]> www.fi.muni.cz Git - evince.git/blobdiff - backend/dvi/mdvi-lib/tfmfile.c
https://www.fi.muni.cz/~kas/git / evince.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
backends: Fix several security issues in the dvi-backend.
[evince.git] / backend / dvi / mdvi-lib / tfmfile.c
diff --git a/backend/dvi/mdvi-lib/tfmfile.c b/backend/dvi/mdvi-lib/tfmfile.c
index 73ebf26a91a9eba0d6e42277484e2e399612517b..8c2a30b26009aacc82601fa6e679572240e02085 100644 (file)
--- a/backend/dvi/mdvi-lib/tfmfile.c
+++ b/backend/dvi/mdvi-lib/tfmfile.c
@@ -172,7 +172,8 @@ int tfm_load_file(const char *filename, TFMInfo *info)
        /* We read the entire TFM file into core */
        if(fstat(fileno(in), &st) < 0)
                return -1;
-       if(st.st_size == 0)
+       /* according to the spec, TFM files are smaller than 16K */
+       if(st.st_size == 0 || st.st_size >= 16384)
                goto bad_tfm;
 
        /* allocate a word-aligned buffer to hold the file */
Dual-screen mode for evince