summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPeter Harris <pharris@opentext.com>2021-03-25 15:56:31 -0400
committerAlan Coopersmith <alan.coopersmith@oracle.com>2022-08-11 15:02:21 -0700
commitefb287223612e9225e5089bed76e348c236b15f0 (patch)
tree33acf8a523b27c17d2d262ce6042f8b30684b9d2 /src
parent3c8fdf6e35bed077a5614b4094770e668c96b9e9 (diff)
Fix buffer overrun in FontFileMakeDir on WIN32
When dirName is "" (eg. when called by BuiltinReadDirectory), FontFileMakeDir would read after the string when WIN32 is defined. Fix the overrun issue by checking the location of the found : before adding two. Signed-off-by: Peter Harris <pharris@opentext.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'src')
-rw-r--r--src/fontfile/fontdir.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c
index c63a245..a9bf667 100644
--- a/src/fontfile/fontdir.c
+++ b/src/fontfile/fontdir.c
@@ -112,11 +112,12 @@ FontFileMakeDir(const char *dirName, int size)
const char *attrib;
int attriblen;
-#if !defined(WIN32)
attrib = strchr(dirName, ':');
-#else
- /* WIN32 uses the colon in the drive letter descriptor, skip this */
- attrib = strchr(dirName+2, ':');
+#if defined(WIN32)
+ if (attrib && attrib - dirName == 1) {
+ /* WIN32 uses the colon in the drive letter descriptor, skip this */
+ attrib = strchr(dirName + 2, ':');
+ }
#endif
if (attrib) {
dirlen = attrib - dirName;