[freetype2] master db0f2c4: [psaux] Fix another assertion.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master db0f2c4: [psaux] Fix another assertion.

From:	Werner Lemberg
Subject:	[freetype2] master db0f2c4: [psaux] Fix another assertion.
Date:	Sat, 12 Jun 2021 04:13:29 -0400 (EDT)

branch: master
commit db0f2c448eee26cc3f432276144fac8c3f110f34
Author: Werner Lemberg <wl@gnu.org>
Commit: Werner Lemberg <wl@gnu.org>

    [psaux] Fix another assertion.
    
    * src/psaux/psintrp.c (cf2_interpT2CharString)
    <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
    problem can happen with invalid user input.
    
    Test case is file
    
      fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
    
    in the `freetype2-testing` repository.
---
 ChangeLog           | 20 ++++++++++++++++++++
 src/psaux/psintrp.c |  8 +++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 02fc1a5..07c9a78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,30 @@
 2021-06-12  Werner Lemberg  <wl@gnu.org>
 
+       [psaux] Fix another assertion.
+
+       * src/psaux/psintrp.c (cf2_interpT2CharString)
+       <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
+       problem can happen with invalid user input.
+
+       Test case is file
+
+         fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
+
+       in the `freetype2-testing` repository.
+
+2021-06-12  Werner Lemberg  <wl@gnu.org>
+
        [psaux] Fix assertions.
 
        * src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow
        before emitting an assertion error.
 
+       Test case is file
+
+        fuzzing/corpora/legacy/oss-fuzz/4594115297673216-integer-overflow
+
+       in the `freetype2-testing` repository.
+
 2021-06-09  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
        * src/truetype/ttinterp.c (TT_RunIns): Optimize tracing. 
diff --git a/src/psaux/psintrp.c b/src/psaux/psintrp.c
index cc1b676..40e9276 100644
--- a/src/psaux/psintrp.c
+++ b/src/psaux/psintrp.c
@@ -1670,7 +1670,13 @@
                      */
 
                     count = cf2_stack_count( opStack );
-                    FT_ASSERT( (CF2_UInt)arg_cnt <= count );
+                    if ( (CF2_UInt)arg_cnt > count )
+                    {
+                      FT_ERROR(( "cf2_interpT2CharString (Type 1 mode):"
+                                 " stack underflow\n" ));
+                      lastError = FT_THROW( Invalid_Glyph_Format );
+                      goto exit;
+                    }
 
                     opIdx += count - (CF2_UInt)arg_cnt;

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master db0f2c4: [psaux] Fix another assertion., Werner Lemberg <=

Prev by Date: [freetype2] master a34afe6: [psaux] Fix assertions.
Next by Date: [Git][freetype/freetype][master] [psaux] Fix another assertion.
Previous by thread: [freetype2] master a34afe6: [psaux] Fix assertions.
Next by thread: [Git][freetype/freetype][master] [psaux] Fix another assertion.
Index(es):
- Date
- Thread