shithub: freetype+ttf2subf

Download patch

ref: e23ba91af7ed886073a581fc3f2d243994ed085e
parent: c69891a1345640096fbf396e8dd567fe879ce233
author: Werner Lemberg <[email protected]>
date: Fri Jun 25 17:55:14 EDT 2010

Fix Savannah bug #30254.

* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for
first offset also.

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-06-25  Werner Lemberg  <[email protected]>
+
+	Fix Savannah bug #30254.
+
+	* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for
+	first offset also.
+
 2010-06-25  suzuki toshiya  <[email protected]>
 
 	Initial fix for Savannah bug #30248 and #30249.
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@@ -413,6 +413,15 @@
       /* at this point, `idx->offsets' can't be NULL */
       cur_offset = idx->offsets[0] - 1;
 
+      /* sanity check */
+      if ( cur_offset >= idx->data_size )
+      {
+        FT_TRACE0(( "cff_index_get_pointers:"
+                    " invalid first offset value %d set to zero\n",
+                    cur_offset ));
+        cur_offset = 0;
+      }
+
       if ( !pool )
         t[0] = org_bytes + cur_offset;
       else