[woff2] Fix font table access.
Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20778 * src/sfnt/sfwoff2.c (get_x_mins): Explicitly check for presence of `head' table, which might not have been processed yet.
This commit is contained in:
parent
6e49dff005
commit
fa147af4a5
11
ChangeLog
11
ChangeLog
|
@ -1,3 +1,14 @@
|
|||
2020-02-22 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[woff2] Fix font table access.
|
||||
|
||||
Reported as
|
||||
|
||||
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20778
|
||||
|
||||
* src/sfnt/sfwoff2.c (get_x_mins): Explicitly check for presence of
|
||||
`head' table, which might not have been processed yet.
|
||||
|
||||
2020-02-21 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[psaux] Make `t1_decoder_parse_metrics' handle `op_div' (#57519).
|
||||
|
|
|
@ -1268,8 +1268,11 @@
|
|||
FT_Error error = FT_Err_Ok;
|
||||
FT_ULong offset_size;
|
||||
|
||||
/* At this point of time those tables might not have been read yet. */
|
||||
const WOFF2_Table maxp_table = find_table( tables, num_tables,
|
||||
TTAG_maxp );
|
||||
const WOFF2_Table head_table = find_table( tables, num_tables,
|
||||
TTAG_head );
|
||||
|
||||
|
||||
if ( !maxp_table )
|
||||
|
@ -1278,6 +1281,12 @@
|
|||
return FT_THROW( Invalid_Table );
|
||||
}
|
||||
|
||||
if ( !head_table )
|
||||
{
|
||||
FT_ERROR(( "`head' table is missing.\n" ));
|
||||
return FT_THROW( Invalid_Table );
|
||||
}
|
||||
|
||||
/* Read `numGlyphs' field from `maxp' table. */
|
||||
if ( FT_STREAM_SEEK( maxp_table->src_offset ) && FT_STREAM_SKIP( 8 ) )
|
||||
return error;
|
||||
|
@ -1288,8 +1297,8 @@
|
|||
info->num_glyphs = num_glyphs;
|
||||
|
||||
/* Read `indexToLocFormat' field from `head' table. */
|
||||
if ( FT_STREAM_SEEK( info->head_table->src_offset ) &&
|
||||
FT_STREAM_SKIP( 50 ) )
|
||||
if ( FT_STREAM_SEEK( head_table->src_offset ) &&
|
||||
FT_STREAM_SKIP( 50 ) )
|
||||
return error;
|
||||
|
||||
if ( FT_READ_USHORT( index_format ) )
|
||||
|
@ -2145,7 +2154,8 @@
|
|||
|
||||
#ifdef FT_DEBUG_LEVEL_TRACE
|
||||
if ( sfnt_size != woff2.totalSfntSize )
|
||||
FT_TRACE4(( "adjusting estimate of uncompressed font size to %lu\n",
|
||||
FT_TRACE4(( "adjusting estimate of uncompressed font size"
|
||||
" to %lu bytes\n",
|
||||
sfnt_size ));
|
||||
#endif
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue