walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1449 from harfbuzz/cff-fixcharset 

[CFF] fix for oss-fuzz 11657: Charset overrun
This commit is contained in:
Ebrahim Byagowi 2018-12-05 13:25:18 +03:30 committed by GitHub
parent cf4b7db6b1 78f639b8bf
commit 79e7e3445e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/hb-ot-cff1-table.hh
View File

@ -392,13 +392,15 @@ struct Charset1_2 {
return 0; return 0;
} }
inline hb_codepoint_t get_glyph (hb_codepoint_t sid) const inline hb_codepoint_t get_glyph (hb_codepoint_t sid, unsigned int num_glyphs) const
{ {
if (sid == 0) return 0; if (sid == 0) return 0;
hb_codepoint_t glyph = 1; hb_codepoint_t glyph = 1;
for (unsigned int i = 0;; i++) for (unsigned int i = 0;; i++)
{ {
if ((ranges[i].first <= sid) && sid <= ranges[i].first + ranges[i].nLeft) if (glyph >= num_glyphs)
return 0;
if ((ranges[i].first <= sid) && (sid <= ranges[i].first + ranges[i].nLeft))
return glyph + (sid - ranges[i].first); return glyph + (sid - ranges[i].first);
glyph += (ranges[i].nLeft + 1); glyph += (ranges[i].nLeft + 1);
} }
@ -550,9 +552,9 @@ struct Charset {
if (format == 0) if (format == 0)
return u.format0.get_glyph (sid, num_glyphs); return u.format0.get_glyph (sid, num_glyphs);
else if (format == 1) else if (format == 1)
return u.format1.get_glyph (sid); return u.format1.get_glyph (sid, num_glyphs);
else else
return u.format2.get_glyph (sid); return u.format2.get_glyph (sid, num_glyphs);
} }
HBUINT8 format; HBUINT8 format;

BIN
test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992 Normal file
View File

Binary file not shown.