From 99f23d6ff2203966d210bccd49eacc62a20328f9 Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Tue, 17 Sep 2019 13:22:28 +0200
Subject: * src/sfnt/sfwoff2.c (woff2_open_font): Check table index.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17100
---
 ChangeLog          | 8 ++++++++
 src/sfnt/sfwoff2.c | 7 +++++++
 2 files changed, 15 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 39ce8c0ae..03292f1ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2019-09-17  Werner Lemberg  <wl@gnu.org>
+
+	* src/sfnt/sfwoff2.c (woff2_open_font): Check table index.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17100
+
 2019-09-15  Avi Halachmi (:avih)  <avihpit@yahoo.com>
 
 	[cmake] Don't fail if brotli is missing (#56894).
diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c
index 9beb01f65..bea73c388 100644
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@@ -1975,6 +1975,13 @@
             goto Exit;
 
           FT_TRACE6(( "%hu ", table_index ));
+          if ( table_index >= woff2.num_tables )
+          {
+            FT_ERROR(( "woff2_open_font: invalid table index\n" ));
+            error = FT_THROW( Invalid_Table );
+            goto Exit;
+          }
+
           ttc_font->table_indices[j] = table_index;
 
           table = indices[table_index];
-- 
cgit v1.2.1