minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity

[psaux] Fix timeout in old CFF engine. 

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11260

* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_sqrt> [CFF_CONFIG_OPTION_OLD_ENGINE]: Fix potential endless
loop.
This commit is contained in:
Werner Lemberg 2018-11-06 11:08:41 +01:00
parent cc288e383b
commit 5b86f53dd6
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ChangeLog
View File

@ -1,3 +1,15 @@
2018-11-06 Werner Lemberg <wl@gnu.org>
[psaux] Fix timeout in old CFF engine.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11260
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_sqrt> [CFF_CONFIG_OPTION_OLD_ENGINE]: Fix potential endless
loop.
2018-11-04 Alexei Podtelezhnikov <apodtele@gmail.com>
* src/truetype/ttgxvar.c: Use enum definitions.

5
src/psaux/cffdecode.c
View File

@ -1748,7 +1748,10 @@
case cff_op_sqrt:
FT_TRACE4(( " sqrt\n" ));
if ( args[0] > 0 )
/* without upper limit the loop below might not finish */
if ( args[0] > 0x7FFFFFFFL )
args[0] = 46341;
else if ( args[0] > 0 )
{
FT_Fixed root = args[0];
FT_Fixed new_root;