From fa5aa0507366886476c80411224cf162b300ad3f Mon Sep 17 00:00:00 2001 From: Nicola Fontana Date: Fri, 30 Apr 2021 11:57:45 +0200 Subject: [PATCH] cpml: fix access violation in cpml_segment_put_next In the unlikely case there is a path with trailing CPML_MOVE, a next iteration on the last segment was accessing a single item outside the CpmlPath. --- src/cpml/cpml-segment.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cpml/cpml-segment.c b/src/cpml/cpml-segment.c index a2306875..240c2331 100644 --- a/src/cpml/cpml-segment.c +++ b/src/cpml/cpml-segment.c @@ -640,7 +640,7 @@ ensure_one_leading_move(CpmlSegment *segment) } /* Skip all duplicate CPML_MOVE but the last one */ - while (length = data->header.length, + while (num_data > 0 && (length = data->header.length) > 0 && num_data > length && data[length].header.type == CPML_MOVE) { data += length; num_data -= length; -- 2.11.4.GIT