* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Check `count'.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=308
This commit is contained in:
Werner Lemberg 2016-12-22 10:12:17 +01:00
parent b44e6c2035
commit 7f7333990c
2 changed files with 11 additions and 1 deletions

View File

@ -1,3 +1,11 @@
2016-12-22 Werner Lemberg <wl@gnu.org>
* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Check `count'.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=308
2016-12-22 Werner Lemberg <wl@gnu.org>
[cff] Protect against invalid `vsindex' and `blend' values.

View File

@ -248,7 +248,9 @@
*count = subcnt + 1;
rpos += map_offset;
if ( *count > 2727 )
/* a zero count might be valid in the resource specification, */
/* however, it is completely useless to us */
if ( *count < 1 || *count > 2727 )
return FT_THROW( Invalid_Table );
error = FT_Stream_Seek( stream, (FT_ULong)rpos );