diff --git a/ChangeLog b/ChangeLog index 07e190edc..bbb3d32e7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2016-08-26 Werner Lemberg + + [type1] Fix heap buffer overflow. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 + + * src/type1/t1load.c (parse_charstrings): Reject fonts that don't + contain glyph names. + 2016-08-25 Werner Lemberg [sfnt] Fix previous commit (#48901). diff --git a/src/type1/t1load.c b/src/type1/t1load.c index c981adcf2..f8bf31320 100644 --- a/src/type1/t1load.c +++ b/src/type1/t1load.c @@ -1776,6 +1776,12 @@ } } + if ( !n ) + { + error = FT_THROW( Invalid_File_Format ); + goto Fail; + } + loader->num_glyphs = n; /* if /.notdef is found but does not occupy index 0, do our magic. */