File source-CVE-2023-46048.patch of Package texlive.33324

---
 texk/dvipsk/writet1.c          |   15 ++++++++++++---
 texk/web2c/pdftexdir/writet1.c |   15 ++++++++++++---
 2 files changed, 24 insertions(+), 6 deletions(-)

--- texk/dvipsk/writet1.c
+++ texk/dvipsk/writet1.c	2024-04-02 00:00:00.000000000 +0000
@@ -769,7 +769,10 @@ static char **t1_builtin_enc(void)
                 *t1_buf_array == '/' && valid_code(i)) {
                 if (strcmp(t1_buf_array + 1, notdef) != 0)
                     glyph_names[i] = xstrdup(t1_buf_array + 1);
-                p = strstr(p, " put") + strlen(" put");
+                p = strstr(p, " put");
+                if (!p)
+                    pdftex_fail("invalid pfb, no put found in dup");
+                p += strlen(" put");
                 skip(p, ' ');
             }
             /*
@@ -778,7 +781,10 @@ static char **t1_builtin_enc(void)
             else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2
                      && valid_code(a) && valid_code(b)) {
                 copy_glyph_names(glyph_names, a, b);
-                p = strstr(p, " get put") + strlen(" get put");
+                p = strstr(p, " get put");
+                if (!p)
+                    pdftex_fail("invalid pfb, no get put found in dup dup");
+                p += strlen(" get put");
                 skip(p, ' ');
             }
             /*
@@ -789,7 +795,10 @@ static char **t1_builtin_enc(void)
                      && valid_code(a) && valid_code(b) && valid_code(c)) {
                 for (i = 0; i < c; i++)
                     copy_glyph_names(glyph_names, a + i, b + i);
-                p = strstr(p, " putinterval") + strlen(" putinterval");
+                p = strstr(p, " putinterval");
+                if (!p)
+                   pdftex_fail("invalid pfb, no putinterval found in dup dup");
+                p += strlen(" putinterval");
                 skip(p, ' ');
             }
             /*
--- texk/web2c/pdftexdir/writet1.c
+++ texk/web2c/pdftexdir/writet1.c	2024-04-02 00:00:00.000000000 +0000
@@ -841,7 +841,10 @@ static char **t1_builtin_enc(void)
                 *t1_buf_array == '/' && valid_code(i)) {
                 if (strcmp(t1_buf_array + 1, notdef) != 0)
                     glyph_names[i] = xstrdup(t1_buf_array + 1);
-                p = strstr(p, " put") + strlen(" put");
+                p = strstr(p, " put");
+                if (!p)
+                    pdftex_fail("invalid pfb, no put found in dup");
+                p += strlen(" put");
                 skip(p, ' ');
             }
             /*
@@ -850,7 +853,10 @@ static char **t1_builtin_enc(void)
             else if (sscanf(p, "dup dup %i exch %i get put", &b, &a) == 2
                      && valid_code(a) && valid_code(b)) {
                 copy_glyph_names(glyph_names, a, b);
-                p = strstr(p, " get put") + strlen(" get put");
+                p = strstr(p, " get put");
+                if (!p)
+                    pdftex_fail("invalid pfb, no get put found in dup dup");
+                p += strlen(" get put");
                 skip(p, ' ');
             }
             /*
@@ -861,7 +867,10 @@ static char **t1_builtin_enc(void)
                      && valid_code(a) && valid_code(b) && valid_code(c)) {
                 for (i = 0; i < c; i++)
                     copy_glyph_names(glyph_names, a + i, b + i);
-                p = strstr(p, " putinterval") + strlen(" putinterval");
+                p = strstr(p, " putinterval");
+                if (!p)
+                   pdftex_fail("invalid pfb, no putinterval found in dup dup");
+                p += strlen(" putinterval");
                 skip(p, ' ');
             }
             /*