[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 839cb40: * src/truetype/ttgxvar.c (tt_set_mm_blend):
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master 839cb40: * src/truetype/ttgxvar.c (tt_set_mm_blend): Fix off-by-one error. |
|
Date: |
Sun, 15 Jul 2018 23:49:16 -0400 (EDT) |
branch: master
commit 839cb404cf73f4410d58ebb3a99d16e08f4bdee7
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
* src/truetype/ttgxvar.c (tt_set_mm_blend): Fix off-by-one error.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9412
---
ChangeLog | 8 ++++++++
src/truetype/ttgxvar.c | 7 +++++--
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 87f3d17..9ce6368 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-07-16 Werner Lemberg <address@hidden>
+
+ * src/truetype/ttgxvar.c (tt_set_mm_blend): Fix off-by-one error.
+
+ Reported as
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9412
+
2018-07-12 Werner Lemberg <address@hidden>
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Init `cbox'.
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 0937301..d143fce 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -2533,11 +2533,14 @@
if ( FT_IS_NAMED_INSTANCE( FT_FACE( face ) ) )
{
- FT_UInt idx = (FT_UInt)face->root.face_index >> 16;
+ FT_UInt instance_index = (FT_UInt)face->root.face_index >> 16;
c = blend->normalizedcoords + i;
- n = blend->normalized_stylecoords + idx * mmvar->num_axis + i;
+ n = blend->normalized_stylecoords +
+ ( instance_index - 1 ) * mmvar->num_axis +
+ i;
+
for ( j = i; j < mmvar->num_axis; j++, n++, c++ )
if ( *c != *n )
have_diff = 1;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 839cb40: * src/truetype/ttgxvar.c (tt_set_mm_blend): Fix off-by-one error.,
Werner LEMBERG <=