From c5619beb773827928637864f81d6de0a236b77f7 Mon Sep 17 00:00:00 2001 From: Henri Verbeet Date: Mon, 17 Apr 2017 20:27:00 +0200 Subject: [PATCH] usp10: Validate positioning record sequence indices in GPOS_apply_ContextPos(). Signed-off-by: Henri Verbeet Signed-off-by: Aric Stewart Signed-off-by: Alexandre Julliard --- dlls/usp10/opentype.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c index e190b927fdc..d2e0fc5a4e0 100644 --- a/dlls/usp10/opentype.c +++ b/dlls/usp10/opentype.c @@ -2195,12 +2195,21 @@ static unsigned int GPOS_apply_ContextPos(const ScriptCache *script_cache, const for (l = 0; l < GET_BE_WORD(pr->PosCount); l++) { - int lookupIndex = GET_BE_WORD(pr_2->PosLookupRecord[l].LookupListIndex); - int SequenceIndex = GET_BE_WORD(pr_2->PosLookupRecord[l].SequenceIndex) * write_dir; + unsigned int lookup_index = GET_BE_WORD(pr_2->PosLookupRecord[l].LookupListIndex); + unsigned int sequence_index = GET_BE_WORD(pr_2->PosLookupRecord[l].SequenceIndex); - TRACE("Position: %i -> %i %i\n",l, SequenceIndex, lookupIndex); - GPOS_apply_lookup(script_cache, otm, logfont, analysis, advance, lookup, lookupIndex, - glyphs, glyph_index + SequenceIndex, glyph_count, goffset); + g = glyph_index + write_dir * sequence_index; + if (g >= glyph_count) + { + WARN("Invalid sequence index %u (glyph index %u, write dir %d).\n", + sequence_index, glyph_index, write_dir); + continue; + } + + TRACE("Position: %u -> %u %u.\n", l, sequence_index, lookup_index); + + GPOS_apply_lookup(script_cache, otm, logfont, analysis, advance, + lookup, lookup_index, glyphs, g, glyph_count, goffset); } return 1; }