Sophie

Sophie

distrib > Mageia > 5 > x86_64 > media > core-updates-src > by-pkgid > d8a71aa3ee3703779bb44ff6a259ff60 > files > 7

freetype2-2.5.4-2.3.mga5.src.rpm

From a660e3de422731b94d4a134d27555430cbb6fb39 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Fri, 26 Aug 2016 00:23:27 +0200
Subject: [type1] Fix heap buffer overflow.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36

* src/type1/t1load.c (parse_charstrings): Reject fonts that don't
contain glyph names.
---
 src/type1/t1load.c |  6 ++++++
 1 files changed, 6 insertions(+)

diff --git a/src/type1/t1load.c b/src/type1/t1load.c
index c981adc..f8bf313 100644
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@@ -1776,6 +1776,12 @@
       }
     }
 
+    if ( !n )
+    {
+      error = FT_THROW( Invalid_File_Format );
+      goto Fail;
+    }
+
     loader->num_glyphs = n;
 
     /* if /.notdef is found but does not occupy index 0, do our magic. */
-- 
cgit v1.0-41-gc330

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional