ofz: Use-of-uninitialized-value

Change-Id: I358d826a1dafe345f610d26d0d517a7357c838d2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130854 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Tested-by: Jenkins
author: Caolán McNamara <caolanm@redhat.com> 2022-03-03 09:26:18 +0000
committer: Caolán McNamara <caolanm@redhat.com> 2022-03-03 16:29:33 +0100
commit: a8234d497011a5b045ce263652f1465cab14e708 (patch)
tree: 8646889e3092b7812d49feb24b06853ff76df9e5 /vcl
parent: cacd63f0a45b7edb2b72a4b7cde5e208725bcc09 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 124b4f249655..9a9163a6787c 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -378,7 +378,11 @@ static int GetSimpleTTOutline(AbstractTrueTypeFont const *ttf, sal_uInt32 glyphI
             lastPoint = t;
     }
 
-    sal_uInt16 instLen = GetUInt16(ptr, 10 + numberOfContours*2);
+    sal_uInt32 nInstLenOffset = 10 + numberOfContours * 2;
+    if (nInstLenOffset + 2 > nMaxGlyphSize)
+        return 0;
+    sal_uInt16 instLen = GetUInt16(ptr, nInstLenOffset);
+
     sal_uInt32 nOffset = 10 + 2 * numberOfContours + 2 + instLen;
     if (nOffset > nMaxGlyphSize)
         return 0;
author	Caolán McNamara <caolanm@redhat.com>	2022-03-03 09:26:18 +0000
committer	Caolán McNamara <caolanm@redhat.com>	2022-03-03 16:29:33 +0100
commit	a8234d497011a5b045ce263652f1465cab14e708 (patch)
tree	8646889e3092b7812d49feb24b06853ff76df9e5 /vcl
parent	cacd63f0a45b7edb2b72a4b7cde5e208725bcc09 (diff)