[kerx] Make sure subtables are non-zero-length

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11400
This commit is contained in:
Behdad Esfahbod 2018-11-22 22:02:19 -05:00
parent a9e0bdc35d
commit 2c8188bf59
3 changed files with 2 additions and 1 deletions

View File

@ -812,6 +812,7 @@ struct KerxSubTable
{ {
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!u.header.sanitize (c) || if (!u.header.sanitize (c) ||
u.header.length <= u.header.static_size ||
!c->check_range (this, u.header.length)) !c->check_range (this, u.header.length))
return_trace (false); return_trace (false);

View File

@ -915,7 +915,7 @@ struct ChainSubtable
{ {
TRACE_SANITIZE (this); TRACE_SANITIZE (this);
if (!length.sanitize (c) || if (!length.sanitize (c) ||
length < min_size || length <= min_size ||
!c->check_range (this, length)) !c->check_range (this, length))
return_trace (false); return_trace (false);