Bounds check buffers for downloaded glyphs in PCL.

For downloaded fonts, there were several buffer overreads reported by valgrind when interpreting Intellifont glyph descriptions. This adds using the (already existing) length field to bounds check when we interpret the glyph.
author: Chris Liddell <chris.liddell@artifex.com> 2017-05-29 16:19:39 +0100
committer: Chris Liddell <chris.liddell@artifex.com> 2017-06-01 15:05:19 +0100
commit: 5f53dbc3e917d44e92619f831ba06be7944b5471 (patch)
tree: d2bc55d6feb4cacf6dcf68dee28e5957406698c5 /pcl/pl/pllfont.c
parent: fe6ed9f54a02357e01c1f8c517b6af831e5f59ae (diff)
download: ghostpdl-5f53dbc3e917d44e92619f831ba06be7944b5471.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/pcl/pl/pllfont.c b/pcl/pl/pllfont.c
index cd10cd134..ba5baba0b 100644
--- a/pcl/pl/pllfont.c
+++ b/pcl/pl/pllfont.c
@@ -342,7 +342,7 @@ pl_load_ufst_lineprinter(gs_memory_t * mem, pl_dict_t * pfontdict,
                 /* NB this shouldn't happen but it does, should be
                    looked at */
                 if (ucode != 0xffff)
-                    code = pl_font_add_glyph(pplfont, ucode, char_data + 2);
+                    code = pl_font_add_glyph(pplfont, ucode, char_data + 2, ccode_plus_header_plus_data);
 
                 if (code < 0)
                     /* shouldn't happen */
author	Chris Liddell <chris.liddell@artifex.com>	2017-05-29 16:19:39 +0100
committer	Chris Liddell <chris.liddell@artifex.com>	2017-06-01 15:05:19 +0100
commit	5f53dbc3e917d44e92619f831ba06be7944b5471 (patch)
tree	d2bc55d6feb4cacf6dcf68dee28e5957406698c5 /pcl/pl/pllfont.c
parent	fe6ed9f54a02357e01c1f8c517b6af831e5f59ae (diff)
download	ghostpdl-5f53dbc3e917d44e92619f831ba06be7944b5471.tar.gz