LibGfx: Harden TTF parsing against fuzzers

Instead of asserting this edge case, bail out instead. Found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42653
SerenityOS · Dec 24, 2021 · a47f43d · a47f43d
1 parent 0a827ea
commit a47f43d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp b/Userland/Libraries/LibGfx/TrueTypeFont/Cmap.cpp
@@ -69,7 +69,8 @@ Optional<Cmap::Subtable> Cmap::subtable(u32 index) const
     u16 platform_id = be_u16(m_slice.offset_pointer(record_offset));
     u16 encoding_id = be_u16(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_EncodingID));
     u32 subtable_offset = be_u32(m_slice.offset_pointer(record_offset + (u32)Offsets::EncodingRecord_Offset));
-    VERIFY(subtable_offset < m_slice.size());
+    if (subtable_offset >= m_slice.size())
+        return {};
     auto subtable_slice = ReadonlyBytes(m_slice.offset_pointer(subtable_offset), m_slice.size() - subtable_offset);
     return Subtable(subtable_slice, platform_id, encoding_id);
 }