Open
Bug 550918
Opened 15 years ago
Updated 2 years ago
cairo_type1_font_subset_look_for_seac scares coverity
Categories
(Core :: Graphics, defect)
Tracking
()
UNCONFIRMED
People
(Reporter: timeless, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: coverity)
826 #define TYPE1_CHARSTRING_COMMAND_SEAC (32 + 6)
829 cairo_type1_font_subset_look_for_seac(cairo_type1_font_subset_t *font,
837 int stack[5], sp, value;
coverity happily takes the following actions:
853 while (p < end) { - true
854 if (*p < 32) { - true
855 command = *p++; - sure
856
857 if (command == TYPE1_CHARSTRING_COMMAND_ESCAPE)
858 command = 32 + *p++;
859
860 switch (command) { - TYPE1_CHARSTRING_COMMAND_SEAC
861 case TYPE1_CHARSTRING_COMMAND_SEAC:
with stack uninitialized:
868 status = use_standard_encoding_glyph (font, stack[3]);
with stack uninitialized:
872 status = use_standard_encoding_glyph (font, stack[4]);
While cairo might typically be used on systems where everyone is trustworthy, we're using cairo with the web, where everyone is untrustworthy, and i request that we not trust random input.
Updated•6 years ago
|
Blocks: coverity-analysis
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•