Google Git
Sign in
flutter / third_party / freetype2 / 112527dd44edc388137fdf6809ddeb9cf1a9c51f
commit112527dd44edc388137fdf6809ddeb9cf1a9c51f[log] [tgz]
authorWerner Lemberg <wl@gnu.org>Sat Jan 22 11:45:30 2022 +0100
committerWerner Lemberg <wl@gnu.org>Sat Jan 22 12:09:08 2022 +0100
treeb69b87b4014b57170524902f55daaf83f105b267
parent706c79a1da4aeb05c331f6ff0a7051e7613d5aba [diff]
[sfnt] Reject malformed SVG tables.

* src/sfnt/ttsvg.c (SVG_TABLE_HEADER_SIZE, SVG_DOCUMENT_RECORD_SIZE,
SVG_DOCUMENT_LIST_MINIMUM_SIZE, SVG_MINIMUM_SIZE): New macros.
(tt_face_load_svg): Check offsets.
Check table and record sizes.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43918
1 file changed
tree: b69b87b4014b57170524902f55daaf83f105b267
  1. builds/
  2. devel/
  3. docs/
  4. include/
  5. objs/
  6. src/
  7. subprojects/
  8. tests/
  9. .clang-format
  10. .gitignore
  11. .gitlab-ci.yml
  12. .gitmodules
  13. .mailmap
  14. autogen.sh
  15. CMakeLists.txt
  16. configure
  17. LICENSE.TXT
  18. Makefile
  19. meson.build
  20. meson_options.txt
  21. modules.cfg
  22. README
  23. README.git
  24. vms_make.com