walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix oss-fuzz 11657: buffer overrun 

Check overrun in Charset1_2::get_glyph
This commit is contained in:
Michiharu Ariza 2018-12-04 13:51:26 -08:00
parent d0a250a7b1
commit d3d2f32c6e
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/hb-ot-cff1-table.hh
View File

@ -392,13 +392,15 @@ struct Charset1_2 {
return 0;
}
inline hb_codepoint_t get_glyph (hb_codepoint_t sid) const
inline hb_codepoint_t get_glyph (hb_codepoint_t sid, unsigned int num_glyphs) const
{
if (sid == 0) return 0;
hb_codepoint_t glyph = 1;
for (unsigned int i = 0;; i++)
{
if ((ranges[i].first <= sid) && sid <= ranges[i].first + ranges[i].nLeft)
if (glyph >= num_glyphs)
return 0;
if ((ranges[i].first <= sid) && (sid <= ranges[i].first + ranges[i].nLeft))
return glyph + (sid - ranges[i].first);
glyph += (ranges[i].nLeft + 1);
}
@ -550,9 +552,9 @@ struct Charset {
if (format == 0)
return u.format0.get_glyph (sid, num_glyphs);
else if (format == 1)
return u.format1.get_glyph (sid);
return u.format1.get_glyph (sid, num_glyphs);
else
return u.format2.get_glyph (sid);
return u.format2.get_glyph (sid, num_glyphs);
}
HBUINT8 format;