ref: fde0b78ccea93f26c618e7e7e1245ac4132c0d7b
parent: 1fecdfe3468b5c3dddcc0be52309e9062923e9e6
author: Werner Lemberg <[email protected]>
date: Sat Dec 24 03:17:19 EST 2016
* src/truetype/ttpload.c (tt_face_load_loca): Sanitize table length. This trivial fix allows us to accept more fonts. Problem reported by 張俊芝 <[email protected]>.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2016-12-24 Werner Lemberg <[email protected]>
+ * src/truetype/ttpload.c (tt_face_load_loca): Sanitize table length.
+
+ This trivial fix allows us to accept more fonts.
+
+ Problem reported by 張俊芝 <[email protected]>.
+
+2016-12-24 Werner Lemberg <[email protected]>
+
* src/sfnt/sfobjs.c (sfnt_init_face): Fix tracing.
2016-12-22 Werner Lemberg <[email protected]>
--- a/src/truetype/ttpload.c
+++ b/src/truetype/ttpload.c
@@ -104,8 +104,7 @@
if ( table_len >= 0x40000L )
{FT_TRACE2(( "table too large\n" ));
- error = FT_THROW( Invalid_Table );
- goto Exit;
+ table_len = 0x3FFFFL;
}
face->num_locations = table_len >> shift;
}
@@ -116,8 +115,7 @@
if ( table_len >= 0x20000L )
{FT_TRACE2(( "table too large\n" ));
- error = FT_THROW( Invalid_Table );
- goto Exit;
+ table_len = 0x1FFFFL;
}
face->num_locations = table_len >> shift;
}