* src/pcf/pcfread.c (pcf_get_encodings): Another thinko.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9608
author: Werner Lemberg <wl@gnu.org> 2018-07-29 10:22:59 +0200
committer: Werner Lemberg <wl@gnu.org> 2018-07-29 10:22:59 +0200
commit: 00968d8fd62105061d92e69b5ccd44077a5a6a9f (patch)
tree: ad7f7a7024337515f13130506c961901d57ac64b
parent: 0f8aebfd5138590fdbbea92ffdec17f6030ba7fc (diff)
download: freetype2-00968d8fd62105061d92e69b5ccd44077a5a6a9f.tar.gz
2 files changed, 10 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index f814bf4d6..578d00996 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-07-29  Werner Lemberg  <wl@gnu.org>
+
+	* src/pcf/pcfread.c (pcf_get_encodings): Another thinko.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9608
+
 2018-07-28  Alexei Podtelezhnikov  <apodtele@gmail.com>
 
 	[smooth] Fix Harmony memory management.
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index 5cf2861d4..69a4b15d0 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -1054,7 +1054,8 @@ THE SOFTWARE.
     /* `stream->cursor' still points at the beginning of the frame; */
     /* we can thus easily get the offset to the default character   */
     pos = stream->cursor +
-            2 * ( ( defaultCharRow - (FT_UShort)firstRow ) * 256 +
+            2 * ( ( defaultCharRow - (FT_UShort)firstRow ) *
+                    ( lastCol - firstCol + 1 ) +
                   defaultCharCol - (FT_UShort)firstCol );
 
     if ( PCF_BYTE_ORDER( format ) == MSBFirst )
author	Werner Lemberg <wl@gnu.org>	2018-07-29 10:22:59 +0200
committer	Werner Lemberg <wl@gnu.org>	2018-07-29 10:22:59 +0200
commit	00968d8fd62105061d92e69b5ccd44077a5a6a9f (patch)
tree	ad7f7a7024337515f13130506c961901d57ac64b
parent	0f8aebfd5138590fdbbea92ffdec17f6030ba7fc (diff)
download	freetype2-00968d8fd62105061d92e69b5ccd44077a5a6a9f.tar.gz