cff2 subset fuzzer issues (#1619)

* add check to FDArray::serialize

* add test files

* fix off by one
This commit is contained in:
Michiharu Ariza 2019-03-15 13:46:25 -07:00 committed by GitHub
parent 8aaab78efc
commit bcb4e505d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 1 additions and 0 deletions

View File

@ -525,6 +525,7 @@ struct FDArray : CFFIndexOf<COUNT, FontDict>
for (unsigned i = 0; i < fontDicts.length; i++) for (unsigned i = 0; i < fontDicts.length; i++)
if (fdmap.includes (i)) if (fdmap.includes (i))
{ {
if (unlikely (fid >= fdCount)) return_trace (false);
CFFIndexOf<COUNT, FontDict>::set_offset_at (fid++, offset); CFFIndexOf<COUNT, FontDict>::set_offset_at (fid++, offset);
offset += FontDict::calculate_serialized_size (fontDicts[i], opszr); offset += FontDict::calculate_serialized_size (fontDicts[i], opszr);
} }