[sfnt] Improve paint limit checks (!42) · Merge requests · FreeType / FreeType

Dominik Röttsches requested to merge drott/freetype:limitFix into master Jun 28, 2021

Paint tables can appear before the base_glyphs_v1 offset if the font is produced with the layer list before the base glyph list. In this case paint tables can occur after the layer list but before the base glyph list. Checks in the 'COLR' v1 code were rejecting fonts with this layout. Improve these checks by calculating a minimum offset after which paint tables can occur and use that in safety checks.

src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare a paint_start_v1 and calculate that as the minimum of the end of layer list and base glyph list. (get_child_table_pointer, read_paint, tt_face_get_paint_layers): Use that in safety checks.

Admin message

[sfnt] Improve paint limit checks

Merge request reports