[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 804e625: [truetype] Minor update to forthcoming OpenT
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master 804e625: [truetype] Minor update to forthcoming OpenType 1.8.4 standard. |
|
Date: |
Wed, 28 Oct 2020 08:35:39 -0400 (EDT) |
branch: master
commit 804e625def2cfb64ef2f4c8877cd3fa11e86e208
Author: Werner Lemberg <wl@gnu.org>
Commit: Werner Lemberg <wl@gnu.org>
[truetype] Minor update to forthcoming OpenType 1.8.4 standard.
* src/truetype/ttgxvar.c (ft_var_load_item_variation_store): Limit
size of `regionCount`.
---
ChangeLog | 7 +++++++
src/truetype/ttgxvar.c | 9 +++++++++
2 files changed, 16 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index cb5bda0..550fab5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2020-10-28 Werner Lemberg <wl@gnu.org>
+
+ [truetype] Minor update to forthcoming OpenType 1.8.4 standard.
+
+ * src/truetype/ttgxvar.c (ft_var_load_item_variation_store): Limit
+ size of `regionCount`.
+
2020-10-26 Werner Lemberg <wl@gnu.org>
* meson.build: Fix 'harfbuzz' and 'brotli' build options (#59347).
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index b462263..53b0cc2 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -493,6 +493,15 @@
goto Exit;
}
+ /* new constraint in OpenType 1.8.4 */
+ if ( itemStore->regionCount >= 32768U )
+ {
+ FT_TRACE2(( "ft_var_load_item_variation_store:"
+ " too many variation region tables\n" ));
+ error = FT_THROW( Invalid_Table );
+ goto Exit;
+ }
+
if ( FT_NEW_ARRAY( itemStore->varRegionList, itemStore->regionCount ) )
goto Exit;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 804e625: [truetype] Minor update to forthcoming OpenType 1.8.4 standard.,
Werner LEMBERG <=