freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Git][freetype/freetype][master] [sfnt] Sanitize cmap4 table better.

From: Werner Lemberg (@wl)
Subject: [Git][freetype/freetype][master] [sfnt] Sanitize cmap4 table better.
Date: Tue, 08 Jun 2021 13:27:34 +0000

Werner Lemberg pushed to branch master at FreeType / FreeType

Commits:

2 changed files:

Changes:

  • ChangeLog
    1 
    +2021-06-08  Werner Lemberg  <wl@gnu.org>
    2 
    +
    3 
    +	[sfnt] Sanitize cmap4 table better.
    4 
    +
    5 
    +	Fixes #1062.
    6 
    +
    7 
    +	* src/sfnt/ttcmap.c (tt_cmap4_validate): Handle a too-small value of
    8 
    +	`length` gracefully.
    9 
    +
    1 10 
     2021-06-08  Dominik Röttsches  <drott@chromium.org>
    2 11
    3 12 
     	[sfnt] Pointer validity check when reading COLR 'v1' layers

  • src/sfnt/ttcmap.c
    ... ... @@ -916,6 +916,16 @@
    916 916 
           length = (FT_UInt)( valid->limit - table );
    917 917 
         }
    918 918
    919 
    +    /* it also happens that the `length' field is too small; */
    920 
    +    /* this is easy to correct                               */
    921 
    +    if ( length < (FT_UInt)( valid->limit - table ) )
    922 
    +    {
    923 
    +      if ( valid->level >= FT_VALIDATE_PARANOID )
    924 
    +        FT_INVALID_DATA;
    925 
    +
    926 
    +      length = (FT_UInt)( valid->limit - table );
    927 
    +    }
    928 
    +
    919 929 
         if ( length < 16 )
    920 930 
           FT_INVALID_TOO_SHORT;
    921 931


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.freedesktop.org. If you'd like to receive fewer emails, you can adjust your notification settings.

    reply via email to
    [Prev in Thread] Current Thread [Next in Thread]