[Bug 45422] ./tools/sfnt2fon/ sfnt2fon.c shows a heap buffer overflow in fill_fontinfo()
wine-bugs at winehq.org
wine-bugs at winehq.org
Sun Jul 8 21:18:52 CDT 2018
https://bugs.winehq.org/show_bug.cgi?id=45422
--- Comment #1 from Austin English <austinenglish at gmail.com> ---
Also occurs on line 550 according to valgrind:
17:34:39 ==19701== Invalid read of size 1
17:34:39 ==19701== at 0x10A6CF: main (sfnt2fon.c:577)
17:34:39 ==19701== Address 0x4bd758b is 1 bytes after a block of size 2
alloc'd
17:34:39 ==19701== at 0x482D58B: malloc (vg_replace_malloc.c:299)
17:34:39 ==19701== by 0x487DB27: ft_alloc (ftsystem.c:102)
17:34:39 ==19701== by 0x48831E3: ft_mem_qalloc (ftutil.c:76)
17:34:39 ==19701== by 0x4883244: ft_mem_alloc (ftutil.c:55)
17:34:39 ==19701== by 0x488464B: ft_glyphslot_alloc_bitmap (ftobjs.c:355)
17:34:39 ==19701== by 0x48C62CB: tt_sbit_decoder_alloc_bitmap (ttsbit.c:619)
17:34:39 ==19701== by 0x48C62CB: tt_sbit_decoder_load_bitmap (ttsbit.c:1224)
17:34:39 ==19701== by 0x48C62CB: tt_sbit_decoder_load_image (ttsbit.c:1429)
17:34:39 ==19701== by 0x48CB4D5: tt_face_load_sbit_image (ttsbit.c:1599)
17:34:39 ==19701== by 0x489D6E1: load_sbit_image (ttgload.c:2226)
17:34:39 ==19701== by 0x489D6E1: TT_Load_Glyph (ttgload.c:2623)
17:34:39 ==19701== by 0x489D6E1: tt_glyph_load (ttdriver.c:468)
17:34:39 ==19701== by 0x4883DC0: FT_Load_Glyph (ftobjs.c:758)
17:34:39 ==19701== by 0x48845DD: FT_Load_Char (ftobjs.c:887)
17:34:39 ==19701== by 0x10A585: main (sfnt2fon.c:550)
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list