• Show log

    Commit

  • Hash : bd417007
    Author : Ben Wagner
    Date : 2022-09-26T14:46:42

    [sfnt] Add SVG document bounds checking. Add a check that the document content is actually contained within the `SVG ` table. Without this check a malformed font may claim arbitrary memory as its document content. * src/sfnt/ttsvg.c (tt_face_load_svg): Take `numEntries` into account when testing 'documentRecord' extents. (find_doc): Rename `stream` to `document_records` for clarity. (tt_face_load_svg_doc): Split `doc` from `doc_list` pointer for clarity. Test that the document content is contained within the table. Ensure minimum length of document before testing for gzip format. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51812

  • README

  • FreeType 2.12.1
    ===============
    
    Homepage: https://www.freetype.org
    
    FreeType is a freely available software library to render fonts.
    
    It  is  written  in  C,   designed  to  be  small,  efficient,  highly
    customizable,  and portable  while capable  of producing  high-quality
    output (glyph images) of most vector and bitmap font formats.
    
    Please   read  the   `docs/CHANGES`   file,   it  contains   IMPORTANT
    INFORMATION.
    
    Read the files `docs/INSTALL*`  for installation instructions; see the
    file `docs/LICENSE.TXT` for the available licenses.
    
    For using FreeType's git repository  instead of a distribution bundle,
    please read file  `README.git`.  Note that you have  to actually clone
    the repository; using a snapshot will  not work (in other words, don't
    use gitlab's 'Download' button).
    
    The FreeType 2 API reference is located in directory `docs/reference`;
    use the file  `index.html` as the top entry point.   [Please note that
    currently  the search  function  for  locally installed  documentation
    doesn't work due to cross-site scripting issues.]
    
    Additional documentation is  available as a separate  package from our
    sites.  Go to
    
      https://download.savannah.gnu.org/releases/freetype/
    
    and download one of the following files.
    
      freetype-doc-2.12.1.tar.xz
      freetype-doc-2.12.1.tar.gz
      ftdoc2121.zip
    
    To view the documentation online, go to
    
      https://www.freetype.org/freetype2/docs/
    
    
    Mailing Lists
    -------------
    
    The preferred  way of  communication with the  FreeType team  is using
    e-mail lists.
    
      general use and discussion:      freetype@nongnu.org
      engine internals, porting, etc.: freetype-devel@nongnu.org
      announcements:                   freetype-announce@nongnu.org
      git repository tracker:          freetype-commit@nongnu.org
    
    The lists are moderated; see
    
      https://www.freetype.org/contact.html
    
    how to subscribe.
    
    
    Bugs
    ----
    
    Please submit bug reports at
    
      https://gitlab.freedesktop.org/freetype/freetype/-/issues
    
    Alternatively,    you    might    report    bugs    by    e-mail    to
    `freetype-devel@nongnu.org`.    Don't  forget   to  send   a  detailed
    explanation of the problem -- there  is nothing worse than receiving a
    terse message that only says 'it doesn't work'.
    
    
    Patches
    -------
    
    For larger changes please provide merge requests at
    
      https://gitlab.freedesktop.org/freetype/freetype/-/merge_requests
    
    Alternatively, you can send patches to the `freetype-devel@nongnu.org`
    mailing list  -- and thank you  in advance for your  work on improving
    FreeType!
    
    Details on the process can be found here:
    
      https://www.freetype.org/developer.html#patches
    
    
    Enjoy!
    
      The FreeType Team
    
    ----------------------------------------------------------------------
    
    Copyright (C) 2006-2022 by
    David Turner, Robert Wilhelm, and Werner Lemberg.
    
    This  file is  part of  the FreeType  project, and  may only  be used,
    modified,  and distributed  under the  terms of  the  FreeType project
    license,  LICENSE.TXT.  By  continuing to  use, modify,  or distribute
    this file you  indicate that you have read  the license and understand
    and accept it fully.
    
    
    --- end of README ---