Fix Savannah bug #30254.

* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for first offset also.
2010-06-25 21:55:14 +02:00 · 2010-06-25 21:55:14 +02:00 · e23ba91af7
commit e23ba91af7
parent c69891a134
2 changed files with 16 additions and 0 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2010-06-25  Werner Lemberg  <wl@gnu.org>
+
+	Fix Savannah bug #30254.
+
+	* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for
+	first offset also.
+
 2010-06-25  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>

 	Initial fix for Savannah bug #30248 and #30249.
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@ -413,6 +413,15 @@
      /* at this point, `idx->offsets' can't be NULL */
      cur_offset = idx->offsets[0] - 1;

+      /* sanity check */
+      if ( cur_offset >= idx->data_size )
+      {
+        FT_TRACE0(( "cff_index_get_pointers:"
+                    " invalid first offset value %d set to zero\n",
+                    cur_offset ));
+        cur_offset = 0;
+      }
+
      if ( !pool )
        t[0] = org_bytes + cur_offset;
      else