kc3-lang/freetype/src

Branch : - branch - master v2.13 - tag -

• Show log

  Commit

• Author : Werner Lemberg
  Date : 2024-01-02 17:55:33
  Hash : 57c4252a
  Message : [sfnt] Guard access in 'COLR' v1 glyph binary search. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1505216 * src/sfnt/ttcolr.c (find_base_glyph_v1_record): Guard access of the search pointer during binary search. The pointer needs to be checked as we go as the test that compares number of v1 glyphs with table size at the time of loading the table is not sufficient on its own. A scenario is possible in which the `BaseGlyphRecord` list extends into non-`BaseGlyphRecord` parts of the 'COLR' v1 table (but passed the size comparison check). Then, at those locations, invalid glyph ID values are read and may provoke an invalid read due to reassigning min and max values during the binary search.

• Files
• autofit
• base
• bdf
• bzip2
• cache
• cff
• cid
• dlg
• gxvalid
• gzip
• lzw
• otvalid
• pcf
• pfr
• psaux
• pshinter
• psnames
• raster
• sdf
• sfnt
• smooth
• svg
• tools
• truetype
• type1
• type42
• winfonts