ref: 3774fc08b502c3e685afca098b6e8a195aded6a0
parent: f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
author: Werner Lemberg <[email protected]>
date: Sun Mar 26 04:32:09 EDT 2017
* src/psaux/psobjs.c (t1_builder_close_contour): Add safety guard. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-03-26 Werner Lemberg <[email protected]>
+
+ * src/psaux/psobjs.c (t1_builder_close_contour): Add safety guard.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
+
2017-03-23 Werner Lemberg <[email protected]>
[psaux] Better protect `flex' handling.
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -1718,6 +1718,14 @@
first = outline->n_contours <= 1
? 0 : outline->contours[outline->n_contours - 2] + 1;
+ /* in malformed fonts it can happen that a contour was started */
+ /* but no points were added */
+ if ( outline->n_contours && first == outline->n_points )
+ {+ outline->n_contours--;
+ return;
+ }
+
/* We must not include the last point in the path if it */
/* is located on the first point. */
if ( outline->n_points > 1 )