* src/truetype/ttpload.c (tt_face_load_loca): Sanitize table length.

This trivial fix allows us to accept more fonts.

Problem reported by 張俊芝 <418092625@qq.com>.
This commit is contained in:
Werner Lemberg 2016-12-24 08:17:19 +01:00
parent 1fecdfe346
commit fde0b78cce
2 changed files with 10 additions and 4 deletions

View File

@ -1,3 +1,11 @@
2016-12-24 Werner Lemberg <wl@gnu.org>
* src/truetype/ttpload.c (tt_face_load_loca): Sanitize table length.
This trivial fix allows us to accept more fonts.
Problem reported by 張俊芝 <418092625@qq.com>.
2016-12-24 Werner Lemberg <wl@gnu.org> 2016-12-24 Werner Lemberg <wl@gnu.org>
* src/sfnt/sfobjs.c (sfnt_init_face): Fix tracing. * src/sfnt/sfobjs.c (sfnt_init_face): Fix tracing.

View File

@ -104,8 +104,7 @@
if ( table_len >= 0x40000L ) if ( table_len >= 0x40000L )
{ {
FT_TRACE2(( "table too large\n" )); FT_TRACE2(( "table too large\n" ));
error = FT_THROW( Invalid_Table ); table_len = 0x3FFFFL;
goto Exit;
} }
face->num_locations = table_len >> shift; face->num_locations = table_len >> shift;
} }
@ -116,8 +115,7 @@
if ( table_len >= 0x20000L ) if ( table_len >= 0x20000L )
{ {
FT_TRACE2(( "table too large\n" )); FT_TRACE2(( "table too large\n" ));
error = FT_THROW( Invalid_Table ); table_len = 0x1FFFFL;
goto Exit;
} }
face->num_locations = table_len >> shift; face->num_locations = table_len >> shift;
} }