fdo-mirrors/freetype
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/freetype/freetype.git synced 2025-12-20 04:10:01 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

src/sfnt/ttload.c (tt_face_load_any): Correctly handle font containers.

Browse source 
Reported as

  https://issues.oss-fuzz.com/issues/424613326
This commit is contained in:
Werner Lemberg 2025-09-05 20:21:27 +02:00
parent ba7eb5bed7
commit d3668e00da
2 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/sfnt/sfobjs.c
View file

@ -579,6 +579,9 @@
if ( face_instance_index < 0 && face_index > 0 )
face_index--;
/* Note that `face_index` is also used to enumerate elements */
/* of containers like a Mac Resource; this means we must */
/* check whether we actually have a TTC. */
if ( face_index >= face->ttc_header.count )
{
if ( face_instance_index >= 0 )

15
src/sfnt/ttload.c
View file

@ -585,8 +585,19 @@
}
else if ( tag == 1 )
{
/* The currently selected font's table directory. */
offset += face->ttc_header.offsets[face->root.face_index & 0xFFFF];
/* The currently selected font's table directory. */
/* */
/* Note that `face_index` is also used to enumerate elements */
/* of containers like a Mac Resource; this means we must */
/* check whether we actually have a TTC (with multiple table */
/* directories). */
FT_Long idx = face->root.face_index & 0xFFFF;
if ( idx >= face->ttc_header.count )
idx = 0;
offset += face->ttc_header.offsets[idx];
size = 4 + 8 + 16 * face->num_tables;
}
else