Commit d90567b1e6f5d50c259dc554ff294f4588a617ad

Werner Lemberg 2009-10-18T10:47:11

Fix handling of `dup' CFF instruction. Problem and solution reported by Ning Dong <flintning@163.com>. * src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_dup>: Increase `args' by 2, not 1.

diff --git a/ChangeLog b/ChangeLog
index 0407890..53141f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-10-18  Werner Lemberg  <wl@gnu.org>
+
+	Fix handling of `dup' CFF instruction.
+	Problem and solution reported by Ning Dong <flintning@163.com>.
+
+	* src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_dup>:
+	Increase `args' by 2, not 1.
+
 2009-10-10  Werner Lemberg  <wl@gnu.org>
 
 	* Version 2.3.11 released.
diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index 40fa20b..d83c406 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -2106,7 +2106,7 @@
           FT_TRACE4(( " dup\n" ));
 
           args[1] = args[0];
-          args++;
+          args += 2;
           break;
 
         case cff_op_put: