ref: 2de6b8a3db5f8544a42276364b3dcc1ec7024d67
parent: 072afbdbac648bb65321b322a4f627da51b7634d
author: Werner Lemberg <[email protected]>
date: Sat Jul 17 09:39:50 EDT 2010
[cff] Final try to fix `hintmask' and `cntrmask' limit check. Problem reported by Tobias Wolf <[email protected]>. * src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_hintmask>: Sigh. I'm apparently too silly to fix this correctly in less than three tries.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2010-07-17 Werner Lemberg <[email protected]>
+
+ [cff] Final try to fix `hintmask' and `cntrmask' limit check.
+
+ Problem reported by Tobias Wolf <[email protected]>.
+
+ * src/cff/cffgload.c (cff_decoder_parse_charstrings)
+ <cff_op_hintmask>: Sigh. I'm apparently too silly to fix this
+ correctly in less than three tries.
+
2010-07-12 Werner Lemberg <[email protected]>
* Version 2.4.0 released.
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -1344,7 +1344,7 @@
/* instruction). Additionally, there must be space for */
/* `num_hints' bits. */
- if ( ( ip + 1 + ( ( decoder->num_hints + 7 ) >> 3 ) ) >= limit )
+ if ( ( ip + ( ( decoder->num_hints + 7 ) >> 3 ) ) >= limit )
goto Syntax_Error;
if ( hinter )