kc3-lang/freetype

Browse

Commit e662a9500f826a7f534170e981da4987ca8d83f3

Dominik Röttsches 2021-04-19T12:49:16

[sfnt] Return in 'COLR' v1 when layer pointer outside table * src/sfnt/ttcolr.c (tt_face_get_paint_layers): Add missing return when paint pointer outside table. (read_paint): Add missing return when paint pointer outside table. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

diff --git a/ChangeLog b/ChangeLog
index 4b41688..9bd9553 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2021-04-19  Dominik Röttsches  <drott@chromium.org>
+
+	[sfnt] Return in 'COLR' v1 when layer pointer outside table
+
+	* src/sfnt/ttcolr.c (tt_face_get_paint_layers): Add missing return
+	when paint pointer outside table.
+	(read_paint): Add missing return when paint pointer outside table.
+
 2021-04-18  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	[cache] Switch to lazy SBit setting.
diff --git a/src/sfnt/ttcolr.c b/src/sfnt/ttcolr.c
index 617ba93..f3f396a 100644
--- a/src/sfnt/ttcolr.c
+++ b/src/sfnt/ttcolr.c
@@ -390,6 +390,7 @@
 
     if ( p < colr->base_glyphs_v1                          ||
          p >= ( (FT_Byte*)colr->table + colr->table_size ) )
+      return 0;
 
     apaint->format = FT_NEXT_BYTE( p );
 
@@ -725,6 +726,7 @@
 
     if ( p_paint < colr->base_glyphs_v1                          ||
          p_paint >= ( (FT_Byte*)colr->table + colr->table_size ) )
+      return 0;
 
     opaque_paint->p = p_paint;
kmx.io     mail     discord kmxgit v0.4.0