shithub: freetype+ttf2subf

Download patch

ref: aae8808780d4b73cf51f80ba40c4b7b854ca1487
parent: b6fd5bc06c4434a832328c4682544c436484265e
author: Werner Lemberg <[email protected]>
date: Tue Nov 3 12:30:36 EST 2015

[sfnt] Protect against zero-size bitmaps (#46345).

* src/sfnt/ttsbit.c (tt_sbit_decoder_load_bitmap): Check
`glyph_size'.

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-11-03  Werner Lemberg  <[email protected]>
+
+	[sfnt] Protect against zero-size bitmaps (#46345).
+
+	* src/sfnt/ttsbit.c (tt_sbit_decoder_load_bitmap): Check
+	`glyph_size'.
+
 2015-11-02  Nikolaus Waxweiler  <[email protected]>
 
 	* src/autofit/afloader.c (af_loader_load_g): Implement emboldening.
--- a/src/sfnt/ttsbit.c
+++ b/src/sfnt/ttsbit.c
@@ -1025,7 +1025,8 @@
 
 
     /* seek into the EBDT table now */
-    if ( glyph_start + glyph_size > decoder->ebdt_size )
+    if ( !glyph_size                                   ||
+         glyph_start + glyph_size > decoder->ebdt_size )
     {
       error = FT_THROW( Invalid_Argument );
       goto Exit;