[psaux] Fix another assertion.

* src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the problem can happen with invalid user input. Test case is file fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read in the `freetype2-testing` repository.
author: Werner Lemberg <wl@gnu.org> 2021-06-12 10:05:07 +0200
committer: Werner Lemberg <wl@gnu.org> 2021-06-12 10:13:08 +0200
commit: db0f2c448eee26cc3f432276144fac8c3f110f34 (patch)
tree: a5f0809cd2ff158bd97164e8b2aa6d78b9ca37b4 /src/psaux
parent: a34afe6786cfd9fb129d7d0be1e8fa92268a2c46 (diff)
download: freetype2-db0f2c448eee26cc3f432276144fac8c3f110f34.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/psaux/psintrp.c b/src/psaux/psintrp.c
index cc1b67600..40e927663 100644
--- a/src/psaux/psintrp.c
+++ b/src/psaux/psintrp.c
@@ -1670,7 +1670,13 @@
                      */
 
                     count = cf2_stack_count( opStack );
-                    FT_ASSERT( (CF2_UInt)arg_cnt <= count );
+                    if ( (CF2_UInt)arg_cnt > count )
+                    {
+                      FT_ERROR(( "cf2_interpT2CharString (Type 1 mode):"
+                                 " stack underflow\n" ));
+                      lastError = FT_THROW( Invalid_Glyph_Format );
+                      goto exit;
+                    }
 
                     opIdx += count - (CF2_UInt)arg_cnt;
author	Werner Lemberg <wl@gnu.org>	2021-06-12 10:05:07 +0200
committer	Werner Lemberg <wl@gnu.org>	2021-06-12 10:13:08 +0200
commit	db0f2c448eee26cc3f432276144fac8c3f110f34 (patch)
tree	a5f0809cd2ff158bd97164e8b2aa6d78b9ca37b4 /src/psaux
parent	a34afe6786cfd9fb129d7d0be1e8fa92268a2c46 (diff)
download	freetype2-db0f2c448eee26cc3f432276144fac8c3f110f34.tar.gz