[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master df2cf43: [truetype] Fix `cvar' sanity test.
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master df2cf43: [truetype] Fix `cvar' sanity test. |
|
Date: |
Fri, 16 Dec 2016 10:38:34 +0000 (UTC) |
branch: master
commit df2cf43e94fcf43d2d4b7574495eb3a0a9d5858a
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[truetype] Fix `cvar' sanity test.
Reported by Dave Arnold.
* src/truetype/ttgxvar.c (tt_face_vary_cvt): Use tuple count mask.
---
ChangeLog | 8 ++++++++
src/truetype/ttgxvar.c | 3 ++-
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 8fed6a2..b89a082 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2016-12-16 Werner Lemberg <address@hidden>
+ [truetype] Fix `cvar' sanity test.
+
+ Reported by Dave Arnold.
+
+ * src/truetype/ttgxvar.c (tt_face_vary_cvt): Use tuple count mask.
+
+2016-12-16 Werner Lemberg <address@hidden>
+
[cff, truetype] Remove compiler warnings; fix `make multi'.
* src/cff/cf2font.h: Include `cffload.h'.
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index dae0cb7..12a3160 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -2020,7 +2020,8 @@
offsetToData = FT_GET_USHORT();
/* rough sanity test */
- if ( offsetToData + tupleCount * 4 > table_len )
+ if ( offsetToData + ( tupleCount & GX_TC_TUPLE_COUNT_MASK ) * 4 >
+ table_len )
{
FT_TRACE2(( "tt_face_vary_cvt:"
" invalid CVT variation array header\n" ));
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master df2cf43: [truetype] Fix `cvar' sanity test.,
Werner LEMBERG <=