1From d4addbb412a6169020ddf8ec0216772a8bab9d18 Mon Sep 17 00:00:00 2001 2From: 18809208922 <kouzhenrong@huawei.com> 3Date: Mon, 14 Apr 2025 20:29:05 +0800 4Subject: [PATCH] Minimal stop-gap fix for CVE-2025-27363 5 6--- 7 src/truetype/ttgload.c | 9 ++++++++- 8 1 file changed, 8 insertions(+), 1 deletion(-) 9 10diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c 11index 2ca63d6..7ce6d2a 100644 12--- a/src/truetype/ttgload.c 13+++ b/src/truetype/ttgload.c 14@@ -1948,7 +1948,7 @@ 15 short i, limit; 16 FT_SubGlyph subglyph; 17 18- FT_Outline outline; 19+ FT_Outline outline = { 0, 0, NULL, NULL, NULL, 0 }; 20 FT_Vector* points = NULL; 21 char* tags = NULL; 22 short* contours = NULL; 23@@ -1957,6 +1957,13 @@ 24 25 limit = (short)gloader->current.num_subglyphs; 26 27+ /* make sure this isn't negative as we're going to add 4 later */ 28+ if ( limit < 0 ) 29+ { 30+ error = FT_THROW( Invalid_Argument ); 31+ goto Exit; 32+ } 33+ 34 /* construct an outline structure for */ 35 /* communication with `TT_Vary_Apply_Glyph_Deltas' */ 36 outline.n_points = (short)( gloader->current.num_subglyphs + 4 ); 37-- 382.44.0.windows.1 39 40