[gxvalid] Fix a bug to detect too large offset in morx table.

* src/gxvalid/gxvmorx2.c
(gxv_morx_subtable_type2_ligActionIndex_validate): Fix a bug
that too large positive offset cannot be detected.
This commit is contained in:
suzuki toshiya 2011-10-08 01:30:49 +09:00
parent 9c98fbf634
commit faddba4474
2 changed files with 14 additions and 4 deletions

@ -1,3 +1,11 @@
2011-10-07 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
[gxvalid] Fix a bug to detect too large offset in morx table.
* src/gxvalid/gxvmorx2.c
(gxv_morx_subtable_type2_ligActionIndex_validate): Fix a bug
that too large positive offset cannot be detected.
2011-10-01 Braden Thomas <bthomas@apple.com>
Handle some border cases.

@ -173,6 +173,7 @@
FT_UShort store;
#endif
FT_ULong offset;
FT_Long gid_limit;
lig_action = FT_NEXT_ULONG( p );
@ -186,8 +187,9 @@
/* this offset is 30-bit signed value to add to GID */
/* it is different from the location offset in mort */
if ( ( offset & 0x3FFF0000UL ) == 0x3FFF0000UL )
{
if ( offset + valid->face->num_glyphs > 0x40000000UL )
{ /* negative offset */
gid_limit = valid->face->num_glyphs - ( offset & 0x0000FFFFUL );
if ( gid_limit > 0 )
return;
GXV_TRACE(( "ligature action table includes"
@ -197,8 +199,8 @@
GXV_SET_ERR_IF_PARANOID( FT_INVALID_OFFSET );
}
else if ( ( offset & 0x3FFF0000UL ) == 0x0000000UL )
{
if ( offset + valid->face->num_glyphs < 0 )
{ /* positive offset */
if ( (FT_Long)offset < valid->face->num_glyphs )
return;
GXV_TRACE(( "ligature action table includes"