From d4aef6a074bedb42ab9c400b5f998dd79bc57d00 Mon Sep 17 00:00:00 2001 From: rsc Date: Thu, 12 May 2005 16:55:14 +0000 Subject: handle arbitrary length names in subfontname. handle overflow in offset computation in font.c --- src/libdraw/font.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/libdraw/font.c') diff --git a/src/libdraw/font.c b/src/libdraw/font.c index d7a93545..7aa649e8 100644 --- a/src/libdraw/font.c +++ b/src/libdraw/font.c @@ -177,7 +177,7 @@ int loadchar(Font *f, Rune r, Cacheinfo *c, int h, int noflush, char **subfontname) { int i, oi, wid, top, bottom; - Rune pic; + int pic; /* need >16 bits for adding offset below */ Fontchar *fi; Cachefont *cf; Cachesubf *subf, *of; @@ -270,10 +270,12 @@ loadchar(Font *f, Rune r, Cacheinfo *c, int h, int noflush, char **subfontname) Found2: subf->age = f->age; + /* possible overflow here, but works out okay */ pic += cf->offset; - if(pic-cf->min >= subf->f->n) + pic -= cf->min; + if(pic >= subf->f->n) goto TryPJW; - fi = &subf->f->info[pic - cf->min]; + fi = &subf->f->info[pic]; if(fi->width == 0) goto TryPJW; wid = (fi+1)->x - fi->x; -- cgit v1.2.3