mirrors
/
freetype
mirror of https://github.com/freetype/freetype
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[colr] Ensure enough bytes for PaintColrLayers 

* src/sfnt/ttcolr.c (read_paint): check that there are five additional
bytes to be read when reading PaintColrLayers.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66566
This commit is contained in:
Ben Wanger 2024-03-08 14:55:12 -05:00
parent 17545d4bf7
commit f42ce25563
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/sfnt/ttcolr.c
View File

@ -661,6 +661,7 @@
FT_UInt32 first_layer_index;
ENSURE_READ_BYTES( 5 );
num_layers = FT_NEXT_BYTE( p );
if ( num_layers > colr->num_layers_v1 )
return 0;