* src/sfnt/sfwoff2.c (woff2_open_font): Check `num_fonts' for TTCs.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18494
2019-10-25 21:29:13 +02:00 · 2019-10-25 21:29:13 +02:00 · b75031a26e
parent 0a3d2bb99b
commit b75031a26e
2 changed files with 14 additions and 0 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+2019-10-25  Werner Lemberg  <wl@gnu.org>
+
+	* src/sfnt/sfwoff2.c (woff2_open_font): Check `num_fonts' for TTCs.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18494
+
 2019-10-22  Werner Lemberg  <wl@gnu.org>

 	* src/sfnt/sfwoff2.c (woff2_open_font): Avoid undefined shift.
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@ -1948,6 +1948,12 @@
      if ( READ_255USHORT( woff2.num_fonts ) )
        goto Exit;

+      if ( !woff2.num_fonts )
+      {
+        error = FT_THROW( Invalid_Table );
+        goto Exit;
+      }
+
      FT_TRACE4(( "Number of fonts in TTC: %ld\n", woff2.num_fonts ));

      if ( FT_NEW_ARRAY( woff2.ttc_fonts, woff2.num_fonts ) )