Commit 248f5629d8889aa5b77ea5bfce0935140293d50d
2016-08-13T06:53:53
[winfonts] Avoid zero bitmap width and height. Reported as https://bugzilla.mozilla.org/show_bug.cgi?id=1272173 * src/winfonts/winfnt.c (FNT_Face_Init): Check zero pixel height. (FNT_Load_Glyph): Check for zero pitch.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
diff --git a/ChangeLog b/ChangeLog
index 0581fd7..e1f6629 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2016-08-13 Werner Lemberg <wl@gnu.org>
+
+ [winfonts] Avoid zero bitmap width and height.
+
+ Reported as
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1272173
+
+ * src/winfonts/winfnt.c (FNT_Face_Init): Check zero pixel height.
+ (FNT_Load_Glyph): Check for zero pitch.
+
2016-08-11 Alexei Podtelezhnikov <apodtele@gmail.com>
* src/truetype/ttinterp.c (Pop_Push_Count): Revert changes.
diff --git a/src/winfonts/winfnt.c b/src/winfonts/winfnt.c
index 1c74ccd..a0a1800 100644
--- a/src/winfonts/winfnt.c
+++ b/src/winfonts/winfnt.c
@@ -759,6 +759,14 @@
if ( error )
goto Fail;
+ /* sanity check */
+ if ( !face->font->header.pixel_height )
+ {
+ FT_TRACE2(( "invalid pixel height\n" ));
+ error = FT_THROW( Invalid_File_Format );
+ goto Fail;
+ }
+
/* we now need to fill the root FT_Face fields */
/* with relevant information */
{
@@ -1062,7 +1070,8 @@
bitmap->rows = font->header.pixel_height;
bitmap->pixel_mode = FT_PIXEL_MODE_MONO;
- if ( offset + pitch * bitmap->rows > font->header.file_size )
+ if ( !pitch ||
+ offset + pitch * bitmap->rows > font->header.file_size )
{
FT_TRACE2(( "invalid bitmap width\n" ));
error = FT_THROW( Invalid_File_Format );