From 65f71ca9aaa1587284293e2e34a0e28ee6b42380 Mon Sep 17 00:00:00 2001 From: Po Lu Date: Thu, 10 Aug 2023 17:24:24 +0800 Subject: [PATCH] Uniformly verify sfnt_read_table_directory doesn't return TTC header * src/sfntfont.c (sfnt_enum_font, sfntfont_read_cmap) (sfnt_open_tables): Check for -1 return value from sfnt_read_table_directory. --- src/sfntfont.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/sfntfont.c b/src/sfntfont.c index 22e7f0e3832..600eac811d5 100644 --- a/src/sfntfont.c +++ b/src/sfntfont.c @@ -1104,7 +1104,12 @@ sfnt_enum_font (const char *file) subtables = sfnt_read_table_directory (fd); - if (!subtables) + if (!subtables + /* This value means that FD was pointing at a TTC + header. Since FD should already have been moved to + the beginning of the TrueType header above, it + follows that the font format is invalid. */ + || (subtables == (struct sfnt_offset_subtable *) -1)) continue; sfnt_enum_font_1 (fd, file, subtables, @@ -1356,7 +1361,7 @@ sfntfont_read_cmap (struct sfnt_font_desc *desc, already have been moved to the start of the table directory if so. */ - if (!font || font == (struct sfnt_offset_subtable *) -1) + if (!font || (font == (struct sfnt_offset_subtable *) -1)) { emacs_close (fd); return; @@ -2736,7 +2741,7 @@ sfnt_open_tables (struct sfnt_font_desc *desc) /* Read the offset subtable. */ subtable = sfnt_read_table_directory (fd); - if (!subtable) + if (!subtable || (subtable == (struct sfnt_offset_subtable *) -1)) goto bail1; /* Read required tables. This font backend is supposed to be used -- 2.39.2