shithub: freetype+ttf2subf

Download patch

ref: 6730854c397130879c64bd766c673b9bccf9c04a
parent: cdc009c24afac88846ed24e21c84e33792384665
author: Alexei Podtelezhnikov <apodtele@gmail.com>
date: Tue Aug 25 19:16:27 EDT 2020 

* src/smooth/ftsmooth.c (ft_smooth_raster_overlap): Limit width.

Segmentation fault reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24729

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2020-08-25  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	* src/smooth/ftsmooth.c (ft_smooth_raster_overlap): Limit width.
+
+	Segmentation fault reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24729
+
 2020-08-22  Werner Lemberg  <wl@gnu.org>
 
 	* src/truetype/ttgload.c (TT_Get_VMetrics): Add tracing message.
--- a/src/smooth/ftsmooth.c
+++ b/src/smooth/ftsmooth.c
@@ -379,6 +379,11 @@
     TOrigin            target;
 
 
+    /* Reject outlines that are too wide for 16-bit FT_Span.       */
+    /* Other limits are applied upstream with the same error code. */
+    if ( bitmap->width * SCALE > 0x7FFF )
+      return FT_THROW( Raster_Overflow );
+
     /* Set up direct rendering to average oversampled spans. */
     params.target     = bitmap;
     params.source     = outline;