projects / mupdf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: edcf1e0)
ttf: When doing bounds checking for cmap4 size, account for table offset.
authorSebastian Rasmussen <[email protected]>
Sat, 2 Nov 2024 02:10:27 +0000 (03:10 +0100)
committerSebastian Rasmussen <[email protected]>
Fri, 15 Nov 2024 13:14:33 +0000 (14:14 +0100)
source/fitz/subset-ttf.c patch | blob | blame | history

diff --git a/source/fitz/subset-ttf.c b/source/fitz/subset-ttf.c
index b9c461b4949f68ed259ba72c13b351dbd6a1b4ae..1d4d64791b20c6f74305d4721ef4f76d02bb74e0 100644 (file)
--- a/source/fitz/subset-ttf.c
+++ b/source/fitz/subset-ttf.c
@@ -574,7 +574,7 @@ load_enc_tab4(fz_context *ctx, uint8_t *d, size_t data_size, uint32_t offset)
        uint16_t seg_count;
        uint32_t i;
 
-       if (data_size < 26)
+       if (data_size < offset + 26)
                fz_throw(ctx, FZ_ERROR_FORMAT, "cmap4 too small");
 
        seg_count = get16(d+offset+6); /* 2 * seg_count */
MuPDF library