vcl/source/fontsubset/sft.cxx | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
New commits:
commit 44f422048754c5fe3540750eec996c8a63bf6da4
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Jun 6 10:07:11 2014 +0100
use sfntLen in DumpSfnts to do some sanity checking
Change-Id: Ic3b196f925a1699f02ad9a5c1183ea767e3e91cf
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 2fdd6ea..e2c136b 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2091,7 +2091,6 @@ static void DumpSfnts(FILE *outf, sal_uInt8 *sfntP,
sal_uInt32 sfntLen)
assert(numTables <= 9); /* Type42 has 9
required tables */
sal_uInt32* offs = (sal_uInt32*)scalloc(numTables, sizeof(sal_uInt32));
-// sal_uInt32* lens = (sal_uInt32*)scalloc(numTables, sizeof(sal_uInt32));
fputs("/sfnts [", outf);
HexFmtOpenString(h);
@@ -2099,9 +2098,18 @@ static void DumpSfnts(FILE *outf, sal_uInt8 *sfntP,
sal_uInt32 sfntLen)
HexFmtBlockWrite(h, sfntP+12, 16 * numTables); /* stream out the
Table Directory */
for (i=0; i<numTables; i++) {
- sal_uInt32 tag = GetUInt32(sfntP + 12, 16 * i, 1);
- sal_uInt32 off = GetUInt32(sfntP + 12, 16 * i + 8, 1);
- sal_uInt32 len = GetUInt32(sfntP + 12, 16 * i + 12, 1);
+ sal_uInt32 nLargestFixedOffsetPos = 12 + 16 * i + 12;
+ sal_uInt32 nMinSize = nLargestFixedOffsetPos + sizeof(sal_uInt32);
+ if (nMinSize > sfntLen)
+ {
+ SAL_WARN( "vcl.fonts", "DumpSfnts claimed to have "
+ << numTables << " tables, but only space for " << i);
+ break;
+ }
+
+ sal_uInt32 tag = GetUInt32(sfntP, 12 + 16 * i, 1);
+ sal_uInt32 off = GetUInt32(sfntP, 12 + 16 * i + 8, 1);
+ sal_uInt32 len = GetUInt32(sfntP, 12 + 16 * i + 12, 1);
if (tag != T_glyf) {
HexFmtBlockWrite(h, sfntP + off, len);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
