[sfnt, type42] Correct previous commit.
Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773. * src/sfnt/ttload.c (check_table_dir): Revert change. * src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but `FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access while handling malformed TrueType fonts later on.
This commit is contained in:
parent
bf9b1ef905
commit
7a493e3a40
|
@ -200,7 +200,7 @@
|
||||||
|
|
||||||
for ( nn = 0; nn < sfnt->num_tables; nn++ )
|
for ( nn = 0; nn < sfnt->num_tables; nn++ )
|
||||||
{
|
{
|
||||||
TT_TableRec table = { 0, 0, 0, 0 };
|
TT_TableRec table;
|
||||||
|
|
||||||
|
|
||||||
if ( FT_STREAM_READ_FIELDS( table_dir_entry_fields, &table ) )
|
if ( FT_STREAM_READ_FIELDS( table_dir_entry_fields, &table ) )
|
||||||
|
|
|
@ -718,7 +718,9 @@
|
||||||
goto Fail;
|
goto Fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( FT_QREALLOC( face->ttf_data, 12, face->ttf_size ) )
|
/* To handle bad fonts with an invalid table directory */
|
||||||
|
/* we don't use `FT_QREALLOC` here. */
|
||||||
|
if ( FT_REALLOC( face->ttf_data, 12, face->ttf_size ) )
|
||||||
goto Fail;
|
goto Fail;
|
||||||
}
|
}
|
||||||
/* fall through */
|
/* fall through */
|
||||||
|
@ -767,7 +769,12 @@
|
||||||
FT_TRACE2(( " allocating %ld bytes\n", face->ttf_size + 1 ));
|
FT_TRACE2(( " allocating %ld bytes\n", face->ttf_size + 1 ));
|
||||||
FT_TRACE2(( "\n" ));
|
FT_TRACE2(( "\n" ));
|
||||||
|
|
||||||
if ( FT_QREALLOC( face->ttf_data, 12 + 16 * num_tables,
|
/* To handle bad fonts we don't use `FT_QREALLOC` here: */
|
||||||
|
/* chances are high that due to incorrect values in the */
|
||||||
|
/* table directory the computation of `ttf_size` would be */
|
||||||
|
/* incorrect otherwise, causing run-time errors because of */
|
||||||
|
/* accessing uninitialized memory. */
|
||||||
|
if ( FT_REALLOC( face->ttf_data, 12 + 16 * num_tables,
|
||||||
face->ttf_size + 1 ) )
|
face->ttf_size + 1 ) )
|
||||||
goto Fail;
|
goto Fail;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue