truetype: reserve space in subset arrays for .notdef

Subset array sizes are allocated based on the number of glyphs in the font. In this bug the fonts did not contain the mandatory .notdef glyph, hence the subset arrays were not large enough. https://bugs.freedesktop.org/show_bug.cgi?id=102922
2026-05-01 05:37:59 +02:00 · 2017-09-22 20:10:10 +09:30 · 2017-09-22 20:10:10 +09:30 · 6491b686be
commit 6491b686be
parent 6b6926239d
1 changed files with 8 additions and 3 deletions
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@ -202,13 +202,17 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
    if (unlikely (status))
 	goto fail1;

-    font->glyphs = calloc (font->num_glyphs_in_face + 1, sizeof (subset_glyph_t));
+    /* Add 2: +1 case font does not contain .notdef, and +1 because an extra
+     * entry is required to contain the end location of the last glyph.
+     */
+    font->glyphs = calloc (font->num_glyphs_in_face + 2, sizeof (subset_glyph_t));
    if (unlikely (font->glyphs == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto fail1;
    }

-    font->parent_to_subset = calloc (font->num_glyphs_in_face, sizeof (int));
+    /* Add 1 in case font does not contain .notdef */
+    font->parent_to_subset = calloc (font->num_glyphs_in_face + 1, sizeof (int));
    if (unlikely (font->parent_to_subset == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto fail2;
@ -247,7 +251,8 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
                 scaled_font_subset->subset_id);
    }

-    font->base.widths = calloc (font->num_glyphs_in_face, sizeof (int));
+    /* Add 1 in case font does not contain .notdef */
+    font->base.widths = calloc (font->num_glyphs_in_face + 1, sizeof (int));
    if (unlikely (font->base.widths == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto fail4;