vcl/source/font/fontcharmap.cxx | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit a014c82522834c972e247a28d8e5f42998ae3c0e
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Sep 15 16:36:17 2020 +0100
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Tue Sep 15 20:06:56 2020 +0200
ofz#25684 keep ParseCMAP within legal area
Change-Id: Iee18b5a9390b79efa67414ea2d229d2816c84e18
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102776
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index 05a800fe1af7..a8a217ac9a5f 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -151,6 +151,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength,
CmapResult& rResult )
continue;
int nTmpOffset = GetUInt( p+4 );
+
+ if (nTmpOffset + 2 > nLength)
+ continue;
+
int nTmpFormat = GetUShort( pCmap + nTmpOffset );
if( nTmpFormat == 12 ) // 32bit code -> glyph map
format
nValue += 3;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
