[Libreoffice-commits] core.git: Branch 'libreoffice-7-0' - vcl/source

Caolán McNamara (via logerrit) Wed, 16 Sep 2020 05:03:46 -0700

 vcl/source/font/fontcharmap.cxx |    4 ++++
 1 file changed, 4 insertions(+)


New commits:
commit 33d63c77c12b949dca9121dd684978d12ae501c1
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Tue Sep 15 16:36:17 2020 +0100
Commit:     Xisco Fauli <xiscofa...@libreoffice.org>
CommitDate: Wed Sep 16 14:02:57 2020 +0200

    ofz#25684 keep ParseCMAP within legal area
    
    Change-Id: Iee18b5a9390b79efa67414ea2d229d2816c84e18
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102756
    Tested-by: Jenkins
    Reviewed-by: Xisco Fauli <xiscofa...@libreoffice.org>

diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx
index 7225f385ad56..9ba392935c60 100644
--- a/vcl/source/font/fontcharmap.cxx
+++ b/vcl/source/font/fontcharmap.cxx
@@ -150,6 +150,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, 
CmapResult& rResult )
             continue;
 
         int nTmpOffset = GetUInt( p+4 );
+
+        if (nTmpOffset + 2 > nLength)
+            continue;
+
         int nTmpFormat = GetUShort( pCmap + nTmpOffset );
         if( nTmpFormat == 12 )                  // 32bit code -> glyph map 
format
             nValue += 3;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] core.git: Branch 'libreoffice-7-0' - vcl/source

Reply via email to