ref: 0eae6eb0645264c98812f0095e0f5df4541830e6
parent: a2b5f66bf5eaf393eb800ac402c74f69534b74ba
author: Dave Arnold <[email protected]>
date: Fri Feb 28 02:40:01 EST 2014
Fix Savannah bug #41697, part 1. * src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is invalid. In this case, it is not safe to use the length of `hStemHintArray'; the exception has already been recorded in `hintMask'.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2014-02-28 Dave Arnold <[email protected]>
+
+ [cff] Fix Savannah bug #41697, part 1.
+
+ * src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is
+ invalid. In this case, it is not safe to use the length of
+ `hStemHintArray'; the exception has already been recorded in
+ `hintMask'.
+
2014-02-26 Werner Lemberg <[email protected]>
[sfnt] Fix Savannah bug #41696.
--- a/src/cff/cf2hints.c
+++ b/src/cff/cf2hints.c
@@ -781,6 +781,8 @@
cf2_hintmask_setAll( hintMask,
cf2_arrstack_size( hStemHintArray ) +
cf2_arrstack_size( vStemHintArray ) );
+ if ( !cf2_hintmask_isValid( hintMask ) )
+ return; /* too many stem hints */
}
/* begin by clearing the map */