Commit 182295cbcf63e0399f5df68f3d8a7e60b8eeecdb

Werner Lemberg 2022-07-26T16:08:00

[pfr] Add some safety guards. * src/pfr/pfrload.c (pfr_phy_font_load): Check resolutions and number of characters. Fixes #1174.

diff --git a/src/pfr/pfrload.c b/src/pfr/pfrload.c
index 25ba077..97290ef 100644
--- a/src/pfr/pfrload.c
+++ b/src/pfr/pfrload.c
@@ -852,6 +852,14 @@
     phy_font->bbox.yMax          = PFR_NEXT_SHORT( p );
     phy_font->flags      = flags = PFR_NEXT_BYTE( p );
 
+    if ( !phy_font->outline_resolution ||
+         !phy_font->metrics_resolution )
+    {
+      error = FT_THROW( Invalid_Table );
+      FT_ERROR(( "pfr_phy_font_load: invalid resolution\n" ));
+      goto Fail;
+    }
+
     /* get the standard advance for non-proportional fonts */
     if ( !( flags & PFR_PHY_PROPORTIONAL ) )
     {
@@ -969,6 +977,13 @@
       phy_font->num_chars    = count = PFR_NEXT_USHORT( p );
       phy_font->chars_offset = offset + (FT_Offset)( p - stream->cursor );
 
+      if ( !phy_font->num_chars )
+      {
+        error = FT_THROW( Invalid_Table );
+        FT_ERROR(( "pfr_phy_font_load: no glyphs\n" ));
+        goto Fail;
+      }
+
       Size = 1 + 1 + 2;
       if ( flags & PFR_PHY_2BYTE_CHARCODE )
         Size += 1;