Commit 236fc8e15a9459d05656013727a1717dbfa425c2
2010-05-18T11:00:39
Apply patch #7196. * src/cff/cffgload.c (cff_slot_load): Prevent crash if CFF subfont index is out of range.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
diff --git a/ChangeLog b/ChangeLog
index 6b96017..7bb5fc1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-05-18 Hongbo Ni <hongbo@njstar.com>
+
+ Apply patch #7196.
+
+ * src/cff/cffgload.c (cff_slot_load): Prevent crash if CFF subfont
+ index is out of range.
+
2010-05-11 Werner Lemberg <wl@gnu.org>
* docs/formats.txt: Give pointer to PCF documentation.
diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index f241bb4..9e4dfc5 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -2667,11 +2667,15 @@
/* this scaling is only relevant if the PS hinter isn't active */
if ( cff->num_subfonts )
{
- FT_Byte fd_index = cff_fd_select_get( &cff->fd_select,
- glyph_index );
+ FT_ULong top_upm, sub_upm;
+ FT_Byte fd_index = cff_fd_select_get( &cff->fd_select,
+ glyph_index );
- FT_ULong top_upm = cff->top_font.font_dict.units_per_em;
- FT_ULong sub_upm = cff->subfonts[fd_index]->font_dict.units_per_em;
+ if ( fd_index >= cff->num_subfonts )
+ fd_index = cff->num_subfonts - 1;
+
+ top_upm = cff->top_font.font_dict.units_per_em;
+ sub_upm = cff->subfonts[fd_index]->font_dict.units_per_em;
font_matrix = cff->subfonts[fd_index]->font_dict.font_matrix;