[cid] Avoid strtol on non-null-terminated data.
Technically strtol
can only be used with C strings terminated with
\0
. CID data is not generally null-terminated and often does not
contain a \0
if it is Hex encoded. AddressSanitizer with ASAN_OPTIONS
with strict_string_checks=1 verifies this by using an advisarial
strtol
which will always read to the terminating \0
.
To avoid undefined behavior from strtol
in cid_parser_new
use the
parser to parse the tokens instead of attempting to parse them ad-hoc.
This will internally use PS_Conv_Strtol
to parse the integer, which
respects the parser's limits and directly implements the PostScript
parsing rules for integers.
- src/cid/cidparse.c (cid_parser_new): use the parser to parse the tokens.
Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329