From c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Fri, 16 Jun 2017 08:29:25 +0100
Subject: [PATCH] Bug 698063: Bounds check Ins_JMPR
---
base/ttinterp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/base/ttinterp.c b/base/ttinterp.c
index af457e8..adf3f0c 100644
--- a/base/ttinterp.c
+++ b/base/ttinterp.c
@@ -1794,6 +1794,12 @@ static int nInstrCount=0;
static void Ins_JMPR( INS_ARG )
{
+ if ( BOUNDS(CUR.IP + args[0], CUR.codeSize ) )
+ {
+ CUR.error = TT_Err_Invalid_Reference;
+ return;
+ }
+
CUR.IP += (Int)(args[0]);
CUR.step_ins = FALSE;
--
2.9.1
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
57975dbd1810101d2aba4d7987b8a7c4
>
files
>
20
