ref: 236fc8e15a9459d05656013727a1717dbfa425c2
parent: 4c6692444069d92de2e1cb6a1463915ba9c68fdb
author: Hongbo Ni <[email protected]>
date: Tue May 18 07:00:39 EDT 2010
Apply patch #7196. * src/cff/cffgload.c (cff_slot_load): Prevent crash if CFF subfont index is out of range.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-05-18 Hongbo Ni <[email protected]>
+
+ Apply patch #7196.
+
+ * src/cff/cffgload.c (cff_slot_load): Prevent crash if CFF subfont
+ index is out of range.
+
2010-05-11 Werner Lemberg <[email protected]>
* docs/formats.txt: Give pointer to PCF documentation.
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -2667,11 +2667,15 @@
/* this scaling is only relevant if the PS hinter isn't active */
if ( cff->num_subfonts )
{- FT_Byte fd_index = cff_fd_select_get( &cff->fd_select,
- glyph_index );
+ FT_ULong top_upm, sub_upm;
+ FT_Byte fd_index = cff_fd_select_get( &cff->fd_select,
+ glyph_index );
- FT_ULong top_upm = cff->top_font.font_dict.units_per_em;
- FT_ULong sub_upm = cff->subfonts[fd_index]->font_dict.units_per_em;
+ if ( fd_index >= cff->num_subfonts )
+ fd_index = cff->num_subfonts - 1;
+
+ top_upm = cff->top_font.font_dict.units_per_em;
+ sub_upm = cff->subfonts[fd_index]->font_dict.units_per_em;
font_matrix = cff->subfonts[fd_index]->font_dict.font_matrix;