ref: 95f206b1eab43f4e32119270151c44e46deae5d9
parent: 26377008e7fe6fac6bc5fd6a1ebd929a8b542bbf
author: Werner Lemberg <[email protected]>
date: Tue Mar 21 15:47:28 EST 2006
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Handle invalid offset correctly.
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,9 @@
Check range of `glyph_index'.
* src/cff/cffgload.h: Updated.
+ * src/sfnt/ttcmap.c (tt_face_build_cmaps): Handle invalid offset
+ correctly.
+
2006-03-21 David Turner <[email protected]>
* src/autofit/aflatin.c (af_latin_metrics_scale): Fix small bug
--- a/src/sfnt/ttcmap.c
+++ b/src/sfnt/ttcmap.c
@@ -2271,7 +2271,7 @@
charmap.encoding = FT_ENCODING_NONE; /* will be filled later */
offset = TT_NEXT_ULONG( p );
- if ( offset && table + offset + 2 <= limit )
+ if ( offset && offset <= face->cmap_size - 2 )
{FT_Byte* cmap = table + offset;
volatile FT_UInt format = TT_PEEK_USHORT( cmap );