forked from minhngoc25a/freetype2
[psaux] Fix another assertion.
* src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the problem can happen with invalid user input. Test case is file fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read in the `freetype2-testing` repository.
This commit is contained in:
parent
a34afe6786
commit
db0f2c448e
20
ChangeLog
20
ChangeLog
|
@ -1,3 +1,17 @@
|
|||
2021-06-12 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[psaux] Fix another assertion.
|
||||
|
||||
* src/psaux/psintrp.c (cf2_interpT2CharString)
|
||||
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
|
||||
problem can happen with invalid user input.
|
||||
|
||||
Test case is file
|
||||
|
||||
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
|
||||
|
||||
in the `freetype2-testing` repository.
|
||||
|
||||
2021-06-12 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[psaux] Fix assertions.
|
||||
|
@ -5,6 +19,12 @@
|
|||
* src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow
|
||||
before emitting an assertion error.
|
||||
|
||||
Test case is file
|
||||
|
||||
fuzzing/corpora/legacy/oss-fuzz/4594115297673216-integer-overflow
|
||||
|
||||
in the `freetype2-testing` repository.
|
||||
|
||||
2021-06-09 Alexei Podtelezhnikov <apodtele@gmail.com>
|
||||
|
||||
* src/truetype/ttinterp.c (TT_RunIns): Optimize tracing.
|
||||
|
|
|
@ -1670,7 +1670,13 @@
|
|||
*/
|
||||
|
||||
count = cf2_stack_count( opStack );
|
||||
FT_ASSERT( (CF2_UInt)arg_cnt <= count );
|
||||
if ( (CF2_UInt)arg_cnt > count )
|
||||
{
|
||||
FT_ERROR(( "cf2_interpT2CharString (Type 1 mode):"
|
||||
" stack underflow\n" ));
|
||||
lastError = FT_THROW( Invalid_Glyph_Format );
|
||||
goto exit;
|
||||
}
|
||||
|
||||
opIdx += count - (CF2_UInt)arg_cnt;
|
||||
|
||||
|
|
Loading…
Reference in New Issue