Commit c758fc98 authored by Albert Astals Cid's avatar Albert Astals Cid

FoFiType1::parse: Fix invalid memory access

Make sure there's enough line left before calling strncmp

fixes oss-fuzz/8425
parent 07318f38
......@@ -226,7 +226,9 @@ void FoFiType1::parse() {
++i) {
// get font name
if (!name && !strncmp(line, "/FontName", 9)) {
if (!name &&
(line + 9 <= (char*)file + len) &&
!strncmp(line, "/FontName", 9)) {
strncpy(buf, line, 255);
buf[255] = '\0';
if ((p = strchr(buf+9, '/')) &&
......@@ -237,9 +239,11 @@ void FoFiType1::parse() {
// get encoding
} else if (!encoding &&
(line + 30 <= (char*)file + len) &&
!strncmp(line, "/Encoding StandardEncoding def", 30)) {
encoding = (char **)fofiType1StandardEncoding;
} else if (!encoding &&
(line + 19 <= (char*)file + len) &&
!strncmp(line, "/Encoding 256 array", 19)) {
encoding = (char **)gmallocn(256, sizeof(char *));
for (j = 0; j < 256; ++j) {
......@@ -331,7 +335,9 @@ void FoFiType1::parse() {
}
//~ check for getinterval/putinterval junk
} else if (!gotMatrix && !strncmp(line, "/FontMatrix", 11)) {
} else if (!gotMatrix &&
(line + 11 <= (char*)file + len) &&
!strncmp(line, "/FontMatrix", 11)) {
strncpy(buf, line + 11, 255);
buf[255] = '\0';
if ((p = strchr(buf, '['))) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment