[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substit
From: |
Daniel Kiper |
Subject: |
Re: [PATCH v3 1/1] mkfont: Fix tainted loop boundary issues with substitutions |
Date: |
Thu, 7 Jul 2022 20:58:14 +0200 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Thu, Jul 07, 2022 at 03:34:38PM +0000, Darren Kenny wrote:
> With gsub substitutions the offsets should be validated against the
> the number of glyphs in a font face and the memory allocated for the gsub
> substitution data.
>
> Both the number of glyphs and the last address in the allocated data are
> passed in to process_cursive(), where the number of glyphs validates the end
> of the range.
>
> Enabling memory allocation validation uses two macros, one to simply check the
> address against the allocated space, and the other to check that the number of
> items of a given size doesn't extend outside of the allocated space.
>
> Fixes: CID 73770
> Fixes: CID 314040
>
> Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Daniel