[freetype2] master 3f090c6: * src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.

[Werner LEMBERG]

branch: master
commit 3f090c6843dea837d1054e994e9ba18fefb75a62
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    * src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838
---
 ChangeLog         | 8 ++++++++
 src/sfnt/ttcmap.c | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 5942a16..74351bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2017-12-31  Werner Lemberg  <address@hidden>
 
+       * src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.
+
+       Reported as
+
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838
+
+2017-12-31  Werner Lemberg  <address@hidden>
+
        Synchronize other Windows project files.
 
        * builds/windows/*: Add missing files.
diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c
index f6c02f9..45414d1 100644
--- a/src/sfnt/ttcmap.c
+++ b/src/sfnt/ttcmap.c
@@ -518,7 +518,11 @@
 
 
         if ( offset == 0 )
+        {
+          if ( charcode == 0x100 )
+            goto Exit; /* this happens only for a malformed cmap */
           goto Next_SubHeader;
+        }
 
         if ( char_lo < start )
         {