ref: aae8808780d4b73cf51f80ba40c4b7b854ca1487
parent: b6fd5bc06c4434a832328c4682544c436484265e
author: Werner Lemberg <[email protected]>
date: Tue Nov 3 12:30:36 EST 2015
[sfnt] Protect against zero-size bitmaps (#46345). * src/sfnt/ttsbit.c (tt_sbit_decoder_load_bitmap): Check `glyph_size'.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-11-03 Werner Lemberg <[email protected]>
+
+ [sfnt] Protect against zero-size bitmaps (#46345).
+
+ * src/sfnt/ttsbit.c (tt_sbit_decoder_load_bitmap): Check
+ `glyph_size'.
+
2015-11-02 Nikolaus Waxweiler <[email protected]>
* src/autofit/afloader.c (af_loader_load_g): Implement emboldening.
--- a/src/sfnt/ttsbit.c
+++ b/src/sfnt/ttsbit.c
@@ -1025,7 +1025,8 @@
/* seek into the EBDT table now */
- if ( glyph_start + glyph_size > decoder->ebdt_size )
+ if ( !glyph_size ||
+ glyph_start + glyph_size > decoder->ebdt_size )
{
error = FT_THROW( Invalid_Argument );
goto Exit;