Skip to content

[sfnt] Avoid nullptr dereference in reading malformed `COLR` v1.

Dominik Röttsches requested to merge drott/freetype:fuzzFix into master

Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044.

  • src/sfnt/ttcolr.c (tt_face_load_colr): When the COLR v1 header is too small, avoid trying to deallocate delta set index map structures.

Merge request reports