shithub: freetype+ttf2subf

Download patch

ref: 3b8bc65c50b6d306239d461cf96f22f50fc2aed5
parent: 90a30f154a612693641e5366ea8d1d27ea2a4a99
author: Werner Lemberg <[email protected]>
date: Tue Oct 22 04:07:05 EDT 2019

* src/sfnt/sfwoff2.c (woff2_open_font): Avoid undefined shift.

Also improve tracing.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18390

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2019-10-22  Werner Lemberg  <[email protected]>
+
+	* src/sfnt/sfwoff2.c (woff2_open_font): Avoid undefined shift.
+
+	Also improve tracing.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18390
+
 2019-10-10  Alexei Podtelezhnikov  <[email protected]>
 
 	* src/sfnt/pngshim.c (premultiply_data): Optimize for __SSE__ only.
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@@ -1969,7 +1969,10 @@
         FT_TRACE5(( "Number of tables in font %d: %ld\n",
                     nn, ttc_font->num_tables ));
 
-        FT_TRACE6(( "  Indices: " ));
+#ifdef FT_DEBUG_LEVEL_TRACE
+        if ( ttc_font->num_tables )
+          FT_TRACE6(( "  Indices: " ));
+#endif
 
         glyf_index = 0;
         loca_index = 0;
@@ -2000,7 +2003,10 @@
             glyf_index = table_index;
         }
 
-        FT_TRACE6(( "\n" ));
+#ifdef FT_DEBUG_LEVEL_TRACE
+        if ( ttc_font->num_tables )
+          FT_TRACE6(( "\n" ));
+#endif
 
         /* glyf and loca must be consecutive */
         if ( glyf_index > 0 || loca_index > 0 )
@@ -2137,6 +2143,9 @@
 
     sfnt_header = sfnt;
 
+    WRITE_ULONG( sfnt_header, woff2.flavor );
+
+    if ( woff2.num_tables )
     {
       FT_UInt  searchRange, entrySelector, rangeShift, x;
 
@@ -2151,16 +2160,15 @@
       entrySelector--;
 
       searchRange = ( 1 << entrySelector ) * 16;
-      rangeShift  = ( woff2.num_tables * 16  ) - searchRange;
+      rangeShift  = ( woff2.num_tables * 16 ) - searchRange;
 
-      WRITE_ULONG ( sfnt_header, woff2.flavor );
       WRITE_USHORT( sfnt_header, woff2.num_tables );
       WRITE_USHORT( sfnt_header, searchRange );
       WRITE_USHORT( sfnt_header, entrySelector );
       WRITE_USHORT( sfnt_header, rangeShift );
-
-      info.header_checksum = compute_ULong_sum( sfnt, 12 );
     }
+
+    info.header_checksum = compute_ULong_sum( sfnt, 12 );
 
     /* Sort tables by tag. */
     ft_qsort( indices,