kc3-lang/freetype

Browse

Commit 86803acd2a8e274c76f7e985878258c8f16c2360

Nikhil Ramakrishnan 2019-08-22T16:46:03

[woff2] Check whether known tag is in array bounds. If table tag is not 0x3f, we expect a value between 0 and 62. If this is not the case, exit with errors. * src/sfnt/sfwoff2/c: Check whether table tag makes sense. * src/sfnt/woff2tags.c: Return 0 if tag is out of bounds. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

diff --git a/ChangeLog b/ChangeLog
index cdd6192..91dc356 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 2019-08-27  Nikhil Ramakrishnan  <ramakrishnan.nikhil@gmail.com>
 
+	[woff2] Check whether known tag is in array bounds.
+
+	If table tag is not 0x3f, we expect a value between 0 and 62.  If
+	this is not the case, exit with errors.
+
+	* src/sfnt/sfwoff2/c: Check whether table tag makes sense.
+
+	* src/sfnt/woff2tags.c: Return 0 if tag is out of bounds.
+
+2019-08-27  Nikhil Ramakrishnan  <ramakrishnan.nikhil@gmail.com>
+
 	* src/sfnt/sfwoff2.c: Improve trace comments.
 
 	Adjust tracing levels for comments, and more formatting.
diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c
index dbe6a62..9099b43 100644
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@@ -1760,7 +1760,15 @@
           goto Exit;
       }
       else
+      {
         table->Tag = woff2_known_tags( table->FlagByte & 0x3f );
+        if ( !table->Tag )
+        {
+          FT_ERROR(( "woff2_open_font: Unknown table tag." ));
+          error = FT_THROW( Invalid_Table );
+          goto Exit;
+        }
+      }
 
       flags = 0;
       xform_version = ( table->FlagByte >> 6 ) & 0x03;
@@ -1787,7 +1795,7 @@
           goto Exit;
         if ( table->Tag == TTAG_loca && table->TransformLength )
         {
-          FT_ERROR(( "woff_font_open: Invalid loca `transformLength'.\n" ));
+          FT_ERROR(( "woff2_open_font: Invalid loca `transformLength'.\n" ));
           error = FT_THROW( Invalid_Table );
           goto Exit;
         }
@@ -1795,7 +1803,7 @@
 
       if ( src_offset + table->TransformLength < src_offset )
       {
-        FT_ERROR(( "woff_font_open: invalid WOFF2 table directory.\n" ));
+        FT_ERROR(( "woff2_open_font: invalid WOFF2 table directory.\n" ));
         error = FT_THROW( Invalid_Table );
         goto Exit;
       }
diff --git a/src/sfnt/woff2tags.c b/src/sfnt/woff2tags.c
index 5b274d5..45ef3fa 100644
--- a/src/sfnt/woff2tags.c
+++ b/src/sfnt/woff2tags.c
@@ -91,6 +91,9 @@
     };
 
 
+    if ( index < 0 || index > 62 )
+      return 0;
+
     return known_tags[index];
   }
kmx.io     mail     discord kmxgit v0.4.0