mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-22 07:30:19 +00:00
LibGfx: Harden TTF parsing against fuzzers
Instead of asserting this edge case, bail out instead. Found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42653
This commit is contained in:
Brian Gianforcaro
Brian Gianforcaro
parent
0a827eaa02
commit
a47f43d4cb
Notes:
sideshowbarker
2024-07-17 22:18:24 +09:00
Author: https://github.com/bgianfo Commit: https://github.com/SerenityOS/serenity/commit/a47f43d4cb3 Pull-request: https://github.com/SerenityOS/serenity/pull/11379
1 changed files with 2 additions and 1 deletions
|
|
@ -69,7 +69,8 @@ Optional<Cmap::Subtable> Cmap::subtable(u32 index) const
|
|||
u16 platform_id = be_u16(m_slice.offset_pointer(record_offset));
|
||||
u16 encoding_id = be_u16(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_EncodingID));
|
||||
u32 subtable_offset = be_u32(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_Offset));
|
||||
VERIFY(subtable_offset < m_slice.size());
|
||||
if (subtable_offset >= m_slice.size())
|
||||
return {};
|
||||
auto subtable_slice = ReadonlyBytes(m_slice.offset_pointer(subtable_offset), m_slice.size() - subtable_offset);
|
||||
return Subtable(subtable_slice, platform_id, encoding_id);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue