Bug 96676 - Check range of FcWeightFromOpenType argument

Fix a crash issue when FcWeightFromOpenType() gets a number more than it expects.
2016-07-08 14:16:49 +09:00 · 2016-07-08 14:16:49 +09:00 · 99645ff9ee
parent a34db434c6
commit 99645ff9ee
3 changed files with 37 additions and 0 deletions
--- a/src/fcweight.c
+++ b/src/fcweight.c
@ -75,6 +75,7 @@ FcWeightFromOpenType (int ot_weight)
 		case 9: ot_weight = 900; break;
 	    }
 	}
+	ot_weight = FC_MIN (ot_weight, map[(sizeof (map) / sizeof (map[0])) - 1].ot);

 	for (i = 1; ot_weight > map[i].ot; i++)
 	  ;
--- a/test/Makefile.am
+++ b/test/Makefile.am
@ -38,6 +38,10 @@ check_PROGRAMS += test-migration
 test_migration_LDADD = $(top_builddir)/src/libfontconfig.la
 endif

+check_PROGRAMS += test-bz96676
+test_bz96676_LDADD = $(top_builddir)/src/libfontconfig.la
+TESTS += test-bz96676
+
 EXTRA_DIST=$(check_SCRIPTS) $(TESTDATA)

 CLEANFILES=
--- a/test/test-bz96676.c
+++ b/test/test-bz96676.c
@ -0,0 +1,32 @@
+/*
+ * fontconfig/test/test-bz96676.c
+ *
+ * Copyright © 2000 Keith Packard
+ * Copyright © 2016 Akira TAGOH
+ *
+ * Permission to use, copy, modify, distribute, and sell this software and its
+ * documentation for any purpose is hereby granted without fee, provided that
+ * the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of the author(s) not be used in
+ * advertising or publicity pertaining to distribution of the software without
+ * specific, written prior permission.  The authors make no
+ * representations about the suitability of this software for any purpose.  It
+ * is provided "as is" without express or implied warranty.
+ *
+ * THE AUTHOR(S) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
+ * DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+ * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <fontconfig/fontconfig.h>
+#include <limits.h>
+
+int
+main (int argc, char **argv)
+{
+    return FcWeightFromOpenType (INT_MAX) != FC_WEIGHT_EXTRABLACK;
+}