walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[kerx] Make sure subtables are non-zero-length 

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11400
This commit is contained in:
Behdad Esfahbod 2018-11-22 22:02:19 -05:00
parent a9e0bdc35d
commit 2c8188bf59
3 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/hb-aat-layout-kerx-table.hh
View File

@ -812,6 +812,7 @@ struct KerxSubTable
{ {
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.header.sanitize (c) || if (!u.header.sanitize (c) ||
u.header.length <= u.header.static_size ||
!c->check_range (this, u.header.length)) !c->check_range (this, u.header.length))
return_trace (false); return_trace (false);

2
src/hb-aat-layout-morx-table.hh
View File

@ -915,7 +915,7 @@ struct ChainSubtable
{ {
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!length.sanitize (c) || if (!length.sanitize (c) ||
length < min_size || length <= min_size ||
!c->check_range (this, length)) !c->check_range (this, length))
return_trace (false); return_trace (false);

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5722888989048832 Normal file
View File

Binary file not shown.