diff options
| author | Chris Liddell <chris.liddell@artifex.com> | 2017-06-16 08:29:25 +0100 |
|---|---|---|
| committer | Chris Liddell <chris.liddell@artifex.com> | 2017-06-16 09:11:49 +0100 |
| commit | c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (patch) | |
| tree | 0fa589d9248f3f1a6db89d587011fa4196445edd | |
| parent | 937ccd17ac65935633b2ebc06cb7089b91e17e6b (diff) | |
Bug 698063: Bounds check Ins_JMPR
| -rw-r--r-- | base/ttinterp.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/base/ttinterp.c b/base/ttinterp.c index af457e89f..adf3f0c94 100644 --- a/base/ttinterp.c +++ b/base/ttinterp.c | |||
| @@ -1794,6 +1794,12 @@ static int nInstrCount=0; | |||
| 1794 | 1794 | ||
| 1795 | static void Ins_JMPR( INS_ARG ) | 1795 | static void Ins_JMPR( INS_ARG ) |
| 1796 | { | 1796 | { |
| 1797 | if ( BOUNDS(CUR.IP + args[0], CUR.codeSize ) ) | ||
| 1798 | { | ||
| 1799 | CUR.error = TT_Err_Invalid_Reference; | ||
| 1800 | return; | ||
| 1801 | } | ||
| 1802 | |||
| 1797 | CUR.IP += (Int)(args[0]); | 1803 | CUR.IP += (Int)(args[0]); |
| 1798 | CUR.step_ins = FALSE; | 1804 | CUR.step_ins = FALSE; |
| 1799 | 1805 | ||