ref: 8de39a7919ad1bbd433dd62810c91272b7095455
parent: da34673e54e2fd03f25b69a3a3c5bf2c6862c866
author: Werner Lemberg <[email protected]>
date: Sat Oct 10 09:34:11 EDT 2015
[sfnt] Fix infinite loops with broken cmaps (#46167). * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next): Take care of border condidions (i.e., if the loops exit naturally).
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2015-10-10 Werner Lemberg <[email protected]>
+ [sfnt] Fix infinite loops with broken cmaps (#46167).
+
+ * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next): Take care
+ of border condidions (i.e., if the loops exit naturally).
+
+2015-10-10 Werner Lemberg <[email protected]>
+
[truetype] More sanity tests for GX handling.
These tests should mainly help avoid unnecessarily large memory
--- a/src/sfnt/ttcmap.c
+++ b/src/sfnt/ttcmap.c
@@ -1891,7 +1891,10 @@
/* if `gindex' is invalid, the remaining values */
/* in this group are invalid, too */
if ( gindex >= (FT_UInt)face->num_glyphs )
+ {+ gindex = 0;
continue;
+ }
result = char_code;
break;
@@ -2277,7 +2280,10 @@
/* if `gindex' is invalid, the remaining values */
/* in this group are invalid, too */
if ( gindex >= (FT_UInt)face->num_glyphs )
+ {+ gindex = 0;
continue;
+ }
cmap->cur_charcode = char_code;
cmap->cur_gindex = gindex;