Fix for unaddressable access reading TT font data.

As part of commit 'fdo#82259 we don't actually care about the ttf version here'
the font data table pointer was incremented presumably to skip
the version number. This results in reading past the end of the array, confirmed by DrMemory.

There is no need in changing the pointer as the parsing is done using absolute offsets.
Furthermore, by moving the pointer, the parser reads incorrect fields (everything shifted 4 bytes).

However, moving the pointer had the desired side-effect (at least on Windows)
that the hints on the right side of most of the fonts were gone
for most cases (the purpose of fdo#82259).

It seems that this was accidental and not the proper fix to that issue.
This patch does make most of the hints show up again on win, and I don't have a mac
to verify if the fonts with the nonsensical hint texts still suffer the issue in fdo#82259.

Change-Id: Idf3bfa292fa063fa05e0ff62920a6bdfa4c94647
Reviewed-on: https://gerrit.libreoffice.org/14281
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>

1 files changed, 0 insertions, 1 deletions

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 921aa090b3ad..4a0f183e168f 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2788,7 +2788,6 @@ bool getTTCoverage(
     // parse OS/2 header
     if (nLength >= 58)
     {
-        pTable+=4; //skip Version
         rUnicodeRange.append(GetUInt32(pTable, 42, 1));
         rUnicodeRange.append(GetUInt32(pTable, 46, 1));
         rUnicodeRange.append(GetUInt32(pTable, 50, 1));