freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Git][freetype/freetype][master] [sfnt] Avoid nullptr dereference in rea

From: Werner Lemberg (@wl)
Subject: [Git][freetype/freetype][master] [sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table.
Date: Wed, 18 Jan 2023 07:24:07 +0000

Werner Lemberg pushed to branch master at FreeType / FreeType

Commits:

  • a297feab
    by Dominik Röttsches at 2023-01-18T08:22:53+01:00 
    [sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table.

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044.

* src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is
too small, don't deallocate delta set index map structures.

1 changed file:

Changes:

  • src/sfnt/ttcolr.c
    ... ... @@ -190,7 +190,7 @@
    190 190 
     #endif
    191 191
    192 192 
         if ( table_size < COLRV0_HEADER_SIZE )
    193 
    -      goto InvalidTable;
    193 
    +      goto NoColr;
    194 194
    195 195 
         if ( FT_FRAME_EXTRACT( table_size, table ) )
    196 196 
           goto NoColr;


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.freedesktop.org. Manage all notifications · Help

    reply via email to
    [Prev in Thread] Current Thread [Next in Thread]