48 lines
2.1 KiB
Diff
48 lines
2.1 KiB
Diff
From bbd106e8f9345296cb5b5a452487bda603d54173 Mon Sep 17 00:00:00 2001
|
|
From: Chris Liddell <chris.liddell@artifex.com>
|
|
Date: Mon, 21 Sep 2020 22:16:34 +0100
|
|
Subject: [PATCH] oss-fuzz 23637: Fix error code confusion
|
|
|
|
Confusion of error codes meant we were allocating space for glyph data,
|
|
but never copying the data into it. Thus the memory sanitizer error.
|
|
---
|
|
psi/zfapi.c | 9 ++++-----
|
|
1 file changed, 4 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/psi/zfapi.c b/psi/zfapi.c
|
|
index aa988ed6e..d38f56498 100644
|
|
--- a/psi/zfapi.c
|
|
+++ b/psi/zfapi.c
|
|
@@ -2118,15 +2118,14 @@ FAPI_FF_get_glyph(gs_fapi_font *ff, gs_glyph char_code, byte *buf, int buf_lengt
|
|
}
|
|
else {
|
|
ulong noffs, endoffs;
|
|
- int code;
|
|
/* If we haven't got a len_glyphs array, try using the offset of the next glyph offset
|
|
* to work out the length
|
|
*/
|
|
error = sfnt_get_glyph_offset(pdr, pfont42, char_code + 1, &noffs);
|
|
if (error == 0) {
|
|
glyph_length = noffs - offset0;
|
|
- code = sfnt_get_sfnt_length(pdr, &endoffs);
|
|
- if (code < 0) {
|
|
+ error = sfnt_get_sfnt_length(pdr, &endoffs);
|
|
+ if (error < 0) {
|
|
glyph_length = gs_fapi_glyph_invalid_index;
|
|
}
|
|
else {
|
|
@@ -2139,8 +2138,8 @@ FAPI_FF_get_glyph(gs_fapi_font *ff, gs_glyph char_code, byte *buf, int buf_lengt
|
|
/* And if we can't get the next glyph offset, use the end of the sfnt data
|
|
* to work out the length.
|
|
*/
|
|
- code = sfnt_get_sfnt_length(pdr, &noffs);
|
|
- if (code < 0) {
|
|
+ error = sfnt_get_sfnt_length(pdr, &noffs);
|
|
+ if (error < 0) {
|
|
glyph_length = gs_fapi_glyph_invalid_index;
|
|
}
|
|
else {
|
|
--
|
|
2.27.0
|
|
|