mirror of
https://github.com/michaelrsweet/pdfio.git
synced 2024-12-27 05:48:20 +01:00
Merge commit from fork
Add range checking to TTF loader.
This commit is contained in:
commit
e4e1c39578
@ -2,6 +2,13 @@ Changes in PDFio
|
|||||||
================
|
================
|
||||||
|
|
||||||
|
|
||||||
|
v1.3.1 (August DD, 2024)
|
||||||
|
------------------------
|
||||||
|
|
||||||
|
- CVE 2024-42358: Updated TrueType font reader to avoid large memory
|
||||||
|
allocations.
|
||||||
|
|
||||||
|
|
||||||
v1.3.0 (June 28, 2024)
|
v1.3.0 (June 28, 2024)
|
||||||
----------------------
|
----------------------
|
||||||
|
|
||||||
|
24
configure
vendored
24
configure
vendored
@ -1,6 +1,6 @@
|
|||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
# Guess values for system-dependent variables and create Makefiles.
|
# Guess values for system-dependent variables and create Makefiles.
|
||||||
# Generated by GNU Autoconf 2.71 for pdfio 1.3.0.
|
# Generated by GNU Autoconf 2.71 for pdfio 1.3.1.
|
||||||
#
|
#
|
||||||
# Report bugs to <https://github.com/michaelrsweet/pdfio/issues>.
|
# Report bugs to <https://github.com/michaelrsweet/pdfio/issues>.
|
||||||
#
|
#
|
||||||
@ -610,8 +610,8 @@ MAKEFLAGS=
|
|||||||
# Identity of this package.
|
# Identity of this package.
|
||||||
PACKAGE_NAME='pdfio'
|
PACKAGE_NAME='pdfio'
|
||||||
PACKAGE_TARNAME='pdfio'
|
PACKAGE_TARNAME='pdfio'
|
||||||
PACKAGE_VERSION='1.3.0'
|
PACKAGE_VERSION='1.3.1'
|
||||||
PACKAGE_STRING='pdfio 1.3.0'
|
PACKAGE_STRING='pdfio 1.3.1'
|
||||||
PACKAGE_BUGREPORT='https://github.com/michaelrsweet/pdfio/issues'
|
PACKAGE_BUGREPORT='https://github.com/michaelrsweet/pdfio/issues'
|
||||||
PACKAGE_URL='https://www.msweet.org/pdfio'
|
PACKAGE_URL='https://www.msweet.org/pdfio'
|
||||||
|
|
||||||
@ -1293,7 +1293,7 @@ if test "$ac_init_help" = "long"; then
|
|||||||
# Omit some internal or obsolete options to make the list less imposing.
|
# Omit some internal or obsolete options to make the list less imposing.
|
||||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||||
cat <<_ACEOF
|
cat <<_ACEOF
|
||||||
\`configure' configures pdfio 1.3.0 to adapt to many kinds of systems.
|
\`configure' configures pdfio 1.3.1 to adapt to many kinds of systems.
|
||||||
|
|
||||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||||
|
|
||||||
@ -1359,7 +1359,7 @@ fi
|
|||||||
|
|
||||||
if test -n "$ac_init_help"; then
|
if test -n "$ac_init_help"; then
|
||||||
case $ac_init_help in
|
case $ac_init_help in
|
||||||
short | recursive ) echo "Configuration of pdfio 1.3.0:";;
|
short | recursive ) echo "Configuration of pdfio 1.3.1:";;
|
||||||
esac
|
esac
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
|
|
||||||
@ -1456,7 +1456,7 @@ fi
|
|||||||
test -n "$ac_init_help" && exit $ac_status
|
test -n "$ac_init_help" && exit $ac_status
|
||||||
if $ac_init_version; then
|
if $ac_init_version; then
|
||||||
cat <<\_ACEOF
|
cat <<\_ACEOF
|
||||||
pdfio configure 1.3.0
|
pdfio configure 1.3.1
|
||||||
generated by GNU Autoconf 2.71
|
generated by GNU Autoconf 2.71
|
||||||
|
|
||||||
Copyright (C) 2021 Free Software Foundation, Inc.
|
Copyright (C) 2021 Free Software Foundation, Inc.
|
||||||
@ -1612,7 +1612,7 @@ cat >config.log <<_ACEOF
|
|||||||
This file contains any messages produced by compilers while
|
This file contains any messages produced by compilers while
|
||||||
running configure, to aid debugging if configure makes a mistake.
|
running configure, to aid debugging if configure makes a mistake.
|
||||||
|
|
||||||
It was created by pdfio $as_me 1.3.0, which was
|
It was created by pdfio $as_me 1.3.1, which was
|
||||||
generated by GNU Autoconf 2.71. Invocation command line was
|
generated by GNU Autoconf 2.71. Invocation command line was
|
||||||
|
|
||||||
$ $0$ac_configure_args_raw
|
$ $0$ac_configure_args_raw
|
||||||
@ -2368,9 +2368,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
PDFIO_VERSION="1.3.0"
|
PDFIO_VERSION="1.3.1"
|
||||||
PDFIO_VERSION_MAJOR="`echo 1.3.0 | awk -F. '{print $1}'`"
|
PDFIO_VERSION_MAJOR="`echo 1.3.1 | awk -F. '{print $1}'`"
|
||||||
PDFIO_VERSION_MINOR="`echo 1.3.0 | awk -F. '{printf("%d\n",$2);}'`"
|
PDFIO_VERSION_MINOR="`echo 1.3.1 | awk -F. '{printf("%d\n",$2);}'`"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -4935,7 +4935,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||||||
# report actual input values of CONFIG_FILES etc. instead of their
|
# report actual input values of CONFIG_FILES etc. instead of their
|
||||||
# values after options handling.
|
# values after options handling.
|
||||||
ac_log="
|
ac_log="
|
||||||
This file was extended by pdfio $as_me 1.3.0, which was
|
This file was extended by pdfio $as_me 1.3.1, which was
|
||||||
generated by GNU Autoconf 2.71. Invocation command line was
|
generated by GNU Autoconf 2.71. Invocation command line was
|
||||||
|
|
||||||
CONFIG_FILES = $CONFIG_FILES
|
CONFIG_FILES = $CONFIG_FILES
|
||||||
@ -4991,7 +4991,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
|
|||||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||||
ac_cs_config='$ac_cs_config_escaped'
|
ac_cs_config='$ac_cs_config_escaped'
|
||||||
ac_cs_version="\\
|
ac_cs_version="\\
|
||||||
pdfio config.status 1.3.0
|
pdfio config.status 1.3.1
|
||||||
configured by $0, generated by GNU Autoconf 2.71,
|
configured by $0, generated by GNU Autoconf 2.71,
|
||||||
with options \\"\$ac_cs_config\\"
|
with options \\"\$ac_cs_config\\"
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ AC_PREREQ([2.70])
|
|||||||
|
|
||||||
|
|
||||||
dnl Package name and version...
|
dnl Package name and version...
|
||||||
AC_INIT([pdfio], [1.3.0], [https://github.com/michaelrsweet/pdfio/issues], [pdfio], [https://www.msweet.org/pdfio])
|
AC_INIT([pdfio], [1.3.1], [https://github.com/michaelrsweet/pdfio/issues], [pdfio], [https://www.msweet.org/pdfio])
|
||||||
|
|
||||||
PDFIO_VERSION="AC_PACKAGE_VERSION"
|
PDFIO_VERSION="AC_PACKAGE_VERSION"
|
||||||
PDFIO_VERSION_MAJOR="`echo AC_PACKAGE_VERSION | awk -F. '{print $1}'`"
|
PDFIO_VERSION_MAJOR="`echo AC_PACKAGE_VERSION | awk -F. '{print $1}'`"
|
||||||
|
2
pdfio.h
2
pdfio.h
@ -23,7 +23,7 @@ extern "C" {
|
|||||||
// Version number...
|
// Version number...
|
||||||
//
|
//
|
||||||
|
|
||||||
# define PDFIO_VERSION "1.3.0"
|
# define PDFIO_VERSION "1.3.1"
|
||||||
|
|
||||||
|
|
||||||
//
|
//
|
||||||
|
37
ttf.c
37
ttf.c
@ -3,7 +3,7 @@
|
|||||||
//
|
//
|
||||||
// https://github.com/michaelrsweet/ttf
|
// https://github.com/michaelrsweet/ttf
|
||||||
//
|
//
|
||||||
// Copyright © 2018-2023 by Michael R Sweet.
|
// Copyright © 2018-2024 by Michael R Sweet.
|
||||||
//
|
//
|
||||||
// Licensed under Apache License v2.0. See the file "LICENSE" for more
|
// Licensed under Apache License v2.0. See the file "LICENSE" for more
|
||||||
// information.
|
// information.
|
||||||
@ -99,7 +99,7 @@ typedef __int64 ssize_t; // POSIX type not present on Windows...
|
|||||||
//
|
//
|
||||||
|
|
||||||
#define TTF_FONT_MAX_CHAR 262144 // Maximum number of character values
|
#define TTF_FONT_MAX_CHAR 262144 // Maximum number of character values
|
||||||
|
#define TTF_FONT_MAX_GROUPS 65536 // Maximum number of sub-groups
|
||||||
|
|
||||||
//
|
//
|
||||||
// TTF/OFF tag constants...
|
// TTF/OFF tag constants...
|
||||||
@ -1285,6 +1285,13 @@ read_cmap(ttf_t *font) // I - Font
|
|||||||
// segCount --; // Last segment is not used (sigh)
|
// segCount --; // Last segment is not used (sigh)
|
||||||
|
|
||||||
font->num_cmap = segments[segCount - 1].endCode + 1;
|
font->num_cmap = segments[segCount - 1].endCode + 1;
|
||||||
|
|
||||||
|
if (font->num_cmap > TTF_FONT_MAX_CHAR)
|
||||||
|
{
|
||||||
|
errorf(font, "Invalid cmap table with %u characters.", (unsigned)font->num_cmap);
|
||||||
|
return (false);
|
||||||
|
}
|
||||||
|
|
||||||
font->cmap = cmapptr = (int *)malloc(font->num_cmap * sizeof(int));
|
font->cmap = cmapptr = (int *)malloc(font->num_cmap * sizeof(int));
|
||||||
|
|
||||||
if (!font->cmap)
|
if (!font->cmap)
|
||||||
@ -1356,6 +1363,12 @@ read_cmap(ttf_t *font) // I - Font
|
|||||||
|
|
||||||
TTF_DEBUG("read_cmap: nGroups=%u\n", nGroups);
|
TTF_DEBUG("read_cmap: nGroups=%u\n", nGroups);
|
||||||
|
|
||||||
|
if (nGroups > TTF_FONT_MAX_GROUPS)
|
||||||
|
{
|
||||||
|
errorf(font, "Invalid cmap table with %u groups.", nGroups);
|
||||||
|
return (false);
|
||||||
|
}
|
||||||
|
|
||||||
if ((groups = (_ttf_off_cmap12_t *)calloc(nGroups, sizeof(_ttf_off_cmap12_t))) == NULL)
|
if ((groups = (_ttf_off_cmap12_t *)calloc(nGroups, sizeof(_ttf_off_cmap12_t))) == NULL)
|
||||||
{
|
{
|
||||||
errorf(font, "Unable to allocate memory for cmap.");
|
errorf(font, "Unable to allocate memory for cmap.");
|
||||||
@ -1376,6 +1389,13 @@ read_cmap(ttf_t *font) // I - Font
|
|||||||
// Based on the end code of the segent table, allocate space for the
|
// Based on the end code of the segent table, allocate space for the
|
||||||
// uncompressed cmap table...
|
// uncompressed cmap table...
|
||||||
TTF_DEBUG("read_cmap: num_cmap=%u\n", (unsigned)font->num_cmap);
|
TTF_DEBUG("read_cmap: num_cmap=%u\n", (unsigned)font->num_cmap);
|
||||||
|
|
||||||
|
if (font->num_cmap > TTF_FONT_MAX_CHAR)
|
||||||
|
{
|
||||||
|
errorf(font, "Invalid cmap table with %u characters.", (unsigned)font->num_cmap);
|
||||||
|
return (false);
|
||||||
|
}
|
||||||
|
|
||||||
font->cmap = cmapptr = (int *)malloc(font->num_cmap * sizeof(int));
|
font->cmap = cmapptr = (int *)malloc(font->num_cmap * sizeof(int));
|
||||||
|
|
||||||
if (!font->cmap)
|
if (!font->cmap)
|
||||||
@ -1426,6 +1446,12 @@ read_cmap(ttf_t *font) // I - Font
|
|||||||
|
|
||||||
TTF_DEBUG("read_cmap: nGroups=%u\n", nGroups);
|
TTF_DEBUG("read_cmap: nGroups=%u\n", nGroups);
|
||||||
|
|
||||||
|
if (nGroups > TTF_FONT_MAX_GROUPS)
|
||||||
|
{
|
||||||
|
errorf(font, "Invalid cmap table with %u groups.", nGroups);
|
||||||
|
return (false);
|
||||||
|
}
|
||||||
|
|
||||||
if ((groups = (_ttf_off_cmap13_t *)calloc(nGroups, sizeof(_ttf_off_cmap13_t))) == NULL)
|
if ((groups = (_ttf_off_cmap13_t *)calloc(nGroups, sizeof(_ttf_off_cmap13_t))) == NULL)
|
||||||
{
|
{
|
||||||
errorf(font, "Unable to allocate memory for cmap.");
|
errorf(font, "Unable to allocate memory for cmap.");
|
||||||
@ -1446,6 +1472,13 @@ read_cmap(ttf_t *font) // I - Font
|
|||||||
// Based on the end code of the segent table, allocate space for the
|
// Based on the end code of the segent table, allocate space for the
|
||||||
// uncompressed cmap table...
|
// uncompressed cmap table...
|
||||||
TTF_DEBUG("read_cmap: num_cmap=%u\n", (unsigned)font->num_cmap);
|
TTF_DEBUG("read_cmap: num_cmap=%u\n", (unsigned)font->num_cmap);
|
||||||
|
|
||||||
|
if (font->num_cmap > TTF_FONT_MAX_CHAR)
|
||||||
|
{
|
||||||
|
errorf(font, "Invalid cmap table with %u characters.", (unsigned)font->num_cmap);
|
||||||
|
return (false);
|
||||||
|
}
|
||||||
|
|
||||||
font->cmap = cmapptr = (int *)malloc(font->num_cmap * sizeof(int));
|
font->cmap = cmapptr = (int *)malloc(font->num_cmap * sizeof(int));
|
||||||
|
|
||||||
if (!font->cmap)
|
if (!font->cmap)
|
||||||
|
Loading…
Reference in New Issue
Block a user