vcl/source/fontsubset/sft.cxx | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
New commits:
commit a8234d497011a5b045ce263652f1465cab14e708
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 3 09:26:18 2022 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Thu Mar 3 16:29:33 2022 +0100
ofz: Use-of-uninitialized-value
Change-Id: I358d826a1dafe345f610d26d0d517a7357c838d2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130854
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
Tested-by: Jenkins
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 124b4f249655..9a9163a6787c 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -378,7 +378,11 @@ static int GetSimpleTTOutline(AbstractTrueTypeFont const
*ttf, sal_uInt32 glyphI
lastPoint = t;
}
- sal_uInt16 instLen = GetUInt16(ptr, 10 + numberOfContours*2);
+ sal_uInt32 nInstLenOffset = 10 + numberOfContours * 2;
+ if (nInstLenOffset + 2 > nMaxGlyphSize)
+ return 0;
+ sal_uInt16 instLen = GetUInt16(ptr, nInstLenOffset);
+
sal_uInt32 nOffset = 10 + 2 * numberOfContours + 2 + instLen;
if (nOffset > nMaxGlyphSize)
return 0;
