Github/emacs
2
0
Fork 1
mirror of git://git.sv.gnu.org/emacs.git synced 2026-06-14 12:31:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

; * src/sfnt.c (sfnt_read_name_table): Avoid 32-bit overflow.

Browse source
This commit is contained in:
Eli Zaretskii 2026-05-02 14:17:14 +03:00
parent 0d0891c1bb
commit d51a472231
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/sfnt.c
View file

@ -5792,6 +5792,10 @@ sfnt_read_name_table (int fd, struct sfnt_offset_subtable *subtable)
if (directory->length < required)
return NULL;
/* Avoid overflow in xmalloc argument below. */
if (directory->length > UINT_MAX - sizeof *name)
return NULL;
/* Allocate enough to hold the name table and variable length
data. */
name = xmalloc (sizeof *name + directory->length);