kc3-lang/freetype

Browse

Commit 7f63105c072388e5a5674c0caafc7a560e31c95b

Werner Lemberg 2016-07-19T21:35:58

[truetype] Sanitizer fix, second try. * src/truetype/ttgxvar.c (ft_var_readpackedpoints): Fix boundary tests and use only one slot more. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

diff --git a/ChangeLog b/ChangeLog
index ba6c185..616fdec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2016-07-19  Werner Lemberg  <wl@gnu.org>
 
+	[truetype] Sanitizer fix, second try.
+
+	* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Fix boundary
+	tests and use only one slot more.
+
+2016-07-19  Werner Lemberg  <wl@gnu.org>
+
 	[truetype] Sanitizer fix.
 
 	* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Increase array
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 033b57f..080e2dd 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -159,9 +159,9 @@
     }
 
     /* in the nested loops below we increase `i' twice; */
-    /* it is faster to simply allocate two more slots   */
+    /* it is faster to simply allocate one more slot    */
     /* than to add another test within the loop         */
-    if ( FT_NEW_ARRAY( points, n + 2 ) )
+    if ( FT_NEW_ARRAY( points, n + 1 ) )
       return NULL;
 
     *point_cnt = n;
@@ -182,7 +182,7 @@
         {
           first      += FT_GET_USHORT();
           points[i++] = first;
-          if ( i == n )
+          if ( i >= n )
             break;
         }
       }
@@ -195,7 +195,7 @@
         {
           first      += FT_GET_BYTE();
           points[i++] = first;
-          if ( i == n )
+          if ( i >= n )
             break;
         }
       }
kmx.io     mail     discord kmxgit v0.4.0