[sfnt] Pointer sanity checks before reading layer info in COLRv0 (!197) · Merge requests · FreeType / FreeType · GitLab

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

GitLab will be down for maintenance Monday June 03, from approx 10am UTC for roughly 48 hours. This is for a major gitlab upgrade which requires a DB migration. See the tracker issue for more informations.

Dominik Röttsches requested to merge drott/freetype:speculFixColrv0 into master Aug 30, 2022

src/sfnt/ttcolr.c (tt_face_get_colr_layer): Check that the pointer to read from is at least within the COLR table.

Speculative fix for: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50633