From 6027c7575bc7b8821a60bad3b70c237cae69ed72 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Fri, 21 Nov 2014 10:19:53 +0000
Subject: coverity#1213370 rework to make comparison to rec[i].slen more clear

Change-Id: I13ff12f0023b2752ea40cbf941350ca4c7dc7f78
---
 vcl/source/fontsubset/sft.cxx | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 4cdb95c3d766..2d52a19eed60 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2716,9 +2716,11 @@ int GetTTNameRecords(TrueTypeFont *ttf, NameRecord **nr)
                 continue;
             }
 
-            const  sal_uInt8* rec_string = table + nStrBase + nStrOffset;
+            const sal_uInt8* rec_string = table + nStrBase + nStrOffset;
             // sanity check
-            if( rec_string > (sal_uInt8*)ttf->ptr && rec_string < ((sal_uInt8*)ttf->ptr + ttf->fsize - rec[i].slen ) )
+            const sal_uInt8* end_table = ttf->ptr + ttf->fsize;
+            const size_t available_space = rec_string > end_table ? 0 : (end_table - rec_string);
+            if (rec[i].slen <= available_space)
             {
                 rec[i].sptr = (sal_uInt8 *) malloc(rec[i].slen); assert(rec[i].sptr != 0);
                 memcpy(rec[i].sptr, rec_string, rec[i].slen);
-- 
cgit