[PATCH 3/5] usp10: Range check glyph counts in GPOS_apply_ContextPos().
Henri Verbeet
hverbeet at codeweavers.com
Mon Apr 17 13:26:58 CDT 2017
Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
---
dlls/usp10/opentype.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
index 2cca0cb..ec425a1 100644
--- a/dlls/usp10/opentype.c
+++ b/dlls/usp10/opentype.c
@@ -2166,12 +2166,18 @@ static unsigned int GPOS_apply_ContextPos(const ScriptCache *script_cache, const
{
const GPOS_PosClassRule_1 *pr;
const GPOS_PosClassRule_2 *pr_2;
+ unsigned int g;
int g_count, l;
offset = GET_BE_WORD(pcs->PosClassRule[k]);
pr = (const GPOS_PosClassRule_1*)((const BYTE*)pcs+offset);
g_count = GET_BE_WORD(pr->GlyphCount);
TRACE("PosClassRule has %i glyphs classes\n",g_count);
+
+ g = glyph_index + write_dir * (g_count - 1);
+ if (g >= glyph_count)
+ continue;
+
for (l = 0; l < g_count-1; l++)
{
int g_class = OT_get_glyph_class(glyph_class_table, glyphs[glyph_index + (write_dir * (l+1))]);
--
2.1.4
More information about the wine-patches
mailing list