fdo-mirrors/cairo
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/cairo/cairo.git synced 2026-05-06 11:38:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

[cff-subset] check subrs offset is within font data

Browse source
This commit is contained in:
Jonathan Kew 2026-04-12 14:10:25 +00:00
parent d3a35678a2
commit 899e6a89f7
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/cairo-cff-subset.c
View file

@ -930,6 +930,8 @@ cairo_cff_font_read_private_dict (cairo_cff_font_t *font,
if (operand) {
decode_integer (operand, &offset);
p = ptr + offset;
if (unlikely (p < font->data || p > font->data_end))
return CAIRO_INT_STATUS_UNSUPPORTED;
status = cff_index_read (local_sub_index, &p, font->data_end);
if (unlikely (status))
return status;