* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838
2017-12-31 10:32:08 +01:00 · 2017-12-31 10:32:08 +01:00 · 3f090c6843
parent 0268bf35f0
commit 3f090c6843
2 changed files with 12 additions and 0 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+2017-12-31  Werner Lemberg  <wl@gnu.org>
+
+	* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838
+
 2017-12-31  Werner Lemberg  <wl@gnu.org>

 	Synchronize other Windows project files.
--- a/src/sfnt/ttcmap.c
+++ b/src/sfnt/ttcmap.c
@ -518,7 +518,11 @@


        if ( offset == 0 )
+        {
+          if ( charcode == 0x100 )
+            goto Exit; /* this happens only for a malformed cmap */
          goto Next_SubHeader;
+        }

        if ( char_lo < start )
        {