summaryrefslogtreecommitdiff
path: root/Userland
diff options
context:
space:
mode:
authorBrian Gianforcaro <bgianf@serenityos.org>2021-12-16 04:55:35 -0800
committerAndreas Kling <kling@serenityos.org>2021-12-16 18:50:02 +0100
commitc710d52afacbd0f705245e96b59bbfdfa3497d20 (patch)
treedd711fd43a398f1c34000f4ec39d0aa955a2bc81 /Userland
parent3a6f550b24bff1ac112c2fa9e91a9a805c2aabc3 (diff)
downloadserenity-c710d52afacbd0f705245e96b59bbfdfa3497d20.zip
LibGfx: Handle malformed Platform ID during TTF parsing
This should fix one of the OSS Fuzz crashes that occurs during TTF file format parsing. See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37263
Diffstat (limited to 'Userland')
-rw-r--r--Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp4
-rw-r--r--Userland/Libraries/LibGfx/TrueTypeFont/Cmap.h2
-rw-r--r--Userland/Libraries/LibGfx/TrueTypeFont/Font.cpp6
3 files changed, 8 insertions, 4 deletions
diff --git a/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp b/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp
index 3263f1efae..f561d7c9a6 100644
--- a/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp
+++ b/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp
@@ -13,7 +13,7 @@ extern u16 be_u16(u8 const*);
extern u32 be_u32(u8 const*);
extern i16 be_i16(u8 const*);
-Cmap::Subtable::Platform Cmap::Subtable::platform_id() const
+Optional<Cmap::Subtable::Platform> Cmap::Subtable::platform_id() const
{
switch (m_raw_platform_id) {
case 0:
@@ -25,7 +25,7 @@ Cmap::Subtable::Platform Cmap::Subtable::platform_id() const
case 4:
return Platform::Custom;
default:
- VERIFY_NOT_REACHED();
+ return {};
}
}
diff --git a/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.h b/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.h
index da26b1ca3c..64eea73662 100644
--- a/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.h
+++ b/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.h
@@ -45,7 +45,7 @@ public:
}
// Returns 0 if glyph not found. This corresponds to the "missing glyph"
u32 glyph_id_for_code_point(u32 code_point) const;
- Platform platform_id() const;
+ Optional<Platform> platform_id() const;
u16 encoding_id() const { return m_encoding_id; }
Format format() const;
diff --git a/Userland/Libraries/LibGfx/TrueTypeFont/Font.cpp b/Userland/Libraries/LibGfx/TrueTypeFont/Font.cpp
index fe7e0b02e7..dc5949da58 100644
--- a/Userland/Libraries/LibGfx/TrueTypeFont/Font.cpp
+++ b/Userland/Libraries/LibGfx/TrueTypeFont/Font.cpp
@@ -368,7 +368,11 @@ ErrorOr<NonnullRefPtr<Font>> Font::try_load_from_offset(ReadonlyBytes buffer, u3
continue;
}
auto subtable = opt_subtable.value();
- if (subtable.platform_id() == Cmap::Subtable::Platform::Windows) {
+ auto platform = subtable.platform_id();
+ if (!platform.has_value())
+ return Error::from_string_literal("Invalid Platform ID"sv);
+
+ if (platform.value() == Cmap::Subtable::Platform::Windows) {
if (subtable.encoding_id() == (u16)Cmap::Subtable::WindowsEncoding::UnicodeFullRepertoire) {
cmap.set_active_index(i);
break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 20:28:43 +0000