diff --git a/ChangeLog b/ChangeLog index 1b7dc035b..cf5e2198d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2019-10-22 Werner Lemberg + + * src/sfnt/sfwoff2.c (woff2_open_font): Avoid undefined shift. + + Also improve tracing. + + Reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18390 + 2019-10-10 Alexei Podtelezhnikov * src/sfnt/pngshim.c (premultiply_data): Optimize for __SSE__ only. diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c index db0fb7ac2..6896dc9d4 100644 --- a/src/sfnt/sfwoff2.c +++ b/src/sfnt/sfwoff2.c @@ -1969,7 +1969,10 @@ FT_TRACE5(( "Number of tables in font %d: %ld\n", nn, ttc_font->num_tables )); - FT_TRACE6(( " Indices: " )); +#ifdef FT_DEBUG_LEVEL_TRACE + if ( ttc_font->num_tables ) + FT_TRACE6(( " Indices: " )); +#endif glyf_index = 0; loca_index = 0; @@ -2000,7 +2003,10 @@ glyf_index = table_index; } - FT_TRACE6(( "\n" )); +#ifdef FT_DEBUG_LEVEL_TRACE + if ( ttc_font->num_tables ) + FT_TRACE6(( "\n" )); +#endif /* glyf and loca must be consecutive */ if ( glyf_index > 0 || loca_index > 0 ) @@ -2137,6 +2143,9 @@ sfnt_header = sfnt; + WRITE_ULONG( sfnt_header, woff2.flavor ); + + if ( woff2.num_tables ) { FT_UInt searchRange, entrySelector, rangeShift, x; @@ -2151,17 +2160,16 @@ entrySelector--; searchRange = ( 1 << entrySelector ) * 16; - rangeShift = ( woff2.num_tables * 16 ) - searchRange; + rangeShift = ( woff2.num_tables * 16 ) - searchRange; - WRITE_ULONG ( sfnt_header, woff2.flavor ); WRITE_USHORT( sfnt_header, woff2.num_tables ); WRITE_USHORT( sfnt_header, searchRange ); WRITE_USHORT( sfnt_header, entrySelector ); WRITE_USHORT( sfnt_header, rangeShift ); - - info.header_checksum = compute_ULong_sum( sfnt, 12 ); } + info.header_checksum = compute_ULong_sum( sfnt, 12 ); + /* Sort tables by tag. */ ft_qsort( indices, woff2.num_tables,