[sbix] Check offsets before proceeding

author Behdad Esfahbod <behdad@behdad.org>

Sun, 28 Oct 2018 22:27:04 +0000 (15:27 -0700)

committer Behdad Esfahbod <behdad@behdad.org>

Mon, 29 Oct 2018 01:33:10 +0000 (18:33 -0700)
author Behdad Esfahbod <behdad@behdad.org>
Sun, 28 Oct 2018 22:27:04 +0000 (15:27 -0700)
committer Behdad Esfahbod <behdad@behdad.org>
Mon, 29 Oct 2018 01:33:10 +0000 (18:33 -0700)
diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh

index 79f79a5..91a9cb7 100644 (file)
--- a/src/hb-ot-color-sbix-table.hh
+++ b/src/hb-ot-color-sbix-table.hh
@@ -89,7 +89,8 @@ struct SBIXStrike
    {
      unsigned int sbix_len = sbix_blob->length;
      unsigned int strike_offset = (const char *) this - (const char *) sbix_blob->data;
-    if (imageOffsetsZ[glyph_id + 1] - imageOffsetsZ[glyph_id] == 0)
+    if (imageOffsetsZ[glyph_id + 1] < imageOffsetsZ[glyph_id] ||
+       imageOffsetsZ[glyph_id + 1] - imageOffsetsZ[glyph_id] <= SBIXGlyph::min_size)
        return hb_blob_get_empty ();
  
      if (strike_offset + (unsigned int) imageOffsetsZ[glyph_id] + SBIXGlyph::min_size > sbix_len)
author	Behdad Esfahbod <behdad@behdad.org>
	Sun, 28 Oct 2018 22:27:04 +0000 (15:27 -0700)
committer	Behdad Esfahbod <behdad@behdad.org>
	Mon, 29 Oct 2018 01:33:10 +0000 (18:33 -0700)