Skip to content

[woff2] Avoid allocation bomb.

Werner Lemberg requested to merge dev/wl/allocation-bomb into master

This is a fix for commit 85167dbd, reported as

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60615

  • src/sfnt/sfwoff2.c (MAX_SFNT_SIZE): New macro. (woff2_open_font): Use it to limit the maximum size of an uncompressed WOFF2 font.

Merge request reports