31 lines
763 B
Diff
31 lines
763 B
Diff
--- xpdf-3.01/fofi/FoFiTrueType.cc 2005-08-17 07:34:30.000000000 +0200
|
|
+++ xpdf-3.01-fix/fofi/FoFiTrueType.cc 2005-08-22 12:13:04.000000000 +0200
|
|
@@ -1652,6 +1652,27 @@
|
|
return;
|
|
}
|
|
|
|
+ // make sure the loca table is sane (correct length and entries are
|
|
+ // in bounds)
|
|
+ i = seekTable("loca");
|
|
+ if (tables[i].len < (nGlyphs + 1) * (locaFmt ? 4 : 2)) {
|
|
+ parsedOk = gFalse;
|
|
+ return;
|
|
+ }
|
|
+ for (j = 0; j <= nGlyphs; ++j) {
|
|
+ if (locaFmt) {
|
|
+ pos = (int)getU32BE(tables[i].offset + j*4, &parsedOk);
|
|
+ } else {
|
|
+ pos = getU16BE(tables[i].offset + j*2, &parsedOk);
|
|
+ }
|
|
+ if (pos < 0 || pos > len) {
|
|
+ parsedOk = gFalse;
|
|
+ }
|
|
+ }
|
|
+ if (!parsedOk) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
// read the post table
|
|
readPostTable();
|
|
}
|