31 lines
897 B
Diff
31 lines
897 B
Diff
From 62e803b36173fd096d7ad460dd1d1db9be542593 Mon Sep 17 00:00:00 2001
|
|
From: Behdad Esfahbod <behdad@behdad.org>
|
|
Date: Wed, 1 Jun 2022 07:38:21 -0600
|
|
Subject: [PATCH 001/363] [sbix] Limit glyph extents
|
|
|
|
Fixes https://github.com/harfbuzz/harfbuzz/issues/3557
|
|
---
|
|
src/hb-ot-color-sbix-table.hh | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh
|
|
index 9741ebd45..6efae43cd 100644
|
|
--- a/src/hb-ot-color-sbix-table.hh
|
|
+++ b/src/hb-ot-color-sbix-table.hh
|
|
@@ -298,6 +298,12 @@ struct sbix
|
|
|
|
const PNGHeader &png = *blob->as<PNGHeader>();
|
|
|
|
+ if ((png.IHDR.height >= 65536) | (png.IHDR.width >= 65536))
|
|
+ {
|
|
+ hb_blob_destroy (blob);
|
|
+ return false;
|
|
+ }
|
|
+
|
|
extents->x_bearing = x_offset;
|
|
extents->y_bearing = png.IHDR.height + y_offset;
|
|
extents->width = png.IHDR.width;
|
|
--
|
|
2.36.1
|
|
|