diff options
| author | Werner Lemberg <wl@gnu.org> | 2017-12-31 10:32:08 +0100 |
|---|---|---|
| committer | Werner Lemberg <wl@gnu.org> | 2017-12-31 10:32:08 +0100 |
| commit | 3f090c6843dea837d1054e994e9ba18fefb75a62 (patch) | |
| tree | 5b1a787103140dd935542782c2bf69bdfa4d3d69 /src/sfnt/ttcmap.c | |
| parent | 0268bf35f0d0e773317824648350f04249eb89c7 (diff) | |
| download | freetype2-3f090c6843dea837d1054e994e9ba18fefb75a62.tar.gz | |
* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838
Diffstat (limited to 'src/sfnt/ttcmap.c')
| -rw-r--r-- | src/sfnt/ttcmap.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c index f6c02f907..45414d1ae 100644 --- a/src/sfnt/ttcmap.c +++ b/src/sfnt/ttcmap.c @@ -518,7 +518,11 @@ if ( offset == 0 ) + { + if ( charcode == 0x100 ) + goto Exit; /* this happens only for a malformed cmap */ goto Next_SubHeader; + } if ( char_lo < start ) { |