1--- misc/silgraphite-2.3.1/engine/src/font/TtfUtil.cpp 2009-01-29 08:33:19 UTC 2+++ misc/build/silgraphite-2.3.1/engine/src/font/TtfUtil.cpp 2016-03-17 00:06:29 UTC 3@@ -1106,7 +1106,7 @@ size_t LocaLookup(gr::gid16 nGlyphId, 4 // CheckTable verifies the index_to_loc_format is valid 5 if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::ShortIndexLocFormat) 6 { // loca entries are two bytes and have been divided by two 7- if (nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed 8+ if (lLocaSize >= 2 && nGlyphId <= (lLocaSize >> 1) - 1) // allow sentinel value to be accessed 9 { 10 const uint16 * pTable = reinterpret_cast<const uint16 *>(pLoca); 11 return (read(pTable[nGlyphId]) << 1); 12@@ -1115,7 +1115,7 @@ size_t LocaLookup(gr::gid16 nGlyphId, 13 14 if (read(pTable->index_to_loc_format) == Sfnt::FontHeader::LongIndexLocFormat) 15 { // loca entries are four bytes 16- if (nGlyphId <= (lLocaSize >> 2) - 1) 17+ if (lLocaSize >= 4 && nGlyphId <= (lLocaSize >> 2) - 1) 18 { 19 const uint32 * pTable = reinterpret_cast<const uint32 *>(pLoca); 20 return read(pTable[nGlyphId]); 21