diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2020-09-15 16:36:17 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2020-09-15 20:06:56 +0200 |
| commit | a014c82522834c972e247a28d8e5f42998ae3c0e (patch) | |
| tree | 1aee0a94c2980438294be2b10a3b94463c4953dd /vcl | |
| parent | 3fc713a8e53d7882089ec4b9240bf78bb99f8275 (diff) | |
ofz#25684 keep ParseCMAP within legal area
Change-Id: Iee18b5a9390b79efa67414ea2d229d2816c84e18
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/102776
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'vcl')
| -rw-r--r-- | vcl/source/font/fontcharmap.cxx | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/vcl/source/font/fontcharmap.cxx b/vcl/source/font/fontcharmap.cxx index 05a800fe1af7..a8a217ac9a5f 100644 --- a/vcl/source/font/fontcharmap.cxx +++ b/vcl/source/font/fontcharmap.cxx @@ -151,6 +151,10 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) continue; int nTmpOffset = GetUInt( p+4 ); + + if (nTmpOffset + 2 > nLength) + continue; + int nTmpFormat = GetUShort( pCmap + nTmpOffset ); if( nTmpFormat == 12 ) // 32bit code -> glyph map format nValue += 3; |