From 50486df1e6a9a66d5df287efea94b8c1c14a1084 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Mon, 13 Aug 2018 08:46:53 +0200
Subject: [PATCH] * src/type42/t42parse.c (t42_parse_sfnts): One more format
 check.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9832
---
 ChangeLog             | 8 ++++++++
 src/type42/t42parse.c | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 6f2ca3fc7..ce5bf8eac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-08-13  Werner Lemberg  <wl@gnu.org>
+
+	* src/type42/t42parse.c (t42_parse_sfnts): One more format check.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9832
+
 2018-08-11  Werner Lemberg  <wl@gnu.org>
 
 	* src/base/ftcalc.c (FT_Matrix_Check): Fix integer overflow.
diff --git a/src/type42/t42parse.c b/src/type42/t42parse.c
index edd27a850..04690f5fc 100644
--- a/src/type42/t42parse.c
+++ b/src/type42/t42parse.c
@@ -595,6 +595,14 @@
 
       else if ( *cur == '<' )
       {
+        if ( string_buf && !allocated )
+        {
+          FT_ERROR(( "t42_parse_sfnts: "
+                     "can't handle mixed binary and hex strings\n" ));
+          error = FT_THROW( Invalid_File_Format );
+          goto Fail;
+        }
+
         T1_Skip_PS_Token( parser );
         if ( parser->root.error )
           goto Exit;