projects / mupdf.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bc9d8f3)
Bug 707808: Check limit of index before using it in font subsetting.
authorSebastian Rasmussen <[email protected]>
Mon, 3 Jun 2024 11:06:41 +0000 (13:06 +0200)
committerTor Andersson <[email protected]>
Wed, 5 Jun 2024 16:25:14 +0000 (18:25 +0200)
Without this certain files may cause ASAN complaints. Also the check
is off by one, so now warn if the index is the same as the count.

source/fitz/subset-ttf.c patch | blob | blame | history

diff --git a/source/fitz/subset-ttf.c b/source/fitz/subset-ttf.c
index aeeacbf77a014c552baa93c2af0c1647251344a5..af59bc6cbc51f20475331d7791ae0ba8d7f8c97f 100644 (file)
--- a/source/fitz/subset-ttf.c
+++ b/source/fitz/subset-ttf.c
@@ -1060,15 +1060,15 @@ glyph_used(fz_context *ctx, ttf_t *ttf, fz_buffer *glyf, uint16_t i)
        const uint8_t *data;
        uint16_t flags;
 
-       if (ttf->gid_renum[i] != 0)
-               return;
-
-       if (i > ttf->orig_num_glyphs)
+       if (i >= ttf->orig_num_glyphs)
        {
-               fz_warn(ctx, "TTF subsetting; gid > num_gids!");
+               fz_warn(ctx, "TTF subsetting; gid >= num_gids!");
                return;
        }
 
+       if (ttf->gid_renum[i] != 0)
+               return;
+
        ttf->gid_renum[i] = 1;
 
        /* If this glyf is composite, then we need to add any dependencies of it. */
MuPDF library