minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity
freetype2/src/sfnt
History
Werner Lemberg 57c4252ab5 [sfnt] Guard access in 'COLR' v1 glyph binary search. 
Reported as

  https://bugs.chromium.org/p/chromium/issues/detail?id=1505216

* src/sfnt/ttcolr.c (find_base_glyph_v1_record): Guard access of the search
pointer during binary search.  The pointer needs to be checked as we go as
the test that compares number of v1 glyphs with table size at the time of
loading the table is not sufficient on its own.

A scenario is possible in which the `BaseGlyphRecord` list extends into
non-`BaseGlyphRecord` parts of the 'COLR' v1 table (but passed the size
comparison check).  Then, at those locations, invalid glyph ID values are
read and may provoke an invalid read due to reassigning min and max values
during the binary search.
 		2024-01-02 17:55:33 +01:00
..
module.mk Update all copyright notices. 2023-01-17 09:18:25 +01:00
pngshim.c * src/sfnt/pngshim.c (Load_SBit_Png): Remove FALL_THROUGH warning. 2023-04-28 19:40:35 -04:00
pngshim.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
rules.mk Update all copyright notices. 2023-01-17 09:18:25 +01:00
sfdriver.c */*: Remove many function pointer casts. 2023-06-03 06:58:09 +02:00
sfdriver.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
sferrors.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
sfnt.c Update all copyright notices. 2023-01-17 09:18:25 +01:00
sfobjs.c [truetype] Fix style name handling for variation fonts. 2023-05-06 18:53:50 +02:00
sfobjs.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
sfwoff.c * src/*: Replace leading underscores with trailing ones in dummy variables. 2023-02-26 20:18:54 +01:00
sfwoff.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
sfwoff2.c [woff2] Clean up on large brotli expansion 2023-07-18 13:34:09 -04:00
sfwoff2.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttbdf.c * src/sfnt/sfdriver.c, src/sfnt/ttbdf.c: Clean up interface. 2023-05-07 14:59:50 +02:00
ttbdf.h * src/sfnt/sfdriver.c, src/sfnt/ttbdf.c: Clean up interface. 2023-05-07 14:59:50 +02:00
ttcmap.c * src/sfnt/ttcmap: Signature fixes. 2023-05-07 19:16:38 +02:00
ttcmap.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttcmapc.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttcolr.c [sfnt] Guard access in 'COLR' v1 glyph binary search. 2024-01-02 17:55:33 +01:00
ttcolr.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttcpal.c * src/*: Replace leading underscores with trailing ones in dummy variables. 2023-02-26 20:18:54 +01:00
ttcpal.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttkern.c Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttkern.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttload.c * src/sfnt/ttload.c (tt_face_load_font_dir): Add another guard. 2023-04-28 15:33:58 +02:00
ttload.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttmtx.c [sfnt, truetype] Add `size_reset` to `MetricsVariations`. 2023-04-11 10:20:58 +02:00
ttmtx.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttpost.c * src/sfnt/ttpost.c (load_format_20): Micro-optimize. 2023-09-06 22:58:46 -04:00
ttpost.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttsbit.c * src/*: Replace leading underscores with trailing ones in dummy variables. 2023-02-26 20:18:54 +01:00
ttsbit.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
ttsvg.c * src/*: Replace leading underscores with trailing ones in dummy variables. 2023-02-26 20:18:54 +01:00
ttsvg.h Update all copyright notices. 2023-01-17 09:18:25 +01:00
woff2tags.c * src/*: Replace leading underscores with trailing ones in dummy variables. 2023-02-26 20:18:54 +01:00
woff2tags.h Update all copyright notices. 2023-01-17 09:18:25 +01:00