* src/winfonts/winfnt.c (fnt_face_get_dll_font, FNT_Face_Init): Handle case `face_index < 0'. * docs/CHANGES: Document it.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75
diff --git a/ChangeLog b/ChangeLog
index 46e6b1e..ada0ea1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-05-13 Werner Lemberg <wl@gnu.org>
+
+ * src/winfonts/winfnt.c (fnt_face_get_dll_font, FNT_Face_Init):
+ Handle case `face_index < 0'.
+ * docs/CHANGES: Document it.
+
2008-05-04 Werner Lemberg <wl@gnu.org>
First steps to fix the scaling bug of CID-keyed CFF subfonts,
diff --git a/docs/CHANGES b/docs/CHANGES
index c11802f..375273d 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -14,6 +14,8 @@ CHANGES BETWEEN 2.3.6 and 2.3.5
- Subsetted CID-keyed CFFs are now supported correctly.
+ - A call to FT_Open_Face with `face_index' < 0 crashed FreeType if
+ the font was a Windows (bitmap) FNT/FON.
II. IMPORTANT CHANGES
diff --git a/src/winfonts/winfnt.c b/src/winfonts/winfnt.c
index 6b768fb..833fb88 100644
--- a/src/winfonts/winfnt.c
+++ b/src/winfonts/winfnt.c
@@ -4,7 +4,7 @@
/* */
/* FreeType font driver for Windows FNT/FON files */
/* */
-/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2007 by */
+/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2007, 2008 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* Copyright 2003 Huw D M Davies for Codeweavers */
/* Copyright 2007 Dmitry Timoshkov for Codeweavers */
@@ -363,6 +363,8 @@
error = FNT_Err_Bad_Argument;
goto Exit;
}
+ else if ( face_index < 0 )
+ goto Exit;
if ( FT_NEW( face->font ) )
goto Exit;
@@ -692,6 +694,9 @@
/* try to load font from a DLL */
error = fnt_face_get_dll_font( face, face_index );
+ if ( !error && face_index < 0 )
+ goto Exit;
+
if ( error == FNT_Err_Unknown_File_Format )
{
/* this didn't work; try to load a single FNT font */
@@ -708,8 +713,13 @@
error = fnt_font_load( font, stream );
- if ( !error && face_index > 0 )
- error = FNT_Err_Bad_Argument;
+ if ( !error )
+ {
+ if ( face_index > 0 )
+ error = FNT_Err_Bad_Argument;
+ else if ( face_index < 0 )
+ goto Exit;
+ }
}
if ( error )