* src/truetype/ttinterp.c (TT_RunIns): Use `FT_OFFSET'.

Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1030614
5 years ago · dfc9a049de
parent 551bd3a90e
commit dfc9a049de
2 changed files with 9 additions and 1 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+2019-12-05  Werner Lemberg  <wl@gnu.org>
+
+	* src/truetype/ttinterp.c (TT_RunIns): Use `FT_OFFSET'.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/chromium/issues/detail?id=1030614
+
 2019-12-03  Werner Lemberg  <wl@gnu.org>

 	More nullptr offset UBSan warnings (#57331, #57347).
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@ -8567,7 +8567,7 @@
        case FT_ERR( Invalid_Opcode ):
          {
            TT_DefRecord*  def   = exc->IDefs;
-            TT_DefRecord*  limit = def + exc->numIDefs;
+            TT_DefRecord*  limit = FT_OFFSET( def, exc->numIDefs );


            for ( ; def < limit; def++ )