[woff2] Check whether known tag is in array bounds.
If table tag is not 0x3f, we expect a value between 0 and 62. If this is not the case, exit with errors. * src/sfnt/sfwoff2/c: Check whether table tag makes sense. * src/sfnt/woff2tags.c: Return 0 if tag is out of bounds.
This commit is contained in:
parent
933c185b7e
commit
f67786de4d
|
@ -1760,7 +1760,15 @@
|
||||||
goto Exit;
|
goto Exit;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
table->Tag = woff2_known_tags( table->FlagByte & 0x3f );
|
table->Tag = woff2_known_tags( table->FlagByte & 0x3f );
|
||||||
|
if ( !table->Tag )
|
||||||
|
{
|
||||||
|
FT_ERROR(( "woff2_open_font: Unknown table tag." ));
|
||||||
|
error = FT_THROW( Invalid_Table );
|
||||||
|
goto Exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
flags = 0;
|
flags = 0;
|
||||||
xform_version = ( table->FlagByte >> 6 ) & 0x03;
|
xform_version = ( table->FlagByte >> 6 ) & 0x03;
|
||||||
|
@ -1787,7 +1795,7 @@
|
||||||
goto Exit;
|
goto Exit;
|
||||||
if ( table->Tag == TTAG_loca && table->TransformLength )
|
if ( table->Tag == TTAG_loca && table->TransformLength )
|
||||||
{
|
{
|
||||||
FT_ERROR(( "woff_font_open: Invalid loca `transformLength'.\n" ));
|
FT_ERROR(( "woff2_open_font: Invalid loca `transformLength'.\n" ));
|
||||||
error = FT_THROW( Invalid_Table );
|
error = FT_THROW( Invalid_Table );
|
||||||
goto Exit;
|
goto Exit;
|
||||||
}
|
}
|
||||||
|
@ -1795,7 +1803,7 @@
|
||||||
|
|
||||||
if ( src_offset + table->TransformLength < src_offset )
|
if ( src_offset + table->TransformLength < src_offset )
|
||||||
{
|
{
|
||||||
FT_ERROR(( "woff_font_open: invalid WOFF2 table directory.\n" ));
|
FT_ERROR(( "woff2_open_font: invalid WOFF2 table directory.\n" ));
|
||||||
error = FT_THROW( Invalid_Table );
|
error = FT_THROW( Invalid_Table );
|
||||||
goto Exit;
|
goto Exit;
|
||||||
}
|
}
|
||||||
|
|
|
@ -91,6 +91,9 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
if ( index < 0 || index > 62 )
|
||||||
|
return 0;
|
||||||
|
|
||||||
return known_tags[index];
|
return known_tags[index];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue