Fix Savannah bug #39702.
* src/cff/cffload.c (cff_index_get_pointers): Check for `cur_offset != 0'; this stronger test is mandated by the CFF specification. Fix test for INDEX structures which have one or more empty entries at the end.
This commit is contained in:
parent
a32682f176
commit
9bcfab8758
|
@ -1,3 +1,12 @@
|
|||
2013-08-06 John Tytgat <John.Tytgat@esko.com>
|
||||
|
||||
Fix Savannah bug #39702.
|
||||
|
||||
* src/cff/cffload.c (cff_index_get_pointers): Check for `cur_offset
|
||||
!= 0'; this stronger test is mandated by the CFF specification.
|
||||
Fix test for INDEX structures which have one or more empty entries
|
||||
at the end.
|
||||
|
||||
2013-08-05 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
Fix gcc pragmas, part 2.
|
||||
|
|
|
@ -414,7 +414,7 @@
|
|||
cur_offset = idx->offsets[0] - 1;
|
||||
|
||||
/* sanity check */
|
||||
if ( cur_offset >= idx->data_size )
|
||||
if ( cur_offset != 0 )
|
||||
{
|
||||
FT_TRACE0(( "cff_index_get_pointers:"
|
||||
" invalid first offset value %d set to zero\n",
|
||||
|
@ -432,11 +432,11 @@
|
|||
FT_ULong next_offset = idx->offsets[n] - 1;
|
||||
|
||||
|
||||
/* empty slot + two sanity checks for invalid offset tables */
|
||||
if ( next_offset == 0 ||
|
||||
next_offset < cur_offset ||
|
||||
( next_offset >= idx->data_size && n < idx->count ) )
|
||||
/* two sanity checks for invalid offset tables */
|
||||
if ( next_offset < cur_offset )
|
||||
next_offset = cur_offset;
|
||||
else if ( next_offset > idx->data_size )
|
||||
next_offset = idx->data_size;
|
||||
|
||||
if ( !pool )
|
||||
t[n] = org_bytes + next_offset;
|
||||
|
|
Loading…
Reference in New Issue