[freetype2] master f42ce2556: [colr] Ensure enough bytes for PaintColrLa

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master f42ce2556: [colr] Ensure enough bytes for PaintColrLa

From:	Werner Lemberg
Subject:	[freetype2] master f42ce2556: [colr] Ensure enough bytes for PaintColrLayers
Date:	Sat, 9 Mar 2024 01:43:07 -0500 (EST)

branch: master
commit f42ce25563b73fed0123d18a2556b9ba01d2c76b
Author: Ben Wanger <bungeman@gmail.com>
Commit: Ben Wanger <bungeman@gmail.com>

    [colr] Ensure enough bytes for PaintColrLayers
    
    * src/sfnt/ttcolr.c (read_paint): check that there are five additional
    bytes to be read when reading PaintColrLayers.
    
    Reported as
    
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66566
---
 src/sfnt/ttcolr.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/sfnt/ttcolr.c b/src/sfnt/ttcolr.c
index 312b70a5f..1c3fd70d0 100644
--- a/src/sfnt/ttcolr.c
+++ b/src/sfnt/ttcolr.c
@@ -661,6 +661,7 @@
       FT_UInt32  first_layer_index;
 
 
+      ENSURE_READ_BYTES( 5 );
       num_layers = FT_NEXT_BYTE( p );
       if ( num_layers > colr->num_layers_v1 )
         return 0;

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master f42ce2556: [colr] Ensure enough bytes for PaintColrLayers, Werner Lemberg <=

Prev by Date: [Git][freetype/freetype][master] [colr] Ensure enough bytes for PaintColrLayers
Previous by thread: [Git][freetype/freetype][master] [colr] Ensure enough bytes for PaintColrLayers
Index(es):
- Date
- Thread