commit | 6944b10bf41077a939a283aba62be2c1a676d8ef | [log] [tgz] |
---|---|---|
author | Nigel Tao <nigeltao@golang.org> | Wed Oct 27 04:53:26 2021 |
committer | Nigel Tao <nigeltao@golang.org> | Thu Oct 28 20:25:45 2021 |
tree | e7af446dbcd4b726a527641e7bced6434f43b9aa | |
parent | a66eb6448b8d7557efb0c974c8d4d72085371c58 [diff] |
font/sfnt: verify the total number of contour points The SFNT file format explicitly lists the number of points in each simple (non-compound) glyph and, in this package, this is loaded in func loadGlyf as the numPoints variable. numPoints is then passed to func findXYIndexes to verify that the (variable length) remaning glyph data has content for that many points. loadGlyf then uses a glyfIter to iterate over those points, but prior to this commit, fails to enforce that the glyfIter also honors numPoints when walking each contour of a glyph. This can lead to a panic (slice index out of bounds) on a malformed SFNT file, if glyfIter then tries to walk too many points. Fixes golang/go#48006 Change-Id: I92530e570eb37ce0087927ca23060acebe0a7705 Reviewed-on: https://go-review.googlesource.com/c/image/+/358994 Reviewed-by: Andrew Gerrand <adg@golang.org> Trust: Nigel Tao <nigeltao@golang.org>
This repository holds supplementary Go image libraries.
The easiest way to install is to run go get -u golang.org/x/image/...
. You can also manually git clone the repository to $GOPATH/src/golang.org/x/image
.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the image repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/image:” in the subject line, so it is easy to find.