diff options
author | Peter Harris <pharris@opentext.com> | 2021-03-25 15:56:31 -0400 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2022-08-11 15:02:21 -0700 |
commit | efb287223612e9225e5089bed76e348c236b15f0 (patch) | |
tree | 33acf8a523b27c17d2d262ce6042f8b30684b9d2 /src | |
parent | 3c8fdf6e35bed077a5614b4094770e668c96b9e9 (diff) |
Fix buffer overrun in FontFileMakeDir on WIN32
When dirName is "" (eg. when called by BuiltinReadDirectory),
FontFileMakeDir would read after the string when WIN32 is defined.
Fix the overrun issue by checking the location of the found :
before adding two.
Signed-off-by: Peter Harris <pharris@opentext.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/fontfile/fontdir.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c index c63a245..a9bf667 100644 --- a/src/fontfile/fontdir.c +++ b/src/fontfile/fontdir.c @@ -112,11 +112,12 @@ FontFileMakeDir(const char *dirName, int size) const char *attrib; int attriblen; -#if !defined(WIN32) attrib = strchr(dirName, ':'); -#else - /* WIN32 uses the colon in the drive letter descriptor, skip this */ - attrib = strchr(dirName+2, ':'); +#if defined(WIN32) + if (attrib && attrib - dirName == 1) { + /* WIN32 uses the colon in the drive letter descriptor, skip this */ + attrib = strchr(dirName + 2, ':'); + } #endif if (attrib) { dirlen = attrib - dirName; |