Skip to content

Commit

Permalink
[opentype] add check to avoid crashing on malicious/invalid font files
Browse files Browse the repository at this point in the history
  • Loading branch information
@benoitkugler
benoitkugler committed Oct 12, 2023
1 parent abdbcca commit afa02a8
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions opentype/api/font/variations.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,11 @@ func unpackDeltas(data []byte, pointNumbersCount int) ([]int16, error) {
nbRead += int(count)
data = data[1:]
} else {
// we fill fill out[nbRead:nbRead+count-1], that is we must have
// nbRead+count-1 < pointNumbersCount
if got := nbRead + int(count); got > pointNumbersCount {
return nil, fmt.Errorf("invalid packed deltas (expected %d point numbers, got %d)", pointNumbersCount, got)
}
isInt16 := control&deltasAreWords != 0
if isInt16 {
if len(data) < 1+2*int(count) {
Expand Down

0 comments on commit afa02a8

Please sign in to comment.