shithub: freetype+ttf2subf

Download patch

ref: 4d364b68215f1380b66164f3f0e4bdadc154d08f
parent: d924c5cf7e5554b22f7edfcb9e98670c4c02c3f0
author: Werner Lemberg <[email protected]>
date: Fri Jun 19 01:41:37 EDT 2020 

[woff2] Fix segfault.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23402

* src/sfnt/sfwoff2.c (get_x_mins): Check whether `loca' table
exists.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2020-06-19  Werner Lemberg  <[email protected]>
+
+	[woff2] Fix segfault.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23402
+
+	* src/sfnt/sfwoff2.c (get_x_mins): Check whether `loca' table
+	exists.
+
 2020-06-19  Stephen McDowell  <[email protected]>
 
 	[sfnt] Support Intel compilers.
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@@ -1286,6 +1286,12 @@
       return FT_THROW( Invalid_Table );
     }
 
+    if ( !info->loca_table )
+    {
+      FT_ERROR(( "`loca' table is missing.\n" ));
+      return FT_THROW( Invalid_Table );
+    }
+
     /* Read `numGlyphs' field from `maxp' table. */
     if ( FT_STREAM_SEEK( maxp_table->src_offset ) || FT_STREAM_SKIP( 8 ) )
       return error;