Commit b98133a4e9831544fec776757b2a6745d4ebc51e

Werner Lemberg 2018-07-22T13:06:20

* src/pcf/pcfread.c (pcf_get_encodings): Check index of defaultChar. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9527

diff --git a/ChangeLog b/ChangeLog
index d442b40..020575c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2018-07-22  Werner Lemberg  <wl@gnu.org>
 
+	* src/pcf/pcfread.c (pcf_get_encodings): Check index of defaultChar.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9527
+
+2018-07-22  Werner Lemberg  <wl@gnu.org>
+
 	* src/pcf/pcfread.c (pcf_load_font): Fix number of glyphs.
 
 	This is an oversight of the module change 2018-07-21.
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index e55b472..a3a3dff 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -1059,6 +1059,14 @@ THE SOFTWARE.
     else
       defaultCharEncodingOffset = FT_PEEK_USHORT_LE( pos );
 
+    if ( defaultCharEncodingOffset >= face->nmetrics )
+    {
+      FT_TRACE0(( "pcf_get_encodings:"
+                  " Invalid glyph index for default character,"
+                  " setting to zero\n" ));
+      defaultCharEncodingOffset = 0;
+    }
+
     if ( defaultCharEncodingOffset )
     {
       /* do the swapping */