From 2ca987b1a9bcb6bf248d31972b3035fb5e302896 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= Date: Mon, 28 Feb 2022 21:12:07 +0000 Subject: [PATCH] ofz: measure maximum possible contours MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Ie039abd835fef06514edde12b99e17360f5481a5 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130731 Tested-by: Jenkins Reviewed-by: Caolán McNamara --- vcl/source/fontsubset/sft.cxx | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index f101670d9ab5..f59b571eb329 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -348,7 +348,13 @@ static int GetSimpleTTOutline(AbstractTrueTypeFont const *ttf, sal_uInt32 glyphI if (glyphID >= ttf->glyphCount()) return 0; - const sal_uInt8* ptr = table + ttf->glyphOffset(glyphID); + sal_uInt32 nGlyphOffset = ttf->glyphOffset(glyphID); + if (nGlyphOffset > nTableSize) + return 0; + + const sal_uInt8* ptr = table + nGlyphOffset; + const sal_uInt32 nMaxGlyphSize = nTableSize - nGlyphOffset; + const sal_Int16 numberOfContours = GetInt16(ptr, GLYF_numberOfContours_offset); if( numberOfContours <= 0 ) /*- glyph is not simple */ return 0; @@ -363,7 +369,7 @@ static int GetSimpleTTOutline(AbstractTrueTypeFont const *ttf, sal_uInt32 glyphI /* determine the last point and be extra safe about it. But probably this code is not needed */ sal_uInt16 lastPoint=0; - const sal_Int32 nMaxContours = (nTableSize - 10)/2; + const sal_Int32 nMaxContours = (nMaxGlyphSize - 10)/2; if (numberOfContours > nMaxContours) return 0; for (i=0; i