vcl/source/fontsubset/sft.cxx | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
New commits:
commit 33935f3968da8e83874b64c8e17e2d818fcf1ff4
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Mon Feb 28 21:12:07 2022 +0000
Commit: Thorsten Behrens <thorsten.behr...@allotropia.de>
CommitDate: Wed Mar 2 22:27:18 2022 +0100
ofz: measure maximum possible contours
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130774
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 26abdb564dad2011a298fc1253279232cb8b59cf)
Change-Id: Ie039abd835fef06514edde12b99e17360f5481a5
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130873
Tested-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
Reviewed-by: Thorsten Behrens <thorsten.behr...@allotropia.de>
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 2d2157f6f675..8a684e472e0a 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -362,7 +362,13 @@ static int GetSimpleTTOutline(TrueTypeFont const *ttf,
sal_uInt32 glyphID, Contr
if( glyphID >= ttf->nglyphs ) /*- glyph is not present in the
font */
return 0;
- const sal_uInt8* ptr = table + ttf->goffsets[glyphID];
+ sal_uInt32 nGlyphOffset = ttf->goffsets[glyphID];
+ if (nGlyphOffset > nTableSize)
+ return 0;
+
+ const sal_uInt8* ptr = table + nGlyphOffset;
+ const sal_uInt32 nMaxGlyphSize = nTableSize - nGlyphOffset;
+
const sal_Int16 numberOfContours = GetInt16(ptr,
GLYF_numberOfContours_offset);
if( numberOfContours <= 0 ) /*- glyph is not simple */
return 0;
@@ -377,7 +383,7 @@ static int GetSimpleTTOutline(TrueTypeFont const *ttf,
sal_uInt32 glyphID, Contr
/* determine the last point and be extra safe about it. But probably this
code is not needed */
sal_uInt16 lastPoint=0;
- const sal_Int32 nMaxContours = (nTableSize - 10)/2;
+ const sal_Int32 nMaxContours = (nMaxGlyphSize - 10)/2;
if (numberOfContours > nMaxContours)
return 0;
for (i=0; i<numberOfContours; i++)
