diff options
| author | Armin Hasitzka <prince.cherusker@gmail.com> | 2019-03-31 11:08:49 +0100 |
|---|---|---|
| committer | Armin Hasitzka <prince.cherusker@gmail.com> | 2019-03-31 11:08:49 +0100 |
| commit | 6986ddac1ece9404c9b640a512cbd99534205fda (patch) | |
| tree | 9bce6ce52ffebf1797e612f3cc0f11bbcff101ec /src/type42 | |
| parent | fdb10e8b50cfff7be2ec2b77cb4a695f3d77643c (diff) | |
| download | freetype2-6986ddac1ece9404c9b640a512cbd99534205fda.tar.gz | |
[cff] Fix boundary checks.
642bc7590c701c8cd35a9f60fa899cfa518b17ff introduced dynamically
allocated memory when parsing CFF files with the "old" engine. Bounds
checks have never been updated, however, leading to pointless
comparisons of pointers in some cases. This commit presents a
solution for bounds checks in the CFF module with an extended logic
for the "old" engine while staying as concise as possible for the
"new" one.
* src/cff/cffparse.h: Introduce the struct `CFF_T2_StringRec' and
the additional field `t2_strings' within `CFF_ParserRec'.
* src/cff/cffparse.c (cff_parser_within_limits): Move all boundary
checks into this new function and update the rest of `cffparse.c' to
use it.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12137
Diffstat (limited to 'src/type42')
0 files changed, 0 insertions, 0 deletions