Ben Wagner 09b326fa2b Avoid strtol on non-null-terminated data. ... Technically, `strtol` can only be used with C strings terminated with `\0`. CID data is not generally null-terminated and often does not contain a `\0` if it is hex-encoded. AddressSanitizer with `ASAN_OPTIONS` containing `strict_string_checks=1` verifies this by using an adversarial `strtol` that always reads to the terminating `\0`. To avoid undefined behavior from `strtol` in `cid_parser_new`, use the parser to parse the tokens instead of attempting to parse them ad-hoc. This will internally use `PS_Conv_Strtol` to parse the integer, which respects the parser's limits and directly implements the PostScript parsing rules for integers. * src/cid/cidparse.c (cid_parser_new): Use the parser to parse the tokens. Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329		2023-03-02 20:56:41 +01:00
..
ciderrs.h	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidgload.c	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidgload.h	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidload.c	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidload.h	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidobjs.c	Fix FT_LOCAL and FT_LOCAL_DEF tags.	2023-02-08 21:09:32 +01:00
cidobjs.h	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidparse.c	Avoid strtol on non-null-terminated data.	2023-03-02 20:56:41 +01:00
cidparse.h	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidriver.c	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidriver.h	Update all copyright notices.	2023-01-17 09:18:25 +01:00
cidtoken.h	Update all copyright notices.	2023-01-17 09:18:25 +01:00
module.mk	Update all copyright notices.	2023-01-17 09:18:25 +01:00
rules.mk	Update all copyright notices.	2023-01-17 09:18:25 +01:00
type1cid.c	Update all copyright notices.	2023-01-17 09:18:25 +01:00