vcl/source/fontsubset/sft.cxx | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
New commits: commit 29c77bd5c0984deba5a747cfa55f249188b578c8 Author: Caolán McNamara <[email protected]> AuthorDate: Sun Feb 27 12:21:47 2022 +0000 Commit: Michael Stahl <[email protected]> CommitDate: Tue Mar 1 18:02:09 2022 +0100 ofz#45082 Out-of-memory Change-Id: I274a6beeec0013f5b974017500fe31bcecabfa86 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130636 Tested-by: Jenkins Reviewed-by: Michael Stahl <[email protected]> diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index 71e84fae3402..4d2eba36c7f3 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -2098,10 +2098,15 @@ GlyphData *GetTTRawGlyphData(AbstractTrueTypeFont *ttf, sal_uInt32 glyphID) return nullptr; /* #127161# check the glyph offsets */ + sal_uInt32 nNextOffset = ttf->glyphOffset(glyphID + 1); + sal_uInt32 nOffset = ttf->glyphOffset(glyphID); + if (nNextOffset < nOffset) + return nullptr; + if (length < ttf->glyphOffset(glyphID + 1)) return nullptr; - length = ttf->glyphOffset(glyphID + 1) - ttf->glyphOffset(glyphID); + length = nNextOffset - nOffset; GlyphData* d = static_cast<GlyphData*>(malloc(sizeof(GlyphData))); assert(d != nullptr);
