vcl/source/fontsubset/sft.cxx | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
New commits:
commit 20b8e046a5e132cb0db2e833ff3e84805511efab
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu Mar 3 09:35:08 2022 +0000
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Fri Mar 4 11:20:50 2022 +0100
ofz: check hmtx offset
Change-Id: I650a37472c70771d40febe52efcb723195856421
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130856
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 9a9163a6787c..ec0272027d6c 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2229,12 +2229,29 @@ GlyphData *GetTTRawGlyphData(AbstractTrueTypeFont *ttf,
sal_uInt32 glyphID)
}
/* get advance width and left sidebearing */
+ sal_uInt32 nAwOffset;
+ sal_uInt32 nLsboffset;
if (glyphID < ttf->horzMetricCount()) {
- d->aw = GetUInt16(hmtx, 4 * glyphID);
- d->lsb = GetInt16(hmtx, 4 * glyphID + 2);
+ nAwOffset = 4 * glyphID;
+ nLsboffset = 4 * glyphID + 2;
} else {
- d->aw = GetUInt16(hmtx, 4 * (ttf->horzMetricCount() - 1));
- d->lsb = GetInt16(hmtx + ttf->horzMetricCount() * 4, (glyphID -
ttf->horzMetricCount()) * 2);
+ nAwOffset = 4 * (ttf->horzMetricCount() - 1);
+ nLsboffset = (ttf->horzMetricCount() * 4) + ((glyphID -
ttf->horzMetricCount()) * 2);
+ }
+
+ if (nAwOffset + 2 <= hmtxlength)
+ d->aw = GetUInt16(hmtx, nAwOffset);
+ else
+ {
+ SAL_WARN("vcl.fonts", "hmtx offset " << nAwOffset << " not available");
+ d->aw = 0;
+ }
+ if (nLsboffset + 2 <= hmtxlength)
+ d->lsb = GetInt16(hmtx, nLsboffset);
+ else
+ {
+ SAL_WARN("vcl.fonts", "hmtx offset " << nLsboffset << " not
available");
+ d->lsb = 0;
}
return d;
