FoFiTrueType::cvtSfnts: Fix uninitialized memory read on broken files

oss-fuzz/29386
author: Albert Astals Cid <aacid@kde.org> 2021-01-10 19:45:23 +0100
committer: Albert Astals Cid <aacid@kde.org> 2021-01-10 19:45:23 +0100
commit: fec79bfc7ed1573a8d92ac77bcb225dd032db296 (patch)
tree: 8b318c39268e41546a466c6f09f2cad96e355b7c
parent: e68410e359da932c7f30d8f0a41a5496268b339c (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index a1396c55..3d4dd724 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1301,6 +1301,10 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const
             ++k;
         }
     }
+    if (unlikely(k < nNewTables)) {
+        error(errSyntaxWarning, -1, "unexpected number of tables");
+        nNewTables = k;
+    }
 
     // construct the table directory
     tableDir[0] = 0x00; // sfnt version
author	Albert Astals Cid <aacid@kde.org>	2021-01-10 19:45:23 +0100
committer	Albert Astals Cid <aacid@kde.org>	2021-01-10 19:45:23 +0100
commit	fec79bfc7ed1573a8d92ac77bcb225dd032db296 (patch)
tree	8b318c39268e41546a466c6f09f2cad96e355b7c
parent	e68410e359da932c7f30d8f0a41a5496268b339c (diff)