* src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo.

Also improve tracing message. Problem reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738919
2017-07-12 00:24:48 +02:00 · 2017-07-12 00:24:48 +02:00 · 3d083fc213
commit 3d083fc213
parent 39af82ebbf
2 changed files with 14 additions and 4 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+2017-07-12  Werner Lemberg  <wl@gnu.org>
+
+	* src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo.
+
+	Also improve tracing message.
+
+	Problem reported as
+
+	  https://bugs.chromium.org/p/chromium/issues/detail?id=738919
+
 2017-07-07  Werner Lemberg  <wl@gnu.org>

 	[cff] Integer overflow.
--- a/src/truetype/ttpload.c
+++ b/src/truetype/ttpload.c
@ -247,13 +247,13 @@
    if ( pos2 > face->glyf_len )
    {
      /* We try to sanitize the last `loca' entry. */
-      if ( gindex == face->num_locations - 1 )
+      if ( gindex == face->num_locations - 2 )
      {
        FT_TRACE1(( "tt_face_get_location:"
-                    " too large offset (0x%08lx) found for glyph index %ld,\n"
+                    " too large size (%ld bytes) found for glyph index %ld,\n"
                    "                     "
-                    " truncating at the end of `glyf' table (0x%08lx)\n",
-                    pos2, gindex + 1, face->glyf_len ));
+                    " truncating at the end of `glyf' table to %ld bytes\n",
+                    pos2 - pos1, gindex, face->glyf_len - pos1 ));
        pos2 = face->glyf_len;
      }
      else