ref: e80e4d811a6ead7b438362b9d3a8af0bf4081925
parent: 31f8055390361773caed6bf8c087a88b64222bb5
author: Werner Lemberg <[email protected]>
date: Tue Jan 31 03:32:07 EST 2017
[truetype] Fix sanity check for `gvar' table (#50184). * src/truetype/ttgxvar.c (ft_var_load_gvar): There might be missing variation data for some glyphs.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2017-01-31 Werner Lemberg <[email protected]>
+ [truetype] Fix sanity check for `gvar' table (#50184).
+
+ * src/truetype/ttgxvar.c (ft_var_load_gvar): There might be missing
+ variation data for some glyphs.
+
+2017-01-31 Werner Lemberg <[email protected]>
+
[autofit] Avoid uninitialized jumps (#50191).
* src/autofit/afcjk.c (af_cjk_metrics_check_digits),
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -1379,10 +1379,9 @@
goto Exit;
}
- /* rough sanity check: offsets can be either 2 or 4 bytes, */
- /* and a single variation needs at least 4 bytes per glyph */
+ /* rough sanity check: offsets can be either 2 or 4 bytes */
if ( (FT_ULong)gvar_head.glyphCount *
- ( ( gvar_head.flags & 1 ) ? 8 : 6 ) > table_len )
+ ( ( gvar_head.flags & 1 ) ? 4 : 2 ) > table_len )
{FT_TRACE1(( "ft_var_load_gvar: invalid number of glyphs\n" ));
error = FT_THROW( Invalid_Table );