40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From e8fef3b8f84afb1a0ae7a9ae81f43c91ac7b3b79 Mon Sep 17 00:00:00 2001
|
|
From: sun_hai_10 <sunhai10@huawei.com>
|
|
Date: Wed, 14 Jun 2023 15:52:58 +0800
|
|
Subject: [PATCH] fix read memory access
|
|
|
|
---
|
|
src/cairo-cff-subset.c | 2 ++
|
|
src/cairo-type1-subset.c | 2 ++
|
|
2 files changed, 4 insertions(+)
|
|
|
|
diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
|
|
index fce4195..64fc69e 100644
|
|
--- a/src/cairo-cff-subset.c
|
|
+++ b/src/cairo-cff-subset.c
|
|
@@ -1412,6 +1412,8 @@ cairo_cff_font_subset_dict_string(cairo_cff_font_t *font,
|
|
return CAIRO_STATUS_SUCCESS;
|
|
|
|
element = _cairo_array_index (&font->strings_index, sid - NUM_STD_STRINGS);
|
|
+ if (element == NULL)
|
|
+ return CAIRO_STATUS_NO_MEMORY;
|
|
sid = NUM_STD_STRINGS + _cairo_array_num_elements (&font->strings_subset_index);
|
|
status = cff_index_append (&font->strings_subset_index, element->data, element->length);
|
|
if (unlikely (status))
|
|
diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c
|
|
index 068b59e..22182af 100644
|
|
--- a/src/cairo-type1-subset.c
|
|
+++ b/src/cairo-type1-subset.c
|
|
@@ -1229,6 +1229,8 @@ cairo_type1_font_subset_for_each_glyph (cairo_type1_font_subset_t *font,
|
|
|
|
/* Skip binary data and |- or ND token. */
|
|
p = skip_token (charstring + charstring_length, dict_end);
|
|
+ if (p == NULL)
|
|
+ return CAIRO_INT_STATUS_NO_MEMORY;
|
|
while (p < dict_end && _cairo_isspace(*p))
|
|
p++;
|
|
|
|
--
|
|
2.23.0
|
|
|