[woff2] Fix font table access.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20778

* src/sfnt/sfwoff2.c (get_x_mins): Explicitly check for presence of
`head' table, which might not have been processed yet.
This commit is contained in:
Werner Lemberg 2020-02-22 18:30:46 +01:00
parent 6e49dff005
commit fa147af4a5
2 changed files with 24 additions and 3 deletions

View File

@ -1,3 +1,14 @@
2020-02-22 Werner Lemberg <wl@gnu.org>
[woff2] Fix font table access.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20778
* src/sfnt/sfwoff2.c (get_x_mins): Explicitly check for presence of
`head' table, which might not have been processed yet.
2020-02-21 Werner Lemberg <wl@gnu.org>
[psaux] Make `t1_decoder_parse_metrics' handle `op_div' (#57519).

View File

@ -1268,8 +1268,11 @@
FT_Error error = FT_Err_Ok;
FT_ULong offset_size;
/* At this point of time those tables might not have been read yet. */
const WOFF2_Table maxp_table = find_table( tables, num_tables,
TTAG_maxp );
const WOFF2_Table head_table = find_table( tables, num_tables,
TTAG_head );
if ( !maxp_table )
@ -1278,6 +1281,12 @@
return FT_THROW( Invalid_Table );
}
if ( !head_table )
{
FT_ERROR(( "`head' table is missing.\n" ));
return FT_THROW( Invalid_Table );
}
/* Read `numGlyphs' field from `maxp' table. */
if ( FT_STREAM_SEEK( maxp_table->src_offset ) && FT_STREAM_SKIP( 8 ) )
return error;
@ -1288,7 +1297,7 @@
info->num_glyphs = num_glyphs;
/* Read `indexToLocFormat' field from `head' table. */
if ( FT_STREAM_SEEK( info->head_table->src_offset ) &&
if ( FT_STREAM_SEEK( head_table->src_offset ) &&
FT_STREAM_SKIP( 50 ) )
return error;
@ -2145,7 +2154,8 @@
#ifdef FT_DEBUG_LEVEL_TRACE
if ( sfnt_size != woff2.totalSfntSize )
FT_TRACE4(( "adjusting estimate of uncompressed font size to %lu\n",
FT_TRACE4(( "adjusting estimate of uncompressed font size"
" to %lu bytes\n",
sfnt_size ));
#endif
}