vcl/source/fontsubset/sft.cxx |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

New commits:
commit 08dd51bfcaa6b493e134bcc7787cc18c36ad5db1
Author: Caolán McNamara <caol...@redhat.com>
Date:   Wed Feb 7 15:33:36 2018 +0000

    check table size before reading nglyphs
    
    Change-Id: Ib511fdf16006877ca76085137eb9200601b2f8f7
    Reviewed-on: https://gerrit.libreoffice.org/49363
    Tested-by: Jenkins <c...@libreoffice.org>
    Reviewed-by: Caolán McNamara <caol...@redhat.com>
    Tested-by: Caolán McNamara <caol...@redhat.com>

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 21ffb3c13255..48326e11c0f0 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -1656,7 +1656,8 @@ static int doOpenTTFont( sal_uInt32 facenum, 
TrueTypeFont* t )
     }
 
     const sal_uInt8* table = getTable(t, O_maxp);
-    t->nglyphs = GetUInt16(table, 4);
+    sal_uInt32 table_size = getTableSize(t, O_maxp);
+    t->nglyphs = table_size >= 6 ? GetUInt16(table, 4) : 0;
 
     table = getTable(t, O_head);
     t->unitsPerEm = GetUInt16(table, 18);
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

Reply via email to