ref: 0fc8debeb6c2f6a8a9a2b97332a7c8a0a1bd9e85
parent: 6ac022dc750d95296a6f731b9594f2e751d997fa
author: Werner Lemberg <[email protected]>
date: Fri Mar 2 11:09:51 EST 2012
[truetype] Fix Savannah bug #35689. * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check first outline point.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-03-02 Werner Lemberg <[email protected]>
+
+ [truetype] Fix Savannah bug #35689.
+
+ * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check first outline
+ point.
+
2012-03-01 Werner Lemberg <[email protected]>
[bdf] Fix Savannah bug #35656.
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -362,14 +362,17 @@
if ( n_contours >= 0xFFF || p + ( n_contours + 1 ) * 2 > limit )
goto Invalid_Outline;
- prev_cont = FT_NEXT_USHORT( p );
+ prev_cont = FT_NEXT_SHORT( p );
if ( n_contours > 0 )
cont[0] = prev_cont;
+ if ( prev_cont < 0 )
+ goto Invalid_Outline;
+
for ( cont++; cont < cont_limit; cont++ )
{- cont[0] = FT_NEXT_USHORT( p );
+ cont[0] = FT_NEXT_SHORT( p );
if ( cont[0] <= prev_cont )
{/* unordered contours: this is invalid */