kc3-lang/freetype

Browse

Commit e80e4d811a6ead7b438362b9d3a8af0bf4081925

Werner Lemberg 2017-01-31T08:32:07

[truetype] Fix sanity check for `gvar' table (#50184). * src/truetype/ttgxvar.c (ft_var_load_gvar): There might be missing variation data for some glyphs. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

diff --git a/ChangeLog b/ChangeLog
index 3ff78d6..6294dfd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2017-01-31  Werner Lemberg  <wl@gnu.org>
 
+	[truetype] Fix sanity check for `gvar' table (#50184).
+
+	* src/truetype/ttgxvar.c (ft_var_load_gvar): There might be missing
+	variation data for some glyphs.
+
+2017-01-31  Werner Lemberg  <wl@gnu.org>
+
 	[autofit] Avoid uninitialized jumps (#50191).
 
 	* src/autofit/afcjk.c (af_cjk_metrics_check_digits),
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index fec40d3..0e34a2a 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -1379,10 +1379,9 @@
       goto Exit;
     }
 
-    /* rough sanity check: offsets can be either 2 or 4 bytes, */
-    /* and a single variation needs at least 4 bytes per glyph */
+    /* rough sanity check: offsets can be either 2 or 4 bytes */
     if ( (FT_ULong)gvar_head.glyphCount *
-           ( ( gvar_head.flags & 1 ) ? 8 : 6 ) > table_len )
+           ( ( gvar_head.flags & 1 ) ? 4 : 2 ) > table_len )
     {
       FT_TRACE1(( "ft_var_load_gvar: invalid number of glyphs\n" ));
       error = FT_THROW( Invalid_Table );
kmx.io     mail     discord kmxgit v0.4.0