diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2022-03-03 09:26:18 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2022-03-03 20:57:41 +0100 |
| commit | dd7f4acfccee6fd845050ecdc5544c1c9c78afaf (patch) | |
| tree | 61e37499ce140a97b5bf9172642a8e2437924fd2 /vcl | |
| parent | 0a1031a9ecd1502b1841bde26dde7ad51358c638 (diff) | |
ofz: Use-of-uninitialized-value
Change-Id: I358d826a1dafe345f610d26d0d517a7357c838d2
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/130909
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Diffstat (limited to 'vcl')
| -rw-r--r-- | vcl/source/fontsubset/sft.cxx | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index a413c73e7bd0..9ce05ebe0e30 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -379,7 +379,11 @@ static int GetSimpleTTOutline(AbstractTrueTypeFont const *ttf, sal_uInt32 glyphI lastPoint = t; } - sal_uInt16 instLen = GetUInt16(ptr, 10 + numberOfContours*2); + sal_uInt32 nInstLenOffset = 10 + numberOfContours * 2; + if (nInstLenOffset + 2 > nMaxGlyphSize) + return 0; + sal_uInt16 instLen = GetUInt16(ptr, nInstLenOffset); + sal_uInt32 nOffset = 10 + 2 * numberOfContours + 2 + instLen; if (nOffset > nMaxGlyphSize) return 0; |