summaryrefslogtreecommitdiff
path: root/vcl/source/fontsubset/sft.cxx
diff options
context:
space:
mode:
Diffstat (limited to 'vcl/source/fontsubset/sft.cxx')
-rw-r--r--vcl/source/fontsubset/sft.cxx17
1 files changed, 10 insertions, 7 deletions
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 8b00a3024a19..2fdd6ea0e705 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -1226,16 +1226,19 @@ static void FindCmap(TrueTypeFont *ttf)
sal_uInt32 ThreeSix = 0; /* MS Johab */
for (i = 0; i < ncmaps; i++) {
- sal_uInt32 offset;
- sal_uInt16 pID, eID;
-
/* sanity check, cmap entry must lie within table */
- if( i*8+4 > table_size )
+ sal_uInt32 nLargestFixedOffsetPos = 8 + i * 8;
+ sal_uInt32 nMinSize = nLargestFixedOffsetPos + sizeof(sal_uInt32);
+ if (nMinSize > table_size)
+ {
+ SAL_WARN( "vcl.fonts", "Font " << OUString::createFromAscii(ttf->fname) << " claimed to have "
+ << ncmaps << " cmaps, but only space for " << i);
break;
+ }
- pID = GetUInt16(table, 4 + i * 8, 1);
- eID = GetUInt16(table, 6 + i * 8, 1);
- offset = GetUInt32(table, 8 + i * 8, 1);
+ sal_uInt16 pID = GetUInt16(table, 4 + i * 8, 1);
+ sal_uInt16 eID = GetUInt16(table, 6 + i * 8, 1);
+ sal_uInt32 offset = GetUInt32(table, nLargestFixedOffsetPos, 1);
/* sanity check, cmap must lie within file */
if( (table - ttf->ptr) + offset > (sal_uInt32)ttf->fsize )
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-30 14:06:39 +0000