Commit ec4372f56552b7370d6693db8b4d44d412e2dd6a
2010-11-18T20:34:22
[truetype] Fix `loca' handling for inconsistent number of glyphs. Reported by Johnson Y. Yan <yinsen_yan@foxitsoftware.com>. * src/truetype/ttpload.c (tt_face_load_loca): While sanitizing, handle case where `loca' is the last table in the font.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
diff --git a/ChangeLog b/ChangeLog
index 10d4631..2b292ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2010-11-18 Werner Lemberg <wl@gnu.org>
+ [truetype] Fix `loca' handling for inconsistent number of glyphs.
+ Reported by Johnson Y. Yan <yinsen_yan@foxitsoftware.com>.
+
+ * src/truetype/ttpload.c (tt_face_load_loca): While sanitizing,
+ handle case where `loca' is the last table in the font.
+
+2010-11-18 Werner Lemberg <wl@gnu.org>
+
[sfnt] Ignore all errors while loading `OS/2' table.
Suggested by Johnson Y. Yan <yinsen_yan@foxitsoftware.com>.
diff --git a/src/truetype/ttpload.c b/src/truetype/ttpload.c
index c531733..68a5453 100644
--- a/src/truetype/ttpload.c
+++ b/src/truetype/ttpload.c
@@ -4,7 +4,7 @@
/* */
/* TrueType-specific tables loader (body). */
/* */
-/* Copyright 1996-2001, 2002, 2004, 2005, 2006, 2007, 2008, 2009 by */
+/* Copyright 1996-2001, 2002, 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -137,6 +137,12 @@
dist = diff;
}
+ if ( entry == limit )
+ {
+ /* `loca' is the last table */
+ dist = stream->size - pos;
+ }
+
if ( new_loca_len <= dist )
{
face->num_locations = face->root.num_glyphs;
@@ -307,7 +313,7 @@
FT_Short* limit = cur + face->cvt_size;
- for ( ; cur < limit; cur++ )
+ for ( ; cur < limit; cur++ )
*cur = FT_GET_SHORT();
}