kc3-lang/freetype

Browse

Commit e23ba91af7ed886073a581fc3f2d243994ed085e

Werner Lemberg 2010-06-25T21:55:14

Fix Savannah bug #30254. * src/cff/cffload.c (cff_index_get_pointers): Do sanity check for first offset also. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

diff --git a/ChangeLog b/ChangeLog
index 6669597..91fa85c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-06-25  Werner Lemberg  <wl@gnu.org>
+
+	Fix Savannah bug #30254.
+
+	* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for
+	first offset also.
+
 2010-06-25  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
 
 	Initial fix for Savannah bug #30248 and #30249.
diff --git a/src/cff/cffload.c b/src/cff/cffload.c
index 111fb1a..e69bb86 100644
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@@ -413,6 +413,15 @@
       /* at this point, `idx->offsets' can't be NULL */
       cur_offset = idx->offsets[0] - 1;
 
+      /* sanity check */
+      if ( cur_offset >= idx->data_size )
+      {
+        FT_TRACE0(( "cff_index_get_pointers:"
+                    " invalid first offset value %d set to zero\n",
+                    cur_offset ));
+        cur_offset = 0;
+      }
+
       if ( !pool )
         t[0] = org_bytes + cur_offset;
       else
kmx.io     mail     discord kmxgit v0.4.0