[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 3360ca5: [truetype] Reject elements of composites wit
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master 3360ca5: [truetype] Reject elements of composites with invalid glyph indices. |
|
Date: |
Tue, 22 May 2018 03:07:00 -0400 (EDT) |
branch: master
commit 3360ca5853007f1bc5a550c3837f08242fd4c651
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[truetype] Reject elements of composites with invalid glyph indices.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8413
* src/truetype/ttgload.c (TT_Load_Composite_Glyph): Implement it.
---
ChangeLog | 10 ++++++++++
include/freetype/config/ftheader.h | 12 ++++++++++++
include/freetype/ftbitmap.h | 38 ++++++++++++++++++++++++++++++++++++++
src/truetype/ttgload.c | 12 +++++++++---
4 files changed, 69 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f6f2787..789ac94 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2018-05-22 Werner Lemberg <address@hidden>
+ [truetype] Reject elements of composites with invalid glyph indices.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8413
+
+ * src/truetype/ttgload.c (TT_Load_Composite_Glyph): Implement it.
+
+2018-05-22 Werner Lemberg <address@hidden>
+
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Trace # of points.
2018-05-20 Werner Lemberg <address@hidden>
diff --git a/include/freetype/config/ftheader.h
b/include/freetype/config/ftheader.h
index 702f77c..13e5de7 100644
--- a/include/freetype/config/ftheader.h
+++ b/include/freetype/config/ftheader.h
@@ -760,6 +760,18 @@
#define FT_ADVANCES_H <freetype/ftadvanc.h>
+ /*************************************************************************
+ *
+ * @macro:
+ * FT_COLOR_H
+ *
+ * @description:
+ * A macro used in #include statements to name the file containing the
+ * FreeType~2 API which handles the OpenType CPAL table.
+ */
+#define FT_COLOR_H <freetype/ftcolor.h>
+
+
/* */
/* These header files don't need to be included by the user. */
diff --git a/include/freetype/ftbitmap.h b/include/freetype/ftbitmap.h
index cbdccc2..f3acd19 100644
--- a/include/freetype/ftbitmap.h
+++ b/include/freetype/ftbitmap.h
@@ -22,6 +22,7 @@
#include <ft2build.h>
#include FT_FREETYPE_H
+#include FT_COLOR_H
#ifdef FREETYPE_H
#error "freetype.h of FreeType 1 has been loaded!"
@@ -185,6 +186,43 @@ FT_BEGIN_HEADER
/*************************************************************************/
/* */
/* <Function> */
+ /* FT_Bitmap_Blend */
+ /* */
+ /* <Description> */
+ /* Blend a bitmap object from an `FT_GlyphSlot' structure onto a */
+ /* bitmap in an `FT_Bitmap' structure, using a given color and */
+ /* offset. */
+ /* */
+ /* <InOut> */
+ /* target :: A handle to a bitmap object. Its type must be */
+ /* @FT_PIXEL_MODE_BGRA. */
+ /* */
+ /* <Input> */
+ /* source :: The glyph slot's source bitmap, which can have any */
+ /* @FT_Pixel_Mode format. */
+ /* */
+ /* color :: The color used to draw `source' onto `target'. */
+ /* */
+ /* topleft :: A vector from the topleft corner of `source' to the */
+ /* topleft corner of `target'. */
+ /* */
+ /* <Return> */
+ /* FreeType error code. 0~means success. */
+ /* */
+ /* <Note> */
+ /* This function reallocates the target bitmap if necessary; it */
+ /* doesn't perform clipping. */
+ /* */
+ FT_EXPORT( FT_Error )
+ FT_Bitmap_Blend( FT_Bitmap target,
+ FT_GlyphSlot source,
+ FT_Color color,
+ FT_Vector topleft );
+
+
+ /*************************************************************************/
+ /* */
+ /* <Function> */
/* FT_GlyphSlot_Own_Bitmap */
/* */
/* <Description> */
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 33ca681..f7f723a 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -561,9 +561,10 @@
TT_Load_Composite_Glyph( TT_Loader loader )
{
FT_Error error;
- FT_Byte* p = loader->cursor;
- FT_Byte* limit = loader->limit;
- FT_GlyphLoader gloader = loader->gloader;
+ FT_Byte* p = loader->cursor;
+ FT_Byte* limit = loader->limit;
+ FT_GlyphLoader gloader = loader->gloader;
+ FT_Long num_glyphs = loader->face->root.num_glyphs;
FT_SubGlyph subglyph;
FT_UInt num_subglyphs;
@@ -592,6 +593,11 @@
subglyph->flags = FT_NEXT_USHORT( p );
subglyph->index = FT_NEXT_USHORT( p );
+ /* we reject composites that have components */
+ /* with invalid glyph indices */
+ if ( subglyph->index >= num_glyphs )
+ goto Invalid_Composite;
+
/* check space */
count = 2;
if ( subglyph->flags & ARGS_ARE_WORDS )
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 3360ca5: [truetype] Reject elements of composites with invalid glyph indices.,
Werner LEMBERG <=