diff options
author | Nikhil Ramakrishnan <ramakrishnan.nikhil@gmail.com> | 2019-08-22 16:46:03 +0530 |
---|---|---|
committer | Nikhil Ramakrishnan <ramakrishnan.nikhil@gmail.com> | 2019-08-22 16:46:03 +0530 |
commit | f67786de4d52c972e68bcb07252ab3229996cb83 (patch) | |
tree | cc1caf3204d7cf4d688f36a4a3d4e5722228d141 | |
parent | 933c185b7e22e8b0c7b5a7ef8fb6ba32ce1acdd2 (diff) | |
download | freetype2-GSoC-2019-nikhil.tar.gz |
[woff2] Check whether known tag is in array bounds.GSoC-2019-nikhil
If table tag is not 0x3f, we expect a value between 0 and 62. If this is
not the case, exit with errors.
* src/sfnt/sfwoff2/c: Check whether table tag makes sense.
* src/sfnt/woff2tags.c: Return 0 if tag is out of bounds.
-rw-r--r-- | src/sfnt/sfwoff2.c | 12 | ||||
-rw-r--r-- | src/sfnt/woff2tags.c | 3 |
2 files changed, 13 insertions, 2 deletions
diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c index dbe6a62d5..9099b43e2 100644 --- a/src/sfnt/sfwoff2.c +++ b/src/sfnt/sfwoff2.c @@ -1760,7 +1760,15 @@ goto Exit; } else + { table->Tag = woff2_known_tags( table->FlagByte & 0x3f ); + if ( !table->Tag ) + { + FT_ERROR(( "woff2_open_font: Unknown table tag." )); + error = FT_THROW( Invalid_Table ); + goto Exit; + } + } flags = 0; xform_version = ( table->FlagByte >> 6 ) & 0x03; @@ -1787,7 +1795,7 @@ goto Exit; if ( table->Tag == TTAG_loca && table->TransformLength ) { - FT_ERROR(( "woff_font_open: Invalid loca `transformLength'.\n" )); + FT_ERROR(( "woff2_open_font: Invalid loca `transformLength'.\n" )); error = FT_THROW( Invalid_Table ); goto Exit; } @@ -1795,7 +1803,7 @@ if ( src_offset + table->TransformLength < src_offset ) { - FT_ERROR(( "woff_font_open: invalid WOFF2 table directory.\n" )); + FT_ERROR(( "woff2_open_font: invalid WOFF2 table directory.\n" )); error = FT_THROW( Invalid_Table ); goto Exit; } diff --git a/src/sfnt/woff2tags.c b/src/sfnt/woff2tags.c index 5b274d520..45ef3fa32 100644 --- a/src/sfnt/woff2tags.c +++ b/src/sfnt/woff2tags.c @@ -91,6 +91,9 @@ }; + if ( index < 0 || index > 62 ) + return 0; + return known_tags[index]; } |