[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master fb0d66d: [truetype] Fix VF check from 2018-09-12 (#54
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master fb0d66d: [truetype] Fix VF check from 2018-09-12 (#54973). |
|
Date: |
Tue, 6 Nov 2018 18:48:27 -0500 (EST) |
branch: master
commit fb0d66d04c4dd8d7f9604af1a6001b2737cb5098
Author: Ben Wagner <address@hidden>
Commit: Werner Lemberg <address@hidden>
[truetype] Fix VF check from 2018-09-12 (#54973).
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Use correct
offsets for estimates.
---
ChangeLog | 7 +++++++
src/truetype/ttgxvar.c | 4 ++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 48e7836..2b8fce8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2018-11-07 Ben Wagner <address@hidden>
+
+ [truetype] Fix VF check from 2018-09-12 (#54973).
+
+ * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Use correct
+ offsets for estimates.
+
2018-11-06 Werner Lemberg <address@hidden>
[pshinter] Fix numeric overflow.
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index ae425e4..8fda112 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -3725,8 +3725,8 @@
offsetToData = FT_GET_USHORT();
/* rough sanity test */
- if ( offsetToData + ( tupleCount & GX_TC_TUPLE_COUNT_MASK ) * 4 >
- dataSize )
+ if ( offsetToData > dataSize ||
+ ( tupleCount & GX_TC_TUPLE_COUNT_MASK ) * 4 > dataSize )
{
FT_TRACE2(( "TT_Vary_Apply_Glyph_Deltas:"
" invalid glyph variation array header\n" ));
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master fb0d66d: [truetype] Fix VF check from 2018-09-12 (#54973).,
Werner LEMBERG <=