We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
ladybird
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

LibGfx: Harden TTF parsing against fuzzers

Instead of asserting this edge case, bail out instead.

Found by OSS-Fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42653
Brian Gianforcaro 3 年之前
父节点
0a827eaa02
当前提交
a47f43d4cb
共有 1 个文件被更改,包括 2 次插入1 次删除
分列视图 显示文件统计
  1. 2 1
      Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp

+ 2 - 1
Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp
查看文件 

@@ -69,7 +69,8 @@ Optional<Cmap::Subtable> Cmap::subtable(u32 index) const
 
     u16 platform_id = be_u16(m_slice.offset_pointer(record_offset));
 
     u16 encoding_id = be_u16(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_EncodingID));
 
     u32 subtable_offset = be_u32(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_Offset));
 
-    VERIFY(subtable_offset < m_slice.size());
 
+    if (subtable_offset >= m_slice.size())
 
+        return {};
 
     auto subtable_slice = ReadonlyBytes(m_slice.offset_pointer(subtable_offset), m_slice.size() - subtable_offset);
 
     return Subtable(subtable_slice, platform_id, encoding_id);
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5