[freetype2] master 44db1ad: [cff] Fix another segv in old engine.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master 44db1ad: [cff] Fix another segv in old engine.

From:	Werner LEMBERG
Subject:	[freetype2] master 44db1ad: [cff] Fix another segv in old engine.
Date:	Tue, 14 Aug 2018 04:01:18 -0400 (EDT)

branch: master
commit 44db1addd80981b1a9cbea6b8608c99592a065ea
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [cff] Fix another segv in old engine.
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9872
    
    * src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
    [CFF_CONFIG_OPTION_OLD_ENGINE]: Disallow invalid T1 opcodes in
    dictionaries.
---
 ChangeLog             | 14 +++++++++++++-
 src/psaux/cffdecode.c |  9 +++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 2f373dd..2ac6500 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
 2018-08-14  Werner Lemberg  <address@hidden>
 
+       [cff] Fix another segv in old engine.
+
+       Reported as
+
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9872
+
+       * src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
+       [CFF_CONFIG_OPTION_OLD_ENGINE]: Disallow invalid T1 opcodes in
+       dictionaries.
+
+2018-08-14  Werner Lemberg  <address@hidden>
+
        [cff] Fix missing error handling.
 
        Reported as
@@ -20,7 +32,7 @@
 
 2018-08-14  Werner Lemberg  <address@hidden>
 
-       [cff] Fix segv.
+       [cff] Fix segv in old engine.
 
        Reported as
 
diff --git a/src/psaux/cffdecode.c b/src/psaux/cffdecode.c
index 3f4ea15..2c2aa6a 100644
--- a/src/psaux/cffdecode.c
+++ b/src/psaux/cffdecode.c
@@ -860,6 +860,15 @@
           case cff_op_flex1:
           case cff_op_callsubr:
           case cff_op_callgsubr:
+            /* depracated opcodes */
+          case cff_op_dotsection:
+            /* invalid Type 1 opcodes */
+          case cff_op_hsbw:
+          case cff_op_closepath:
+          case cff_op_callothersubr:
+          case cff_op_seac:
+          case cff_op_sbw:
+          case cff_op_setcurrentpoint:
             goto MM_Error;
 
           default:

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master 44db1ad: [cff] Fix another segv in old engine., Werner LEMBERG <=

Prev by Date: [freetype2] master 1937b55: [cff] Fix missing error handling.
Next by Date: [freetype2] master e001a17: [bdf] Remove unused fields.
Previous by thread: [freetype2] master 1937b55: [cff] Fix missing error handling.
Next by thread: [freetype2] master e001a17: [bdf] Remove unused fields.
Index(es):
- Date
- Thread