dany/pdfio
1
0
Fork 0
mirror of https://github.com/michaelrsweet/pdfio.git synced 2025-04-04 16:06:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add some more range checking to the cmap code.

Browse Source
This commit is contained in:
Michael R Sweet 2025-03-06 14:16:38 -05:00
parent 2f925ccd3c
commit e9debcd169
No known key found for this signature in database
GPG Key ID: BE67C75EC81F3244
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES.md
View File

@ -14,7 +14,7 @@ v1.5.0 - YYYY-MM-DD
- Now support opening damaged PDF files (Issue #45)
- Updated documentation (Issue #95)
- Updated the pdf2txt example to support font encodings.
- Fixed a potential heap overflow in the TrueType font code.
- Fixed potential heap/integer overflow issues in the TrueType cmap code.
v1.4.1 - 2025-01-24

4
ttf.c
View File

@ -1423,7 +1423,7 @@ read_cmap(ttf_t *font) // I - Font
group->startGlyphID = read_ulong(font);
TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, startGlyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->startGlyphID);
if (group->startCharCode > group->endCharCode)
if (group->startCharCode > group->endCharCode || group->startCharCode >= TTF_FONT_MAX_CHAR || group->endCharCode >= TTF_FONT_MAX_CHAR)
{
errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
free(groups);
@ -1514,7 +1514,7 @@ read_cmap(ttf_t *font) // I - Font
group->glyphID = read_ulong(font);
TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, glyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->glyphID);
if (group->startCharCode > group->endCharCode)
if (group->startCharCode > group->endCharCode || group->startCharCode >= TTF_FONT_MAX_CHAR || group->endCharCode >= TTF_FONT_MAX_CHAR)
{
errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
free(groups);