[cairo-commit] 2 commits - src/cairo-cff-subset.c

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Tue Jul 20 22:41:44 UTC 2021 

 src/cairo-cff-subset.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

New commits:
commit 82f5570ad549b458973f410f3bf21299c2ccb60c
Merge: 06f405c77 b6c89810f
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Tue Jul 20 22:41:43 2021 +0000

    Merge branch 'issue-413' into 'master'
    
    cff: Check subroutine number is valid before using as an array index
    
    Closes #413
    
    See merge request cairo/cairo!202

commit b6c89810f20599dcd9fce2505a9c2f22a95761a7
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Tue Jul 20 21:44:24 2021 +0930

    cff: Check subroutine number is valid before using as an array index
    
    Fixes #413

diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
index be37724b4..62340e2a8 100644
--- a/src/cairo-cff-subset.c
+++ b/src/cairo-cff-subset.c
@@ -1598,14 +1598,16 @@ cairo_cff_parse_charstring (cairo_cff_font_t *font,
 
             if (font->is_cid) {
                 fd = font->fdselect[glyph_id];
-                sub_num = font->type2_stack_top_value + font->fd_local_sub_bias[fd];
+		sub_num = font->type2_stack_top_value + font->fd_local_sub_bias[fd];
+		if (sub_num >= _cairo_array_num_elements(&font->fd_local_sub_index[fd]))
+		    return CAIRO_INT_STATUS_UNSUPPORTED;
                 element = _cairo_array_index (&font->fd_local_sub_index[fd], sub_num);
                 if (! font->fd_local_subs_used[fd][sub_num]) {
 		    font->fd_local_subs_used[fd][sub_num] = TRUE;
 		    cairo_cff_parse_charstring (font, element->data, element->length, glyph_id, need_width);
 		}
             } else {
-                sub_num = font->type2_stack_top_value + font->local_sub_bias;
+		sub_num = font->type2_stack_top_value + font->local_sub_bias;
 		if (sub_num >= _cairo_array_num_elements(&font->local_sub_index))
 		    return CAIRO_INT_STATUS_UNSUPPORTED;
                 element = _cairo_array_index (&font->local_sub_index, sub_num);
@@ -1632,6 +1634,8 @@ cairo_cff_parse_charstring (cairo_cff_font_t *font,
 		font->type2_seen_first_int = FALSE;
 
 	    sub_num = font->type2_stack_top_value + font->global_sub_bias;
+	    if (sub_num >= _cairo_array_num_elements(&font->global_sub_index))
+		return CAIRO_INT_STATUS_UNSUPPORTED;
 	    element = _cairo_array_index (&font->global_sub_index, sub_num);
             if (! font->global_subs_used[sub_num] ||
 		(need_width && !font->type2_found_width))

More information about the cairo-commit mailing list