[psaux] Fix another assertion.

* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.

Test case is file

  fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read

in the `freetype2-testing` repository.
This commit is contained in:
Werner Lemberg 2021-06-12 10:05:07 +02:00
parent a34afe6786
commit db0f2c448e
2 changed files with 27 additions and 1 deletions

View File

@ -1,3 +1,17 @@
2021-06-12 Werner Lemberg <wl@gnu.org>
[psaux] Fix another assertion.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
in the `freetype2-testing` repository.
2021-06-12 Werner Lemberg <wl@gnu.org> 2021-06-12 Werner Lemberg <wl@gnu.org>
[psaux] Fix assertions. [psaux] Fix assertions.
@ -5,6 +19,12 @@
* src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow * src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow
before emitting an assertion error. before emitting an assertion error.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/4594115297673216-integer-overflow
in the `freetype2-testing` repository.
2021-06-09 Alexei Podtelezhnikov <apodtele@gmail.com> 2021-06-09 Alexei Podtelezhnikov <apodtele@gmail.com>
* src/truetype/ttinterp.c (TT_RunIns): Optimize tracing. * src/truetype/ttinterp.c (TT_RunIns): Optimize tracing.

View File

@ -1670,7 +1670,13 @@
*/ */
count = cf2_stack_count( opStack ); count = cf2_stack_count( opStack );
FT_ASSERT( (CF2_UInt)arg_cnt <= count ); if ( (CF2_UInt)arg_cnt > count )
{
FT_ERROR(( "cf2_interpT2CharString (Type 1 mode):"
" stack underflow\n" ));
lastError = FT_THROW( Invalid_Glyph_Format );
goto exit;
}
opIdx += count - (CF2_UInt)arg_cnt; opIdx += count - (CF2_UInt)arg_cnt;