Fix use of uninitialized memory.

* src/psaux/psintrp.c (cf2_interpT2CharString): The call to `cf2_arrstack_setCount' may fail because the allocator ran out of memory. When this happens the stack is still written to before the error condition is checked. This means that FreeType writes outside of allocated memory. This commit moves the error check prior to the stack assignment, hence the function now properly returns with an error condition.
2019-03-05 17:25:19 +08:00 · 2019-03-05 17:25:19 +08:00 · 6a4718a3a0
commit 6a4718a3a0
parent 6d65c60fca
2 changed files with 15 additions and 3 deletions
--- a/12
+++ b/12
@ -1,3 +1,15 @@
+2019-03-05  Sebastian Rasmussen  <sebras@gmail.com>
+
+	[psaux] Fix use of uninitialized memory.
+
+	* src/psaux/psintrp.c (cf2_interpT2CharString): The call to
+	`cf2_arrstack_setCount' may fail because the allocator ran out of
+	memory.  When this happens the stack is still written to before the
+	error condition is checked.  This means that FreeType writes outside
+	of allocated memory.  This commit moves the error check prior to the
+	stack assignment, hence the function now properly returns with an
+	error condition.
+
 2019-02-23  Werner Lemberg  <wl@gnu.org>

 	* src/base/ftbitmap.c (FT_Bitmap_Blend): No fractional offsets.
--- a/src/psaux/psintrp.c
+++ b/src/psaux/psintrp.c
@ -612,14 +612,14 @@
    cf2_arrstack_setCount( &subrStack, CF2_MAX_SUBR + 1 );

    charstring  = (CF2_Buffer)cf2_arrstack_getBuffer( &subrStack );
-    *charstring = *buf;    /* structure copy */
-
-    charstringIndex = 0;       /* entry is valid now */

    /* catch errors so far */
    if ( *error )
      goto exit;

+    *charstring     = *buf;    /* structure copy     */
+    charstringIndex = 0;       /* entry is valid now */
+
    /* main interpreter loop */
    while ( 1 )
    {