diff options
| author | Werner Lemberg <wl@gnu.org> | 2020-06-19 05:41:37 +0200 |
|---|---|---|
| committer | Werner Lemberg <wl@gnu.org> | 2020-06-19 05:41:37 +0200 |
| commit | 4d364b68215f1380b66164f3f0e4bdadc154d08f (patch) | |
| tree | ced3bf2dc25925792ec38958388a3f675ba291af | |
| parent | d924c5cf7e5554b22f7edfcb9e98670c4c02c3f0 (diff) | |
| download | freetype2-4d364b68215f1380b66164f3f0e4bdadc154d08f.tar.gz | |
[woff2] Fix segfault.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23402
* src/sfnt/sfwoff2.c (get_x_mins): Check whether `loca' table
exists.
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | src/sfnt/sfwoff2.c | 6 |
2 files changed, 17 insertions, 0 deletions
@@ -1,3 +1,14 @@ +2020-06-19 Werner Lemberg <wl@gnu.org> + + [woff2] Fix segfault. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23402 + + * src/sfnt/sfwoff2.c (get_x_mins): Check whether `loca' table + exists. + 2020-06-19 Stephen McDowell <svenevs.dev@gmail.com> [sfnt] Support Intel compilers. diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c index 3f590444f..781b93206 100644 --- a/src/sfnt/sfwoff2.c +++ b/src/sfnt/sfwoff2.c @@ -1286,6 +1286,12 @@ return FT_THROW( Invalid_Table ); } + if ( !info->loca_table ) + { + FT_ERROR(( "`loca' table is missing.\n" )); + return FT_THROW( Invalid_Table ); + } + /* Read `numGlyphs' field from `maxp' table. */ if ( FT_STREAM_SEEK( maxp_table->src_offset ) || FT_STREAM_SKIP( 8 ) ) return error; |