1*e042adb5Struckman--- misc/silgraphite-2.3.1/engine/src/font/TtfUtil.cpp 2009-01-29 08:33:19 UTC 2*e042adb5Struckman+++ misc/build/silgraphite-2.3.1/engine/src/font/TtfUtil.cpp 2016-03-17 00:06:29 UTC 3*e042adb5Struckman@@ -1106,7 +1106,7 @@ size_t LocaLookup(gr::gid16 nGlyphId, 4*e042adb5Struckman // CheckTable verifies the index_to_loc_format is valid 5*e042adb5Struckman if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::ShortIndexLocFormat) 6*e042adb5Struckman { // loca entries are two bytes and have been divided by two 7*e042adb5Struckman- if (nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed 8*e042adb5Struckman+ if (lLocaSize >= 2 && nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed 9*e042adb5Struckman { 10*e042adb5Struckman const uint16 * pTable = reinterpret_cast<const uint16 *>(pLoca); 11*e042adb5Struckman return (read(pTable[nGlyphId]) << 1); 12*e042adb5Struckman@@ -1115,7 +1115,7 @@ size_t LocaLookup(gr::gid16 nGlyphId, 13*e042adb5Struckman 14*e042adb5Struckman if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::LongIndexLocFormat) 15*e042adb5Struckman { // loca entries are four bytes 16*e042adb5Struckman- if (nGlyphId <= (lLocaSize >> 2) - 1) 17*e042adb5Struckman+ if (lLocaSize >= 4 && nGlyphId <= (lLocaSize >> 2) - 1) 18*e042adb5Struckman { 19*e042adb5Struckman const uint32 * pTable = reinterpret_cast<const uint32 *>(pLoca); 20*e042adb5Struckman return read(pTable[nGlyphId]); 21