commit | 6d62076ae5d000612202aeae99c71ce27fdb2fb1 | [log] [tgz] |
---|---|---|
author | Dominik Röttsches <drott@chromium.org> | Tue Aug 30 15:00:37 2022 +0300 |
committer | Werner Lemberg <wl@gnu.org> | Mon Sep 05 12:23:31 2022 +0200 |
tree | f81a884b891e373d24d880d452af69801e219148 | |
parent | 048f2e247c3ebe84fb26e52198d05e4c586764df [diff] |
[sfnt] Pointer sanity checks before reading layer info in 'COLR' v0 * src/sfnt/ttcolr.c (tt_face_get_colr_layer): Check that the pointer to read from is within the 'COLR' table. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50633