font: Reject glyphs exceeds font->max_glyph_width or font->max_glyph_height

Check glyph's width and height against limits specified in font's
metadata. Reject the glyph (and font) if such limits are exceeded.

Signed-off-by: Zhang Boyang <zhangboyang.id@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/font/font.c b/grub-core/font/font.c
index 42189c3254a9a31b1d2f9a9d5897162e9cfcfe1d..756ca0abf129e220664d3fc19469461f5880a351 100644 (file)
--- a/grub-core/font/font.c
+++ b/grub-core/font/font.c
@@ -760,7 +760,9 @@ grub_font_get_glyph_internal (grub_font_t font, grub_uint32_t code)
          || read_be_uint16 (font->file, &height) != 0
          || read_be_int16 (font->file, &xoff) != 0
          || read_be_int16 (font->file, &yoff) != 0
-         || read_be_int16 (font->file, &dwidth) != 0)
+         || read_be_int16 (font->file, &dwidth) != 0
+         || width > font->max_char_width
+         || height > font->max_char_height)
        {
          remove_font (font);
          return 0;