Commit 905270925dd0492ba557e58938e5513f062e6fc5
2022-09-29T18:38:06
[truetype] Fix undefined pointer arithmetic. * src/truetype/ttgxvar.c (tt_var_get_item_delta, ft_var_load_mvar): Use `FT_OFFSET`.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 963ce41..3c918ca 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -966,7 +966,8 @@
/* in the OpenType specification. */
varData = &itemStore->varData[outerIndex];
- deltaSet = &varData->deltaSet[varData->regionIdxCount * innerIndex];
+ deltaSet = FT_OFFSET( varData->deltaSet,
+ varData->regionIdxCount * innerIndex );
if ( FT_QNEW_ARRAY( scalars, varData->regionIdxCount ) )
return 0;
@@ -1353,7 +1354,7 @@
return;
value = blend->mvar_table->values;
- limit = value + blend->mvar_table->valueCount;
+ limit = FT_OFFSET( value, blend->mvar_table->valueCount );
itemStore = &blend->mvar_table->itemStore;
for ( ; value < limit; value++ )
@@ -1386,7 +1387,7 @@
FT_TRACE2(( "loaded\n" ));
value = blend->mvar_table->values;
- limit = value + blend->mvar_table->valueCount;
+ limit = FT_OFFSET( value, blend->mvar_table->valueCount );
/* save original values of the data MVAR is going to modify */
for ( ; value < limit; value++ )
@@ -1451,7 +1452,7 @@
return;
value = blend->mvar_table->values;
- limit = value + blend->mvar_table->valueCount;
+ limit = FT_OFFSET( value, blend->mvar_table->valueCount );
for ( ; value < limit; value++ )
{