Werner Lemberg pushed to branch master at FreeType / FreeType
Commits:
-
db0f2c44
by Werner Lemberg at 2021-06-12T10:13:08+02:00
2 changed files:
Changes:
| 1 |
+2021-06-12 Werner Lemberg <wl@gnu.org>
|
|
| 2 |
+ |
|
| 3 |
+ [psaux] Fix another assertion.
|
|
| 4 |
+ |
|
| 5 |
+ * src/psaux/psintrp.c (cf2_interpT2CharString)
|
|
| 6 |
+ <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
|
|
| 7 |
+ problem can happen with invalid user input.
|
|
| 8 |
+ |
|
| 9 |
+ Test case is file
|
|
| 10 |
+ |
|
| 11 |
+ fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
|
|
| 12 |
+ |
|
| 13 |
+ in the `freetype2-testing` repository.
|
|
| 14 |
+ |
|
| 1 | 15 |
2021-06-12 Werner Lemberg <wl@gnu.org>
|
| 2 | 16 |
|
| 3 | 17 |
[psaux] Fix assertions.
|
| ... | ... | @@ -5,6 +19,12 @@ |
| 5 | 19 |
* src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow
|
| 6 | 20 |
before emitting an assertion error.
|
| 7 | 21 |
|
| 22 |
+ Test case is file
|
|
| 23 |
+ |
|
| 24 |
+ fuzzing/corpora/legacy/oss-fuzz/4594115297673216-integer-overflow
|
|
| 25 |
+ |
|
| 26 |
+ in the `freetype2-testing` repository.
|
|
| 27 |
+ |
|
| 8 | 28 |
2021-06-09 Alexei Podtelezhnikov <apodtele@gmail.com>
|
| 9 | 29 |
|
| 10 | 30 |
* src/truetype/ttinterp.c (TT_RunIns): Optimize tracing.
|
| ... | ... | @@ -1670,7 +1670,13 @@ |
| 1670 | 1670 |
*/
|
| 1671 | 1671 |
|
| 1672 | 1672 |
count = cf2_stack_count( opStack );
|
| 1673 |
- FT_ASSERT( (CF2_UInt)arg_cnt <= count );
|
|
| 1673 |
+ if ( (CF2_UInt)arg_cnt > count )
|
|
| 1674 |
+ {
|
|
| 1675 |
+ FT_ERROR(( "cf2_interpT2CharString (Type 1 mode):"
|
|
| 1676 |
+ " stack underflow\n" ));
|
|
| 1677 |
+ lastError = FT_THROW( Invalid_Glyph_Format );
|
|
| 1678 |
+ goto exit;
|
|
| 1679 |
+ }
|
|
| 1674 | 1680 |
|
| 1675 | 1681 |
opIdx += count - (CF2_UInt)arg_cnt;
|
| 1676 | 1682 |
|