From 7bfec47910293bf149b8debe44c6f3f788506092 Mon Sep 17 00:00:00 2001 From: Jeremy Tan <jtanx@outlook.com> Date: Sun, 30 Jul 2017 11:56:43 +0800 Subject: [PATCH 6/6] parsettf.c: Fix out of bounds read condition on buffer Closes #3093 --- fontforge/parsettf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fontforge/parsettf.c +++ b/fontforge/parsettf.c @@ -1744,7 +1744,7 @@ if ( info->version==NULL ) info->version = copy("1.0"); else if ( strnmatch(info->version,"Version ",8)==0 ) { char *temp = copy(info->version+8); - if ( temp[strlen(temp)-1]==' ' ) + if ( temp[0] != '\0' && temp[strlen(temp)-1]==' ' ) temp[strlen(temp)-1] = '\0'; free(info->version); info->version = temp;