Fix for CVE-2008-0006 - PCF Font parser buffer overflow.
(cherry picked from commit f09b8007e7
)
This commit is contained in:
parent
0dbe1a0902
commit
73abb373e6
|
@ -329,6 +329,13 @@ doOpenFont(ClientPtr client, OFclosurePtr c)
|
|||
err = BadFontName;
|
||||
goto bail;
|
||||
}
|
||||
/* check values for firstCol, lastCol, firstRow, and lastRow */
|
||||
if (pfont->info.firstCol > pfont->info.lastCol ||
|
||||
pfont->info.firstRow > pfont->info.lastRow ||
|
||||
pfont->info.lastCol - pfont->info.firstCol > 255) {
|
||||
err = AllocError;
|
||||
goto bail;
|
||||
}
|
||||
if (!pfont->fpe)
|
||||
pfont->fpe = fpe;
|
||||
pfont->refcnt++;
|
||||
|
|
Loading…
Reference in New Issue
Block a user