ref: 248f5629d8889aa5b77ea5bfce0935140293d50d
parent: 125f2b63a503ecb1f78f86b4ebfb0303c0a46788
author: Werner Lemberg <[email protected]>
date: Sat Aug 13 02:53:53 EDT 2016
[winfonts] Avoid zero bitmap width and height. Reported as https://bugzilla.mozilla.org/show_bug.cgi?id=1272173 * src/winfonts/winfnt.c (FNT_Face_Init): Check zero pixel height. (FNT_Load_Glyph): Check for zero pitch.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2016-08-13 Werner Lemberg <[email protected]>
+
+ [winfonts] Avoid zero bitmap width and height.
+
+ Reported as
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1272173
+
+ * src/winfonts/winfnt.c (FNT_Face_Init): Check zero pixel height.
+ (FNT_Load_Glyph): Check for zero pitch.
+
2016-08-11 Alexei Podtelezhnikov <[email protected]>
* src/truetype/ttinterp.c (Pop_Push_Count): Revert changes.
--- a/src/winfonts/winfnt.c
+++ b/src/winfonts/winfnt.c
@@ -759,6 +759,14 @@
if ( error )
goto Fail;
+ /* sanity check */
+ if ( !face->font->header.pixel_height )
+ {+ FT_TRACE2(( "invalid pixel height\n" ));
+ error = FT_THROW( Invalid_File_Format );
+ goto Fail;
+ }
+
/* we now need to fill the root FT_Face fields */
/* with relevant information */
{@@ -1062,7 +1070,8 @@
bitmap->rows = font->header.pixel_height;
bitmap->pixel_mode = FT_PIXEL_MODE_MONO;
- if ( offset + pitch * bitmap->rows > font->header.file_size )
+ if ( !pitch ||
+ offset + pitch * bitmap->rows > font->header.file_size )
{FT_TRACE2(( "invalid bitmap width\n" ));
error = FT_THROW( Invalid_File_Format );