kc3-lang/freetype

Browse

Commit 3f090c6843dea837d1054e994e9ba18fefb75a62

Werner Lemberg 2017-12-31T10:32:08

* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

diff --git a/ChangeLog b/ChangeLog
index 5942a16..74351bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2017-12-31  Werner Lemberg  <wl@gnu.org>
 
+	* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838
+
+2017-12-31  Werner Lemberg  <wl@gnu.org>
+
 	Synchronize other Windows project files.
 
 	* builds/windows/*: Add missing files.
diff --git a/src/sfnt/ttcmap.c b/src/sfnt/ttcmap.c
index f6c02f9..45414d1 100644
--- a/src/sfnt/ttcmap.c
+++ b/src/sfnt/ttcmap.c
@@ -518,7 +518,11 @@
 
 
         if ( offset == 0 )
+        {
+          if ( charcode == 0x100 )
+            goto Exit; /* this happens only for a malformed cmap */
           goto Next_SubHeader;
+        }
 
         if ( char_lo < start )
         {
kmx.io     mail     discord kmxgit v0.4.0