diff --git a/ChangeLog b/ChangeLog index 46e6b1e63..ada0ea106 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2008-05-13 Werner Lemberg + + * src/winfonts/winfnt.c (fnt_face_get_dll_font, FNT_Face_Init): + Handle case `face_index < 0'. + * docs/CHANGES: Document it. + 2008-05-04 Werner Lemberg First steps to fix the scaling bug of CID-keyed CFF subfonts, diff --git a/docs/CHANGES b/docs/CHANGES index c11802fe3..375273dec 100644 --- a/docs/CHANGES +++ b/docs/CHANGES @@ -14,6 +14,8 @@ CHANGES BETWEEN 2.3.6 and 2.3.5 - Subsetted CID-keyed CFFs are now supported correctly. + - A call to FT_Open_Face with `face_index' < 0 crashed FreeType if + the font was a Windows (bitmap) FNT/FON. II. IMPORTANT CHANGES diff --git a/src/winfonts/winfnt.c b/src/winfonts/winfnt.c index 6b768fb90..833fb888a 100644 --- a/src/winfonts/winfnt.c +++ b/src/winfonts/winfnt.c @@ -4,7 +4,7 @@ /* */ /* FreeType font driver for Windows FNT/FON files */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2007 by */ +/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2007, 2008 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* Copyright 2003 Huw D M Davies for Codeweavers */ /* Copyright 2007 Dmitry Timoshkov for Codeweavers */ @@ -363,6 +363,8 @@ error = FNT_Err_Bad_Argument; goto Exit; } + else if ( face_index < 0 ) + goto Exit; if ( FT_NEW( face->font ) ) goto Exit; @@ -692,6 +694,9 @@ /* try to load font from a DLL */ error = fnt_face_get_dll_font( face, face_index ); + if ( !error && face_index < 0 ) + goto Exit; + if ( error == FNT_Err_Unknown_File_Format ) { /* this didn't work; try to load a single FNT font */ @@ -708,8 +713,13 @@ error = fnt_font_load( font, stream ); - if ( !error && face_index > 0 ) - error = FNT_Err_Bad_Argument; + if ( !error ) + { + if ( face_index > 0 ) + error = FNT_Err_Bad_Argument; + else if ( face_index < 0 ) + goto Exit; + } } if ( error )