minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity

[sfnt] Additional checks for 'colr' table presence. 

* sfnt/ttcolr.c (tt_face_get_colr_glyph_paint,
tt_face_get_colorline_stops, tt_face_get_paint): Additional checks
for whether colr table is present.  Prevents crashes when these
methods are called on non-COLR fonts.
This commit is contained in:
Werner Lemberg 2021-01-15 10:09:00 +01:00
parent 53fea87745
commit ba1a6acf28
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,3 +1,12 @@
2021-01-14 Dominik Röttsches <drott@chromium.org>
[sfnt] Additional checks for 'colr' table presence.
* sfnt/ttcolr.c (tt_face_get_colr_glyph_paint,
tt_face_get_colorline_stops, tt_face_get_paint): Additional checks
for whether colr table is present. Prevents crashes when these
methods are called on non-COLR fonts.
2021-01-13 Dominik Röttsches <drott@chromium.org>
Add config option to test for 'COLR' v1 support in headers.

9
src/sfnt/ttcolr.c
View File

@ -665,6 +665,9 @@
FT_Byte* p;
if ( !colr )
return 0;
if ( colr->version < 1 || !colr->num_base_glyphs_v1 ||
!colr->base_glyphs_v1 )
return 0;
@ -755,6 +758,9 @@
FT_Byte* p;
if ( !colr )
return 0;
if ( iterator->current_color_stop >= iterator->num_color_stops )
return 0;
@ -793,6 +799,9 @@
FT_Byte* p;
if ( !colr )
return 0;
if ( opaque_paint.p < (FT_Byte*)colr->table ||
opaque_paint.p >= ( (FT_Byte*)colr->table + colr->table_size ) )
return 0;