* src/smooth/ftsmooth.c (ft_smooth_raster_overlap): Limit width.

Segmentation fault reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24729
author: Alexei Podtelezhnikov <apodtele@gmail.com> 2020-08-25 23:16:27 -0400
committer: Alexei Podtelezhnikov <apodtele@gmail.com> 2020-08-25 23:16:27 -0400
commit: 6730854c397130879c64bd766c673b9bccf9c04a (patch)
tree: 2539488792069095a5c838878156a4a1347b99c8
parent: cdc009c24afac88846ed24e21c84e33792384665 (diff)
download: freetype2-6730854c397130879c64bd766c673b9bccf9c04a.tar.gz
2 files changed, 13 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index dc91ab546..0e3b5b543 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2020-08-25  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	* src/smooth/ftsmooth.c (ft_smooth_raster_overlap): Limit width.
+
+	Segmentation fault reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24729
+
 2020-08-22  Werner Lemberg  <wl@gnu.org>
 
 	* src/truetype/ttgload.c (TT_Get_VMetrics): Add tracing message.
diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c
index 3ce1cea24..eb5928f6f 100644
--- a/src/smooth/ftsmooth.c
+++ b/src/smooth/ftsmooth.c
@@ -379,6 +379,11 @@
     TOrigin            target;
 
 
+    /* Reject outlines that are too wide for 16-bit FT_Span.       */
+    /* Other limits are applied upstream with the same error code. */
+    if ( bitmap->width * SCALE > 0x7FFF )
+      return FT_THROW( Raster_Overflow );
+
     /* Set up direct rendering to average oversampled spans. */
     params.target     = bitmap;
     params.source     = outline;
author	Alexei Podtelezhnikov <apodtele@gmail.com>	2020-08-25 23:16:27 -0400
committer	Alexei Podtelezhnikov <apodtele@gmail.com>	2020-08-25 23:16:27 -0400
commit	6730854c397130879c64bd766c673b9bccf9c04a (patch)
tree	2539488792069095a5c838878156a4a1347b99c8
parent	cdc009c24afac88846ed24e21c84e33792384665 (diff)
download	freetype2-6730854c397130879c64bd766c673b9bccf9c04a.tar.gz