shithub: freetype+ttf2subf

Download patch

ref: 28464c48a1ef77762a60abaa59432d9a64f58133
parent: c903f2f22de04e75ba3f92c439c4ebb6d18f0e65
author: Werner Lemberg <[email protected]>
date: Mon Feb 18 15:34:42 EST 2008 

* src/truetype/ttinterp.c (Ins_IUP): Check number of points.  Fix
from Savannah bug #22356.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-02-18  Victor Stinner  <[email protected]>
+
+	* src/truetype/ttinterp.c (Ins_IUP): Check number of points.  Fix
+	from Savannah bug #22356.
+
 2008-02-17  Jonathan Blow  <[email protected]>
 
 	* src/autofit/afloader.c (af_loader_load_g, af_loader_load_glyph):
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    TrueType bytecode interpreter (body).                                */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007 by             */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by       */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -6433,6 +6433,9 @@
     {
       end_point   = CUR.pts.contours[contour] - CUR.pts.first_point;
       first_point = point;
+
+      if ( CUR.pts.n_points <= end_point )
+        end_point = CUR.pts.n_points;
 
       while ( point <= end_point && ( CUR.pts.tags[point] & mask ) == 0 )
         point++;