forked from minhngoc25a/freetype2
Fix Savannah bug #30254.
* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for first offset also.
This commit is contained in:
parent
c69891a134
commit
e23ba91af7
|
@ -1,3 +1,10 @@
|
||||||
|
2010-06-25 Werner Lemberg <wl@gnu.org>
|
||||||
|
|
||||||
|
Fix Savannah bug #30254.
|
||||||
|
|
||||||
|
* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for
|
||||||
|
first offset also.
|
||||||
|
|
||||||
2010-06-25 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
|
2010-06-25 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
|
||||||
|
|
||||||
Initial fix for Savannah bug #30248 and #30249.
|
Initial fix for Savannah bug #30248 and #30249.
|
||||||
|
|
|
@ -413,6 +413,15 @@
|
||||||
/* at this point, `idx->offsets' can't be NULL */
|
/* at this point, `idx->offsets' can't be NULL */
|
||||||
cur_offset = idx->offsets[0] - 1;
|
cur_offset = idx->offsets[0] - 1;
|
||||||
|
|
||||||
|
/* sanity check */
|
||||||
|
if ( cur_offset >= idx->data_size )
|
||||||
|
{
|
||||||
|
FT_TRACE0(( "cff_index_get_pointers:"
|
||||||
|
" invalid first offset value %d set to zero\n",
|
||||||
|
cur_offset ));
|
||||||
|
cur_offset = 0;
|
||||||
|
}
|
||||||
|
|
||||||
if ( !pool )
|
if ( !pool )
|
||||||
t[0] = org_bytes + cur_offset;
|
t[0] = org_bytes + cur_offset;
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue