[Libreoffice-commits] core.git: vcl/source
Caolán McNamara
caolanm at redhat.com
Thu Feb 8 14:59:40 UTC 2018
vcl/source/fontsubset/sft.cxx | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
New commits:
commit f4e32af7450c4e6fa1063aec95ba9df49c055a3b
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Feb 7 16:05:08 2018 +0000
stay within font bounds
Change-Id: Ie8ed610b71cb1b20963827c2be97155d2d8aa22c
Reviewed-on: https://gerrit.libreoffice.org/49369
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index cfad36e35f64..c61c74b672dd 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -1563,7 +1563,12 @@ static int doOpenTTFont( sal_uInt32 facenum, TrueTypeFont* t )
/* parse the tables */
for (i=0; i<static_cast<int>(t->ntables); i++) {
int nIndex;
- tag = GetUInt32(t->ptr + tdoffset + 12, 16 * i);
+ const sal_uInt32 nStart = tdoffset + 12;
+ const sal_uInt32 nOffset = 16 * i;
+ if (nStart + nOffset + sizeof(sal_uInt32) <= static_cast<sal_uInt32>(t->fsize))
+ tag = GetUInt32(t->ptr + nStart, nOffset);
+ else
+ tag = static_cast<sal_uInt32>(-1);
switch( tag ) {
case T_maxp: nIndex = O_maxp; break;
case T_glyf: nIndex = O_glyf; break;
More information about the Libreoffice-commits
mailing list