Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork7.9k
Commit0067441
committed
Always NUL-terminate TrueType font table buffer.
This fixes some possible heap buffer overflows, such as the followingtriggered by our cmmi10.ttf:```ERROR: AddressSanitizer: heap-buffer-overflow on address 0x617000235709 at pc 0x7f95efd3c48a bp 0x7ffe41b6ecc0 sp 0x7ffe41b6ecb0READ of size 1 at 0x617000235709 thread T0 #0 0x7f95efd3c489 in utf16be_to_ascii extern/ttconv/pprdrv_tt.cpp:178#1 0x7f95efd3c489 in Read_name(TTFONT*) extern/ttconv/pprdrv_tt.cpp:339#2 0x7f95efd499ef in read_font(...) extern/ttconv/pprdrv_tt.cpp:1325#3 0x7f95efd4c602 in get_pdf_charprocs(...) extern/ttconv/pprdrv_tt.cpp:1420#4 0x7f95efd35c22 in py_get_pdf_charprocs src/_ttconv.cpp:2170x617000235709 is located 1 bytes to the right of 648-byte region [0x617000235480,0x617000235708)allocated by thread T0 here: #0 0x7f9612262a38 in __interceptor_calloc (/usr/lib64/libasan.so.4+0xdea38)#1 0x7f95efd3b261 in GetTable(TTFONT*, char const*) extern/ttconv/pprdrv_tt.cpp:140```1 parent3520374 commit0067441
1 file changed
+4
-1
lines changedLines changed: 4 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
137 | 137 | | |
138 | 138 | | |
139 | 139 | | |
140 | | - | |
| 140 | + | |
141 | 141 | | |
142 | 142 | | |
143 | 143 | | |
| |||
160 | 160 | | |
161 | 161 | | |
162 | 162 | | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
163 | 166 | | |
164 | 167 | | |
165 | 168 | | |
| |||
0 commit comments
Comments
(0)