diff options
author | Chris Liddell <chris.liddell@artifex.com> | 2017-05-29 16:19:39 +0100 |
---|---|---|
committer | Chris Liddell <chris.liddell@artifex.com> | 2017-06-01 15:05:19 +0100 |
commit | 5f53dbc3e917d44e92619f831ba06be7944b5471 (patch) | |
tree | d2bc55d6feb4cacf6dcf68dee28e5957406698c5 /pcl/pl/pllfont.c | |
parent | fe6ed9f54a02357e01c1f8c517b6af831e5f59ae (diff) | |
download | ghostpdl-5f53dbc3e917d44e92619f831ba06be7944b5471.tar.gz |
Bounds check buffers for downloaded glyphs in PCL.
For downloaded fonts, there were several buffer overreads reported by valgrind
when interpreting Intellifont glyph descriptions.
This adds using the (already existing) length field to bounds check when we
interpret the glyph.
Diffstat (limited to 'pcl/pl/pllfont.c')
-rw-r--r-- | pcl/pl/pllfont.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pcl/pl/pllfont.c b/pcl/pl/pllfont.c index cd10cd134..ba5baba0b 100644 --- a/pcl/pl/pllfont.c +++ b/pcl/pl/pllfont.c @@ -342,7 +342,7 @@ pl_load_ufst_lineprinter(gs_memory_t * mem, pl_dict_t * pfontdict, /* NB this shouldn't happen but it does, should be looked at */ if (ucode != 0xffff) - code = pl_font_add_glyph(pplfont, ucode, char_data + 2); + code = pl_font_add_glyph(pplfont, ucode, char_data + 2, ccode_plus_header_plus_data); if (code < 0) /* shouldn't happen */ |