shithub: freetype+ttf2subf

Download patch

ref: f1b6183f36d4a28a874bd25fd89363dc8ac32574
parent: 456e9c8fcefa000518f114c1dffd38cfce66420f
author: Werner Lemberg <[email protected]>
date: Tue Dec 4 06:51:15 EST 2018

[bdf] Ignore data after `ENDFONT'.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10798

* src/bdf/bdflib.c (_bdf_parse_end): New function.
(_bdf_parse_glyphs): Switch to `_bdf_parse_end' after `ENDFONT' has
been encountered.

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2018-12-04  Werner Lemberg  <[email protected]>
+
+	[bdf] Ignore data after `ENDFONT'.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10798
+
+	* src/bdf/bdflib.c (_bdf_parse_end): New function.
+	(_bdf_parse_glyphs): Switch to `_bdf_parse_end' after `ENDFONT' has
+	been encountered.
+
 2018-12-02  Alexei Podtelezhnikov  <[email protected]>
 
 	* builds/windows/visualc/freetype.dsp: Dust off.
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -1262,6 +1262,25 @@
   };
 
 
+  static FT_Error
+  _bdf_parse_end( char*          line,
+                  unsigned long  linelen,
+                  unsigned long  lineno,
+                  void*          call_data,
+                  void*          client_data )
+  {
+    /* a no-op; we ignore everything after `ENDFONT' */
+
+    FT_UNUSED( line );
+    FT_UNUSED( linelen );
+    FT_UNUSED( lineno );
+    FT_UNUSED( call_data );
+    FT_UNUSED( client_data );
+
+    return FT_Err_Ok;
+  }
+
+
   /* Actually parse the glyph info and bitmaps. */
   static FT_Error
   _bdf_parse_glyphs( char*          line,
@@ -1275,6 +1294,7 @@
     unsigned char*     bp;
     unsigned long      i, slen, nibbles;
 
+    _bdf_line_func_t*  next;
     _bdf_parse_t*      p;
     bdf_glyph_t*       glyph;
     bdf_font_t*        font;
@@ -1282,11 +1302,11 @@
     FT_Memory          memory;
     FT_Error           error = FT_Err_Ok;
 
-    FT_UNUSED( call_data );
     FT_UNUSED( lineno );        /* only used in debug mode */
 
 
-    p = (_bdf_parse_t *)client_data;
+    next = (_bdf_line_func_t *)call_data;
+    p    = (_bdf_parse_t *)    client_data;
 
     font   = p->font;
     memory = font->memory;
@@ -1367,6 +1387,7 @@
                 by_encoding );
 
       p->flags &= ~BDF_START_;
+      *next     = _bdf_parse_end;
 
       goto Exit;
     }