[cid] Avoid strtol on non-null-terminated data. (!262) · Merge requests · FreeType / FreeType

Ben Wagner requested to merge bungeman/freetype:cid_parse_hex_bytes into master Mar 01, 2023

Technically strtol can only be used with C strings terminated with \0. CID data is not generally null-terminated and often does not contain a \0 if it is Hex encoded. AddressSanitizer with ASAN_OPTIONS with strict_string_checks=1 verifies this by using an advisarial strtol which will always read to the terminating \0.

To avoid undefined behavior from strtol in cid_parser_new use the parser to parse the tokens instead of attempting to parse them ad-hoc. This will internally use PS_Conv_Strtol to parse the integer, which respects the parser's limits and directly implements the PostScript parsing rules for integers.

src/cid/cidparse.c (cid_parser_new): use the parser to parse the tokens.

Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329

Admin message

[cid] Avoid strtol on non-null-terminated data.

Merge request reports