fix CVE-2022-33068

Description: Limit glyph extents IssueNo: https://gitee.com/openharmony/third_party_harfbuzz/issues/I63NCG Feature or Bugfix: Bugfix Binary Source:No Signed-off-by: N wanghao-free <wanghao453@h-partners.com>

fix CVE-2022-33068
Description: Limit glyph extents IssueNo: https://gitee.com/openharmony/third_party_harfbuzz/issues/I63NCG Feature or Bugfix: Bugfix Binary Source:No Signed-off-by: N wanghao-free <wanghao453@h-partners.com>
bf276ba4 · wanghao-free · 37d385f7 · bf276ba4
显示空白变更内容
内联并排

Showing with 6 addition and 0 deletion

src/hb-ot-color-sbix-table.hh src/hb-ot-color-sbix-table.hh +6 -0

未找到文件。
--- a/src/hb-ot-color-sbix-table.hh
+++ b/src/hb-ot-color-sbix-table.hh
@@ -298,6 +298,12 @@ struct sbix

      const PNGHeader &png = *blob->as<PNGHeader>();

+      if ((png.IHDR.height >= 65536) | (png.IHDR.width >= 65536))
+      {
+        hb_blob_destroy (blob);
+        return false;
+      }
+
      extents->x_bearing = x_offset;
      extents->y_bearing = png.IHDR.height + y_offset;
      extents->width     = png.IHDR.width;