RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-31 06:02:44 +00:00
Code Issues Activity Actions

LibGfx: Harden TTF parsing against fuzzers

Browse source 
Instead of asserting this edge case, bail out instead.

Found by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42653
This commit is contained in:
Brian Gianforcaro 2021-12-23 02:14:19 -08:00 committed by Brian Gianforcaro
parent 0a827eaa02
commit a47f43d4cb
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp
View file

@ -69,7 +69,8 @@ Optional<Cmap::Subtable> Cmap::subtable(u32 index) const
u16 platform_id = be_u16(m_slice.offset_pointer(record_offset));
u16 encoding_id = be_u16(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_EncodingID));
u32 subtable_offset = be_u32(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_Offset));
VERIFY(subtable_offset < m_slice.size());
if (subtable_offset >= m_slice.size())
return {};
auto subtable_slice = ReadonlyBytes(m_slice.offset_pointer(subtable_offset), m_slice.size() - subtable_offset);
return Subtable(subtable_slice, platform_id, encoding_id);
}