[type1] Fix heap buffer overflow.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 * src/type1/t1load.c (parse_charstrings): Reject fonts that don't contain glyph names.
8 years ago · a660e3de42
parent 69ce97391c
commit a660e3de42
2 changed files with 17 additions and 0 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
+2016-08-26  Werner Lemberg  <wl@gnu.org>
+
+	[type1] Fix heap buffer overflow.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
+
+	* src/type1/t1load.c (parse_charstrings): Reject fonts that don't
+	contain glyph names.
+
 2016-08-25  Werner Lemberg  <wl@gnu.org>

 	[sfnt] Fix previous commit (#48901).
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@ -1776,6 +1776,12 @@
      }
    }

+    if ( !n )
+    {
+      error = FT_THROW( Invalid_File_Format );
+      goto Fail;
+    }
+
    loader->num_glyphs = n;

    /* if /.notdef is found but does not occupy index 0, do our magic. */