minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity
freetype2/src
History
Werner Lemberg 57c4252ab5 [sfnt] Guard access in 'COLR' v1 glyph binary search. 
Reported as

  https://bugs.chromium.org/p/chromium/issues/detail?id=1505216

* src/sfnt/ttcolr.c (find_base_glyph_v1_record): Guard access of the search
pointer during binary search.  The pointer needs to be checked as we go as
the test that compares number of v1 glyphs with table size at the time of
loading the table is not sufficient on its own.

A scenario is possible in which the `BaseGlyphRecord` list extends into
non-`BaseGlyphRecord` parts of the 'COLR' v1 table (but passed the size
comparison check).  Then, at those locations, invalid glyph ID values are
read and may provoke an invalid read due to reassigning min and max values
during the binary search.
 		2024-01-02 17:55:33 +01:00
..
autofit [autofit] Fix synchronization mistake between FreeType and ttfautohint. 2023-09-05 08:09:31 +02:00
base Comment typos. 2023-09-24 20:09:17 -04:00
bdf Replace `sprintf` with `snprintf`. 2023-05-23 13:18:01 +02:00
bzip2 * src/bzip2/ftbzip2.c: Signature fixes. 2023-05-08 06:26:43 +02:00
cache [cache] Merge functions. 2023-05-12 22:27:08 -04:00
cff [CFF] Extract `BlueValues` as `Fixed` rather than `Int`. 2023-12-14 07:17:01 +01:00
cid [type1, cid, type42] Post-cleanup. 2023-09-09 22:20:00 -04:00
dlg * src/*: Replace leading underscores with trailing ones in dummy variables. 2023-02-26 20:18:54 +01:00
gxvalid * src/gxvalid/gxvcommn.h (GXV_USHORT_TO_SHORT): Removed. 2023-09-25 22:26:15 -04:00
gzip [gzip] Update sources to zlib 1.13. 2023-08-27 09:47:24 +02:00
lzw Fix 'fall-through' warning messages. 2023-02-08 21:09:32 +01:00
otvalid Update all copyright notices. 2023-01-17 09:18:25 +01:00
pcf * src/pcf/pcfutil.c (BSWAP16): Limit clang support. 2023-10-21 19:08:20 -04:00
pfr [pfr] Signature fixes. 2023-05-07 15:57:06 +02:00
psaux [CFF] Extract `BlueValues` as `Fixed` rather than `Int`. 2023-12-14 07:17:01 +01:00
pshinter [pshinter] Signature fixes. 2023-05-07 20:26:12 +02:00
psnames */*: Remove many function pointer casts. 2023-06-03 06:58:09 +02:00
raster * src/raster/ftraster.c (Draw_Sweep): Swap stub conditions. 2023-12-01 23:13:28 -05:00
sdf [sdf] Correct handling of empty glyphs. 2023-06-09 05:38:49 +02:00
sfnt [sfnt] Guard access in 'COLR' v1 glyph binary search. 2024-01-02 17:55:33 +01:00
smooth * src/smooth/ftgrays.c: Move the sweep functions... 2023-10-09 22:22:24 -04:00
svg */*: Remove many function pointer casts. 2023-06-03 06:58:09 +02:00
tools * src/tools/apinames.c (read_header_file): Typos. 2023-09-14 13:00:07 +00:00
truetype * src/truetype/ttgxvar.c (ft_var_to_normalized): Fix undefined left-shift. 2023-12-14 06:14:43 +01:00
type1 * src/type1/t1afm.c (t1_get_index): Restore `strlen` call. 2023-09-10 22:34:17 -04:00
type42 [type1, cid, type42] Post-cleanup. 2023-09-09 22:20:00 -04:00
winfonts * src/winfonts/winfnt.c: Signature fixes. 2023-05-07 16:30:21 +02:00