shithub: freetype+ttf2subf

Download patch

ref: 53dfdcd8198d2b3201a23c4bad9190519ba918db
parent: 1e2eb65048f75c64b68708efed6ce904c31f3b2f
author: Werner Lemberg <wl@gnu.org>
date: Thu Mar 17 15:24:16 EDT 2022 

[sfnt] Avoid invalid face index.

Fixes #1138.

* src/sfnt/sfobjs.c (sfnt_init_face), src/sfnt/sfwoff2.c (woff2_open_font):
Check `face_index` before decrementing.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/src/sfnt/sfobjs.c
+++ b/src/sfnt/sfobjs.c
@@ -566,7 +566,7 @@
     face_index = FT_ABS( face_instance_index ) & 0xFFFF;
 
     /* value -(N+1) requests information on index N */
-    if ( face_instance_index < 0 )
+    if ( face_instance_index < 0 && face_index > 0 )
       face_index--;
 
     if ( face_index >= face->ttc_header.count )
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@@ -2085,7 +2085,7 @@
     /* Validate requested face index. */
     *num_faces = woff2.num_fonts;
     /* value -(N+1) requests information on index N */
-    if ( *face_instance_index < 0 )
+    if ( *face_instance_index < 0 && face_index > 0 )
       face_index--;
 
     if ( face_index >= woff2.num_fonts )