ref: e662a9500f826a7f534170e981da4987ca8d83f3
parent: 7c685cb3f636a2fb9962e9fc371e5007e6f5258d
author: Dominik Röttsches <[email protected]>
date: Mon Apr 19 08:49:16 EDT 2021
[sfnt] Return in 'COLR' v1 when layer pointer outside table * src/sfnt/ttcolr.c (tt_face_get_paint_layers): Add missing return when paint pointer outside table. (read_paint): Add missing return when paint pointer outside table.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2021-04-19 Dominik Röttsches <[email protected]>
+
+ [sfnt] Return in 'COLR' v1 when layer pointer outside table
+
+ * src/sfnt/ttcolr.c (tt_face_get_paint_layers): Add missing return
+ when paint pointer outside table.
+ (read_paint): Add missing return when paint pointer outside table.
+
2021-04-18 Alexei Podtelezhnikov <[email protected]>
[cache] Switch to lazy SBit setting.
--- a/src/sfnt/ttcolr.c
+++ b/src/sfnt/ttcolr.c
@@ -390,6 +390,7 @@
if ( p < colr->base_glyphs_v1 ||
p >= ( (FT_Byte*)colr->table + colr->table_size ) )
+ return 0;
apaint->format = FT_NEXT_BYTE( p );
@@ -725,6 +726,7 @@
if ( p_paint < colr->base_glyphs_v1 ||
p_paint >= ( (FT_Byte*)colr->table + colr->table_size ) )
+ return 0;
opaque_paint->p = p_paint;