Fix for CVE-2008-0006 - PCF Font parser buffer overflow.
This commit is contained in:
parent
8b14f7b742
commit
f09b8007e7
@ -325,6 +325,13 @@ doOpenFont(ClientPtr client, OFclosurePtr c)
|
|||||||
err = BadFontName;
|
err = BadFontName;
|
||||||
goto bail;
|
goto bail;
|
||||||
}
|
}
|
||||||
|
/* check values for firstCol, lastCol, firstRow, and lastRow */
|
||||||
|
if (pfont->info.firstCol > pfont->info.lastCol ||
|
||||||
|
pfont->info.firstRow > pfont->info.lastRow ||
|
||||||
|
pfont->info.lastCol - pfont->info.firstCol > 255) {
|
||||||
|
err = AllocError;
|
||||||
|
goto bail;
|
||||||
|
}
|
||||||
if (!pfont->fpe)
|
if (!pfont->fpe)
|
||||||
pfont->fpe = fpe;
|
pfont->fpe = fpe;
|
||||||
pfont->refcnt++;
|
pfont->refcnt++;
|
||||||
|
Loading…
Reference in New Issue
Block a user