[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master a297feab0: [sfnt] Avoid nullptr dereference in readin
|
From: |
Werner Lemberg |
|
Subject: |
[freetype2] master a297feab0: [sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table. |
|
Date: |
Wed, 18 Jan 2023 02:24:16 -0500 (EST) |
branch: master
commit a297feab0e7cdd8e9fa88965cd8d9591f5e6b4d3
Author: Dominik Röttsches <drott@chromium.org>
Commit: Werner Lemberg <wl@gnu.org>
[sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table.
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044.
* src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is
too small, don't deallocate delta set index map structures.
---
src/sfnt/ttcolr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/sfnt/ttcolr.c b/src/sfnt/ttcolr.c
index 369d28c9c..f98c60c87 100644
--- a/src/sfnt/ttcolr.c
+++ b/src/sfnt/ttcolr.c
@@ -190,7 +190,7 @@
#endif
if ( table_size < COLRV0_HEADER_SIZE )
- goto InvalidTable;
+ goto NoColr;
if ( FT_FRAME_EXTRACT( table_size, table ) )
goto NoColr;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master a297feab0: [sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table.,
Werner Lemberg <=