vcl/source/fontsubset/sft.cxx | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
New commits: commit f4e32af7450c4e6fa1063aec95ba9df49c055a3b Author: Caolán McNamara <[email protected]> Date: Wed Feb 7 16:05:08 2018 +0000 stay within font bounds Change-Id: Ie8ed610b71cb1b20963827c2be97155d2d8aa22c Reviewed-on: https://gerrit.libreoffice.org/49369 Tested-by: Jenkins <[email protected]> Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index cfad36e35f64..c61c74b672dd 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -1563,7 +1563,12 @@ static int doOpenTTFont( sal_uInt32 facenum, TrueTypeFont* t ) /* parse the tables */ for (i=0; i<static_cast<int>(t->ntables); i++) { int nIndex; - tag = GetUInt32(t->ptr + tdoffset + 12, 16 * i); + const sal_uInt32 nStart = tdoffset + 12; + const sal_uInt32 nOffset = 16 * i; + if (nStart + nOffset + sizeof(sal_uInt32) <= static_cast<sal_uInt32>(t->fsize)) + tag = GetUInt32(t->ptr + nStart, nOffset); + else + tag = static_cast<sal_uInt32>(-1); switch( tag ) { case T_maxp: nIndex = O_maxp; break; case T_glyf: nIndex = O_glyf; break; _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
