From d7eb534e59064633732959c3771b6557cc97005e Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Sun, 28 Oct 2018 15:27:04 -0700 Subject: [PATCH] [sbix] Check offsets before proceeding --- src/hb-ot-color-sbix-table.hh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/hb-ot-color-sbix-table.hh b/src/hb-ot-color-sbix-table.hh index 79f79a5af..91a9cb71a 100644 --- a/src/hb-ot-color-sbix-table.hh +++ b/src/hb-ot-color-sbix-table.hh @@ -89,7 +89,8 @@ struct SBIXStrike { unsigned int sbix_len = sbix_blob->length; unsigned int strike_offset = (const char *) this - (const char *) sbix_blob->data; - if (imageOffsetsZ[glyph_id + 1] - imageOffsetsZ[glyph_id] == 0) + if (imageOffsetsZ[glyph_id + 1] < imageOffsetsZ[glyph_id] || + imageOffsetsZ[glyph_id + 1] - imageOffsetsZ[glyph_id] <= SBIXGlyph::min_size) return hb_blob_get_empty (); if (strike_offset + (unsigned int) imageOffsetsZ[glyph_id] + SBIXGlyph::min_size > sbix_len)