Henri Verbeet : usp10: Range check glyph counts in GPOS_apply_ContextPos() .
Alexandre Julliard
julliard at winehq.org
Wed Apr 19 14:49:38 CDT 2017
Module: wine
Branch: master
Commit: 1b02c1ac50141058edd77ea373468c7bf5f13d25
URL: http://source.winehq.org/git/wine.git/?a=commit;h=1b02c1ac50141058edd77ea373468c7bf5f13d25
Author: Henri Verbeet <hverbeet at codeweavers.com>
Date: Mon Apr 17 20:26:58 2017 +0200
usp10: Range check glyph counts in GPOS_apply_ContextPos().
Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
Signed-off-by: Aric Stewart <aric at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/usp10/opentype.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
index 2cca0cb..ec425a1 100644
--- a/dlls/usp10/opentype.c
+++ b/dlls/usp10/opentype.c
@@ -2166,12 +2166,18 @@ static unsigned int GPOS_apply_ContextPos(const ScriptCache *script_cache, const
{
const GPOS_PosClassRule_1 *pr;
const GPOS_PosClassRule_2 *pr_2;
+ unsigned int g;
int g_count, l;
offset = GET_BE_WORD(pcs->PosClassRule[k]);
pr = (const GPOS_PosClassRule_1*)((const BYTE*)pcs+offset);
g_count = GET_BE_WORD(pr->GlyphCount);
TRACE("PosClassRule has %i glyphs classes\n",g_count);
+
+ g = glyph_index + write_dir * (g_count - 1);
+ if (g >= glyph_count)
+ continue;
+
for (l = 0; l < g_count-1; l++)
{
int g_class = OT_get_glyph_class(glyph_class_table, glyphs[glyph_index + (write_dir * (l+1))]);
More information about the wine-cvs
mailing list