Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
resolveSubtable: Fix buffer overflow parsing a malformed table
The subtable's name can theoretically be up to MAXSTRING characters long. The base name is then copied into a buffer, and the subtable's name is appended, so we should allocate more than MAXSTRING bytes for the buffer. Fixes CVE-2017-13739, CVE-2017-13740, and CVE-2017-13742.
- Loading branch information