diff options
author | Werner Lemberg <wl@gnu.org> | 2021-06-12 10:05:07 +0200 |
---|---|---|
committer | Werner Lemberg <wl@gnu.org> | 2021-06-12 10:13:08 +0200 |
commit | db0f2c448eee26cc3f432276144fac8c3f110f34 (patch) | |
tree | a5f0809cd2ff158bd97164e8b2aa6d78b9ca37b4 /src/psaux | |
parent | a34afe6786cfd9fb129d7d0be1e8fa92268a2c46 (diff) | |
download | freetype2-db0f2c448eee26cc3f432276144fac8c3f110f34.tar.gz |
[psaux] Fix another assertion.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
in the `freetype2-testing` repository.
Diffstat (limited to 'src/psaux')
-rw-r--r-- | src/psaux/psintrp.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/psaux/psintrp.c b/src/psaux/psintrp.c index cc1b67600..40e927663 100644 --- a/src/psaux/psintrp.c +++ b/src/psaux/psintrp.c @@ -1670,7 +1670,13 @@ */ count = cf2_stack_count( opStack ); - FT_ASSERT( (CF2_UInt)arg_cnt <= count ); + if ( (CF2_UInt)arg_cnt > count ) + { + FT_ERROR(( "cf2_interpT2CharString (Type 1 mode):" + " stack underflow\n" )); + lastError = FT_THROW( Invalid_Glyph_Format ); + goto exit; + } opIdx += count - (CF2_UInt)arg_cnt; |