[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
master a5c79499e3e 3/3: Fix crash when reading TTC font for glyph mappin
|
From: |
Po Lu |
|
Subject: |
master a5c79499e3e 3/3: Fix crash when reading TTC font for glyph mapping table selection |
|
Date: |
Wed, 9 Aug 2023 21:00:48 -0400 (EDT) |
branch: master
commit a5c79499e3ef9723504e36af3ba7b98435501166
Author: Po Lu <luangruo@yahoo.com>
Commit: Po Lu <luangruo@yahoo.com>
Fix crash when reading TTC font for glyph mapping table selection
* src/sfnt.c (sfnt_read_cmap_table): Seek to the table directory
if DESC->offset is provided.
* src/sfntfont.c (sfntfont_read_cmap): Accurately verify cmap
subtable header size. (bug#65185)
---
src/sfnt.c | 2 +-
src/sfntfont.c | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/src/sfnt.c b/src/sfnt.c
index 876db70bcda..8ccb672c5d5 100644
--- a/src/sfnt.c
+++ b/src/sfnt.c
@@ -1006,7 +1006,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable
*subtable,
/* Read the common part of the new subtable. */
rc = read (fd, &(*subtables)[i], sizeof (*subtables)[i]);
- if (rc < sizeof (*subtables))
+ if (rc < sizeof (*subtables)[i])
{
xfree (cmap);
xfree (*subtables);
diff --git a/src/sfntfont.c b/src/sfntfont.c
index 6927b185721..22e7f0e3832 100644
--- a/src/sfntfont.c
+++ b/src/sfntfont.c
@@ -1341,9 +1341,22 @@ sfntfont_read_cmap (struct sfnt_font_desc *desc,
if (fd < 0)
return;
+ /* Seek to the start of the font itself within its collection. */
+
+ if (desc->offset
+ && lseek (fd, desc->offset, SEEK_SET) != desc->offset)
+ {
+ emacs_close (fd);
+ return;
+ }
+
font = sfnt_read_table_directory (fd);
- if (!font)
+ /* Return if FONT is a TrueType collection: the file pointer should
+ already have been moved to the start of the table directory if
+ so. */
+
+ if (!font || font == (struct sfnt_offset_subtable *) -1)
{
emacs_close (fd);
return;