shithub: freetype+ttf2subf

Download patch

ref: 3f090c6843dea837d1054e994e9ba18fefb75a62
parent: 0268bf35f0d0e773317824648350f04249eb89c7
author: Werner Lemberg <[email protected]>
date: Sun Dec 31 05:32:08 EST 2017 

* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2017-12-31  Werner Lemberg  <[email protected]>
 
+	* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix endless loop.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4838
+
+2017-12-31  Werner Lemberg  <[email protected]>
+
 	Synchronize other Windows project files.
 
 	* builds/windows/*: Add missing files.
--- a/src/sfnt/ttcmap.c
+++ b/src/sfnt/ttcmap.c
@@ -518,7 +518,11 @@
 
 
         if ( offset == 0 )
+        {
+          if ( charcode == 0x100 )
+            goto Exit; /* this happens only for a malformed cmap */
           goto Next_SubHeader;
+        }
 
         if ( char_lo < start )
         {