shithub: freetype+ttf2subf

Download patch

ref: 00968d8fd62105061d92e69b5ccd44077a5a6a9f
parent: 0f8aebfd5138590fdbbea92ffdec17f6030ba7fc
author: Werner Lemberg <[email protected]>
date: Sun Jul 29 06:22:59 EDT 2018 

* src/pcf/pcfread.c (pcf_get_encodings): Another thinko.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9608

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-07-29  Werner Lemberg  <[email protected]>
+
+	* src/pcf/pcfread.c (pcf_get_encodings): Another thinko.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9608
+
 2018-07-28  Alexei Podtelezhnikov  <[email protected]>
 
 	[smooth] Fix Harmony memory management.
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -1054,7 +1054,8 @@
     /* `stream->cursor' still points at the beginning of the frame; */
     /* we can thus easily get the offset to the default character   */
     pos = stream->cursor +
-            2 * ( ( defaultCharRow - (FT_UShort)firstRow ) * 256 +
+            2 * ( ( defaultCharRow - (FT_UShort)firstRow ) *
+                    ( lastCol - firstCol + 1 ) +
                   defaultCharCol - (FT_UShort)firstCol );
 
     if ( PCF_BYTE_ORDER( format ) == MSBFirst )