shithub: freetype+ttf2subf

Download patch

ref: 10d8de7541ab1f26f6f04b2118d13a92a7119102
parent: a4df0373c71f426711fb77e3a21d4b58b7c42e66
author: Dominik Röttsches <drott@chromium.org>
date: Mon Dec 30 06:22:04 EST 2019

[truetype] Fix UBSan warning on offset to nullptr (#57501).

* src/truetype/ttinterp.c (Ins_CALL): Fail if `exc->FDefs' is null.

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2020-01-02  Dominik Röttsches  <drott@chromium.org>
+
+	[truetype] Fix UBSan warning on offset to nullptr (#57501).
+
+	* src/truetype/ttinterp.c (Ins_CALL): Fail if `exc->FDefs' is null.
+
 2019-12-31  Nikhil Ramakrishnan  <ramakrishnan.nikhil@gmail.com>
 
 	[woff2] Allow bitmap-only fonts (#57394).
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -3965,6 +3965,9 @@
     if ( BOUNDSL( F, exc->maxFunc + 1 ) )
       goto Fail;
 
+    if ( !exc->FDefs )
+      goto Fail;
+
     /* Except for some old Apple fonts, all functions in a TrueType */
     /* font are defined in increasing order, starting from 0.  This */
     /* means that we normally have                                  */