vcl/source/fontsubset/sft.cxx | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
New commits:
commit 9c8fb5055e49f31a179477937f7820f34a04ca33
Author: Caolán McNamara <caol...@redhat.com>
Date: Wed Feb 7 15:50:35 2018 +0000
check O_head size
Change-Id: Idf5d30eaed0196cfa9266e35131c538c606a0960
Reviewed-on: https://gerrit.libreoffice.org/49365
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
Tested-by: Caolán McNamara <caol...@redhat.com>
(cherry picked from commit b10ae2faae6f3c448bbab71585550387e18cc248)
Reviewed-on: https://gerrit.libreoffice.org/49367
Reviewed-by: Michael Stahl <mst...@redhat.com>
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 5b9dba4c29ec..12ed802a2ae8 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -1459,7 +1459,6 @@ static int doOpenTTFont( sal_uInt32 facenum,
TrueTypeFont* t )
int i;
sal_uInt32 length, tag;
sal_uInt32 tdoffset = 0; /* offset to TableDirectory in a TTC file.
For TTF files is 0 */
- int indexfmt;
sal_uInt32 TTCTag = GetInt32(t->ptr, 0);
@@ -1602,8 +1601,13 @@ static int doOpenTTFont( sal_uInt32 facenum,
TrueTypeFont* t )
t->nglyphs = table_size >= 6 ? GetUInt16(table, 4) : 0;
table = getTable(t, O_head);
+ table_size = getTableSize(t, O_head);
+ if (table_size < 52) {
+ CloseTTFont(t);
+ return SF_TTFORMAT;
+ }
t->unitsPerEm = GetUInt16(table, 18);
- indexfmt = GetInt16(table, 50);
+ int indexfmt = GetInt16(table, 50);
if( ((indexfmt != 0) && (indexfmt != 1)) || (t->unitsPerEm <= 0) ) {
CloseTTFont(t);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
