ref: 6a19a7d332c5446542196e5aeda0ede109ef097b
parent: 7f00fa64627bb57042ec62aa2ec938f679e097c1
author: Werner Lemberg <[email protected]>
date: Mon Oct 26 11:40:22 EDT 2015
[truetype] Fix sanitizing logic for `loca' (#46223). * src/truetype/ttpload.c (tt_face_load_loca): A thinko caused an incorrect adjustment of the number of glyphs, most often using far too large values.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-10-26 Werner Lemberg <[email protected]>
+
+ [truetype] Fix sanitizing logic for `loca' (#46223).
+
+ * src/truetype/ttpload.c (tt_face_load_loca): A thinko caused an
+ incorrect adjustment of the number of glyphs, most often using far
+ too large values.
+
2015-10-25 Werner Lemberg <[email protected]>
[autofit] Improve tracing.
--- a/src/truetype/ttpload.c
+++ b/src/truetype/ttpload.c
@@ -124,8 +124,9 @@
TT_Table entry = face->dir_tables;
TT_Table limit = entry + face->num_tables;
- FT_Long pos = (FT_Long)FT_STREAM_POS();
- FT_Long dist = 0x7FFFFFFFL;
+ FT_Long pos = (FT_Long)FT_STREAM_POS();
+ FT_Long dist = 0x7FFFFFFFL;
+ FT_Bool found = 0;
/* compute the distance to next table in font file */
@@ -135,10 +136,13 @@
if ( diff > 0 && diff < dist )
- dist = diff;
+ {+ dist = diff;
+ found = 1;
+ }
}
- if ( entry == limit )
+ if ( !found )
{/* `loca' is the last table */
dist = (FT_Long)stream->size - pos;