mirror of https://github.com/freetype/freetype
[colr] Ensure enough bytes for PaintColrLayers
* src/sfnt/ttcolr.c (read_paint): check that there are five additional bytes to be read when reading PaintColrLayers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66566
This commit is contained in:
parent
17545d4bf7
commit
f42ce25563
|
@ -661,6 +661,7 @@
|
|||
FT_UInt32 first_layer_index;
|
||||
|
||||
|
||||
ENSURE_READ_BYTES( 5 );
|
||||
num_layers = FT_NEXT_BYTE( p );
|
||||
if ( num_layers > colr->num_layers_v1 )
|
||||
return 0;
|
||||
|
|
Loading…
Reference in New Issue