826 #define TYPE1_CHARSTRING_COMMAND_SEAC (32 + 6) 829 cairo_type1_font_subset_look_for_seac(cairo_type1_font_subset_t *font, 837 int stack[5], sp, value; coverity happily takes the following actions: 853 while (p < end) { - true 854 if (*p < 32) { - true 855 command = *p++; - sure 856 857 if (command == TYPE1_CHARSTRING_COMMAND_ESCAPE) 858 command = 32 + *p++; 859 860 switch (command) { - TYPE1_CHARSTRING_COMMAND_SEAC 861 case TYPE1_CHARSTRING_COMMAND_SEAC: with stack uninitialized: 868 status = use_standard_encoding_glyph (font, stack[3]); with stack uninitialized: 872 status = use_standard_encoding_glyph (font, stack[4]); While cairo might typically be used on systems where everyone is trustworthy, we're using cairo with the web, where everyone is untrustworthy, and i request that we not trust random input.