa...@kde.org> // Copyright (C) 2012 Thomas Freitag <thomas.frei...@alfa.de> // Copyright (C) 2018 Adam Reichold <adam.reich...@t-online.de> // Copyright (C) 2019 Tomoyuki Kubota <himajin100...@gmail.com> @@ -1434,7 +1434,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, const Type charBuf->append((char)8); } cvtNum(ops[k].num, ops[k].isFP, charBuf); - cvtNum(ops[k + 1].num, ops[k].isFP, charBuf); + cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf); charBuf->append((char)5); nOps = 0; openPath = true; @@ -1445,7 +1445,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, const Type } for (k = 0; k < nOps - 6; k += 2) { cvtNum(ops[k].num, ops[k].isFP, charBuf); - cvtNum(ops[k + 1].num, ops[k].isFP, charBuf); + cvtNum(ops[k + 1].num, ops[k + 1].isFP, charBuf); charBuf->append((char)5); } cvtNum(ops[k].num, ops[k].isFP, charBuf); _______________________________________________ poppler mailing list poppler@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/poppler