Skip to content

W
wine-winehq
Commit 34a9400a authored by Henri Verbeet's avatar Henri Verbeet Committed by Alexandre Julliard
Browse files
Options

usp10: Validate positioning record sequence indices in GPOS_apply_ChainContextPos().

The issue is somewhat theoretical, since in reasonbale fonts the indices should always be valid, and in fact are fairly likely to be 0. On the other hand, web fonts exist. Signed-off-by: 's avatarHenri Verbeet <hverbeet@codeweavers.com> Signed-off-by: 's avatarAric Stewart <aric@codeweavers.com> Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent a912c95d
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 3 deletions
dlls/usp10/opentype.c
View file @ 34a9400a
......@@ -2301,12 +2301,20 @@ static unsigned int GPOS_apply_ChainContextPos(const ScriptCache *script_cache,
for (k = 0; k < positioning_count; ++k)
{
WORD lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
WORD sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex) * write_dir;
unsigned int lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
unsigned int sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex);
unsigned int g = glyph_index + write_dir * sequence_index;
if (g >= glyph_count)
{
WARN("Skipping invalid sequence index %u (glyph index %u, write dir %d).\n",
sequence_index, glyph_index, write_dir);
continue;
}
TRACE("Position: %u -> %u %u.\n", k, sequence_index, lookup_index);
GPOS_apply_lookup(script_cache, otm, logfont, analysis, advance, lookup, lookup_index,
glyphs, glyph_index + sequence_index, glyph_count, goffset);
glyphs, g, glyph_count, goffset);
}
return input_count + lookahead_count;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment