From 755ed732e10251f61d8064000baae0fc0e2c257d Mon Sep 17 00:00:00 2001
From: Jonathan Kew <jkew@mozilla.com>
Date: Sat, 30 Mar 2024 19:02:55 +0000
Subject: [PATCH] Bug 1874489 - patch 1 - Don't check STAT designAxisSize if
 the designAxisCount is zero.  a=RyanVM

This is just https://github.com/khaledhosny/ots/pull/277 from upstream, not really part
of this issue but touching the same code, so simplest to include it here.

Original Revision: https://phabricator.services.mozilla.com/D204916

Differential Revision: https://phabricator.services.mozilla.com/D206096
---
 gfx/ots/src/stat.cc | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/gfx/ots/src/stat.cc b/gfx/ots/src/stat.cc
index f6f65fdf60366..bf47d9fcedf89 100644
--- a/gfx/ots/src/stat.cc
+++ b/gfx/ots/src/stat.cc
@@ -48,10 +48,6 @@ bool OpenTypeSTAT::Parse(const uint8_t* data, size_t length) {
     this->minorVersion = 2;
   }
 
-  if (this->designAxisSize < sizeof(AxisRecord)) {
-    return Drop("Invalid designAxisSize");
-  }
-
   size_t headerEnd = table.offset();
 
   if (this->designAxisCount == 0) {
@@ -60,6 +56,9 @@ bool OpenTypeSTAT::Parse(const uint8_t* data, size_t length) {
       this->designAxesOffset = 0;
     }
   } else {
+    if (this->designAxisSize < sizeof(AxisRecord)) {
+      return Drop("Invalid designAxisSize");
+    }
     if (this->designAxesOffset < headerEnd ||
         size_t(this->designAxesOffset) +
           size_t(this->designAxisCount) * size_t(this->designAxisSize) > length) {
-- 
GitLab