diff options
author | Matthias Clasen <mclasen@redhat.com> | 2023-05-02 03:40:13 +0000 |
---|---|---|
committer | Matthias Clasen <mclasen@redhat.com> | 2023-05-02 03:40:13 +0000 |
commit | b446637f4a4cbc8018151d1a7186644cdcad8455 (patch) | |
tree | 2666321001522ffff439179d0db5ef1bf380b12e | |
parent | c27adf341e7da5c33b2c05f78fb997339b2e2625 (diff) | |
parent | b067284615c7e1334ef74a645853e401cb949e33 (diff) | |
download | pango-b446637f4a4cbc8018151d1a7186644cdcad8455.tar.gz |
Merge branch 'check-length-of-font-table' into 'main'
DWrite: Check length of the font table
See merge request GNOME/pango!689
-rw-r--r-- | pango/pangowin32-dwrite-fontmap.cpp | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/pango/pangowin32-dwrite-fontmap.cpp b/pango/pangowin32-dwrite-fontmap.cpp index 2db0972a..7e712b57 100644 --- a/pango/pangowin32-dwrite-fontmap.cpp +++ b/pango/pangowin32-dwrite-fontmap.cpp @@ -512,22 +512,30 @@ pango_win32_dwrite_font_check_is_hinted (PangoWin32Font *font) &table_ctx, &exists))) { - if (exists) + if (exists && table_size > 4) { guint16 version = DWRITE_NEXT_USHORT (table_data); if (version == 0 || version == 1) { guint16 num_ranges = DWRITE_NEXT_USHORT (table_data); - guint16 i; + UINT32 max_ranges = (table_size - 4) / (sizeof (guint16) * 2); + guint16 i = 0; - for (i = 0; !result && i < num_ranges && i < (table_size / sizeof (guint16)); i ++) + if (num_ranges > max_ranges) + num_ranges = max_ranges; + + for (i = 0; i < num_ranges; i++) { + G_GNUC_UNUSED guint16 ppem = DWRITE_NEXT_USHORT (table_data); guint16 behavior = DWRITE_NEXT_USHORT (table_data); if (behavior & (GASP_GRIDFIT | GASP_SYMMETRIC_GRIDFIT)) - result = TRUE; + { + result = TRUE; + break; + } } } } |