Commit bad92be9 authored by Ben Wagner's avatar Ben Wagner
Browse files

[bdf] Fix use of uninitialized value.

In _bdf_readstream if the data contained no newline then the buffer
would continue to grow and uninitialized data read until either the
uninitialized data contained a newline or the buffer reached its
maxiumum size. The assumption was that the line was always too long and
the buffer had been filled, however this case can also happen when there
is not enough data to fill the buffer.

Correct this by properly setting the cursor to the end of the available
data, which may be different from the end of the buffer. This may still
result in one extra allocation, but only on malformed fonts.

* src/bdf/bdflib.c (_bfd_readstream): Correctly update cursor. Remove
unread set of `avail`.

Bug: https://lists.nongnu.org/archive/html/freetype-devel/2021-12/msg00001.html
parent 012b00f3
Pipeline #463915 passed with stage
in 9 minutes and 59 seconds
......@@ -613,7 +613,7 @@
if ( FT_QREALLOC( buf, buf_size, new_size ) )
goto Exit;
cursor = (ptrdiff_t)buf_size;
cursor = avail;
buf_size = new_size;
}
else
......@@ -623,7 +623,6 @@
FT_MEM_MOVE( buf, buf + start, bytes );
cursor = bytes;
avail -= bytes;
start = 0;
}
refill = 1;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment