From 3a528bbe5aec292598f655567ac48a06e3d2c137 Mon Sep 17 00:00:00 2001
From: Hin-Tak Leung <htl10@users.sourceforge.net>
Date: Fri, 22 Jul 2016 06:59:36 +0200
Subject: [PATCH] [truetype] Record the end of IDEFs.

To match the logic in FDEF.  The value of the end is only used for
bound-checking in `Ins_JMPR', so it may not have been obvious that
it was not recorded.  Tested (as part of Font Validator 2.0) all the
fonts on Fedora and did not see any change.

* src/truetype/ttinterp.c (Ins_IDEF): Updated.
---
 ChangeLog               | 11 +++++++++++
 src/truetype/ttinterp.c |  1 +
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 616fdec22..0b206fdea 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2016-07-22  Hin-Tak Leung  <htl10@users.sourceforge.net>
+
+	[truetype] Record the end of IDEFs.
+
+	To match the logic in FDEF.  The value of the end is only used for
+	bound-checking in `Ins_JMPR', so it may not have been obvious that
+	it was not recorded.  Tested (as part of Font Validator 2.0) all the
+	fonts on Fedora and did not see any change.
+
+	* src/truetype/ttinterp.c (Ins_IDEF): Updated.
+
 2016-07-19  Werner Lemberg  <wl@gnu.org>
 
 	[truetype] Sanitizer fix, second try.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index eb6025f58..8027b0d7b 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -4008,6 +4008,7 @@
         exc->error = FT_THROW( Nested_DEFS );
         return;
       case 0x2D:   /* ENDF */
+        def->end = exc->IP;
         return;
       }
     }