[Libreoffice-commits] core.git: Branch 'libreoffice-7-2' - vcl/source

Mon, 07 Mar 2022 03:15:04 -0800 

 vcl/source/fontsubset/sft.cxx |   16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

New commits:
commit c3b0367c9aa452c3b8a179c992df948495cf067d
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Sat Mar 5 10:03:43 2022 +0000
Commit:     Michael Stahl <michael.st...@allotropia.de>
CommitDate: Mon Mar 7 12:14:20 2022 +0100

    ofz: record less than 10 bytes is invalid
    
    Change-Id: Ie6b88efbc12b4c7fddb7459e50cba28fcbcf35fe
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/131011
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 98b758064943..1734463ae1a8 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -353,11 +353,18 @@ static int GetSimpleTTOutline(AbstractTrueTypeFont const 
*ttf, sal_uInt32 glyphI
 
     const sal_uInt8* ptr = table + nGlyphOffset;
     const sal_uInt32 nMaxGlyphSize = nTableSize - nGlyphOffset;
+    constexpr sal_uInt32 nContourOffset = 10;
+    if (nMaxGlyphSize < nContourOffset)
+        return 0;
 
     const sal_Int16 numberOfContours = GetInt16(ptr, 
GLYF_numberOfContours_offset);
     if( numberOfContours <= 0 )             /*- glyph is not simple */
         return 0;
 
+    const sal_Int32 nMaxContours = (nMaxGlyphSize - nContourOffset)/2;
+    if (numberOfContours > nMaxContours)
+        return 0;
+
     if (metrics) {                                                    /*- 
GetCompoundTTOutline() calls this function with NULL metrics -*/
         metrics->xMin = GetInt16(ptr, GLYF_xMin_offset);
         metrics->yMin = GetInt16(ptr, GLYF_yMin_offset);
@@ -368,22 +375,19 @@ static int GetSimpleTTOutline(AbstractTrueTypeFont const 
*ttf, sal_uInt32 glyphI
 
     /* determine the last point and be extra safe about it. But probably this 
code is not needed */
     sal_uInt16 lastPoint=0;
-    const sal_Int32 nMaxContours = (nMaxGlyphSize - 10)/2;
-    if (numberOfContours > nMaxContours)
-        return 0;
     for (i=0; i<numberOfContours; i++)
     {
-        const sal_uInt16 t = GetUInt16(ptr, 10+i*2);
+        const sal_uInt16 t = GetUInt16(ptr, nContourOffset + i * 2);
         if (t > lastPoint)
             lastPoint = t;
     }
 
-    sal_uInt32 nInstLenOffset = 10 + numberOfContours * 2;
+    sal_uInt32 nInstLenOffset = nContourOffset + numberOfContours * 2;
     if (nInstLenOffset + 2 > nMaxGlyphSize)
         return 0;
     sal_uInt16 instLen = GetUInt16(ptr, nInstLenOffset);
 
-    sal_uInt32 nOffset = 10 + 2 * numberOfContours + 2 + instLen;
+    sal_uInt32 nOffset = nContourOffset + 2 * numberOfContours + 2 + instLen;
     if (nOffset > nMaxGlyphSize)
         return 0;
     const sal_uInt8* p = ptr + nOffset;

Reply via email to