kc3-lang/freetype

Browse

Commit 0fc8debeb6c2f6a8a9a2b97332a7c8a0a1bd9e85

Werner Lemberg 2012-03-02T16:09:51

[truetype] Fix Savannah bug #35689. * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check first outline point. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

diff --git a/ChangeLog b/ChangeLog
index 2dc9673..3324689 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-03-02  Werner Lemberg  <wl@gnu.org>
+
+	[truetype] Fix Savannah bug #35689.
+
+	* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check first outline
+	point.
+
 2012-03-01  Werner Lemberg  <wl@gnu.org>
 
 	[bdf] Fix Savannah bug #35656.
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index fb801d0..ce8c888 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -362,14 +362,17 @@
     if ( n_contours >= 0xFFF || p + ( n_contours + 1 ) * 2 > limit )
       goto Invalid_Outline;
 
-    prev_cont = FT_NEXT_USHORT( p );
+    prev_cont = FT_NEXT_SHORT( p );
 
     if ( n_contours > 0 )
       cont[0] = prev_cont;
 
+    if ( prev_cont < 0 )
+      goto Invalid_Outline;
+
     for ( cont++; cont < cont_limit; cont++ )
     {
-      cont[0] = FT_NEXT_USHORT( p );
+      cont[0] = FT_NEXT_SHORT( p );
       if ( cont[0] <= prev_cont )
       {
         /* unordered contours: this is invalid */
kmx.io     mail     discord kmxgit v0.4.0