You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pdfbox.apache.org by ti...@apache.org on 2018/03/05 17:18:23 UTC

svn commit: r1825918 - /pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/GlyfSimpleDescript.java

Author: tilman
Date: Mon Mar  5 17:18:23 2018
New Revision: 1825918

URL: http://svn.apache.org/viewvc?rev=1825918&view=rev
Log:
PDFBOX-4140: avoid IOOB when repeating flag is outside of range, as suggested by Daniel Persson

Modified:
    pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/GlyfSimpleDescript.java

Modified: pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/GlyfSimpleDescript.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/GlyfSimpleDescript.java?rev=1825918&r1=1825917&r2=1825918&view=diff
==============================================================================
--- pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/GlyfSimpleDescript.java (original)
+++ pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/ttf/GlyfSimpleDescript.java Mon Mar  5 17:18:23 2018
@@ -205,7 +205,7 @@ public class GlyfSimpleDescript extends
             if ((flags[index] & REPEAT) != 0)
             {
                 int repeats = bais.readUnsignedByte();
-                for (int i = 1; i <= repeats; i++)
+                for (int i = 1; i <= repeats && index + i < flags.length; i++)
                 {
                     flags[index + i] = flags[index];
                 }