Fix handling of `dup' CFF instruction. Problem and solution reported by Ning Dong <flintning@163.com>. * src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_dup>: Increase `args' by 2, not 1.
diff --git a/ChangeLog b/ChangeLog
index 0407890..53141f2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2009-10-18 Werner Lemberg <wl@gnu.org>
+
+ Fix handling of `dup' CFF instruction.
+ Problem and solution reported by Ning Dong <flintning@163.com>.
+
+ * src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_dup>:
+ Increase `args' by 2, not 1.
+
2009-10-10 Werner Lemberg <wl@gnu.org>
* Version 2.3.11 released.
diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index 40fa20b..d83c406 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -2106,7 +2106,7 @@
FT_TRACE4(( " dup\n" ));
args[1] = args[0];
- args++;
+ args += 2;
break;
case cff_op_put: