From: Nikolay Sivov <nsivov@codeweavers.com>
Subject: [PATCH] usp10: Ignore device tables with invalid delta format
Message-Id: <20170219233639.23194-1-nsivov@codeweavers.com>
Date: Mon, 20 Feb 2017 02:36:39 +0300

Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
---

Fixes https://bugs.winehq.org/show_bug.cgi?id=42487

 dlls/usp10/opentype.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
index a9aa4f4ac6..0ce01e5418 100644
--- a/dlls/usp10/opentype.c
+++ b/dlls/usp10/opentype.c
@@ -1479,10 +1479,18 @@ static INT GPOS_get_device_table_value(const OT_DeviceTable *DeviceTable, WORD p
     static const WORD mask[3] = {3,0xf,0xff};
     if (DeviceTable && ppem >= GET_BE_WORD(DeviceTable->StartSize) && ppem  <= GET_BE_WORD(DeviceTable->EndSize))
     {
-        int format = GET_BE_WORD(DeviceTable->DeltaFormat);
+        WORD format = GET_BE_WORD(DeviceTable->DeltaFormat);
         int index = ppem - GET_BE_WORD(DeviceTable->StartSize);
         int value;
-        TRACE("device table, format %i, index %i\n",format, index);
+
+        TRACE("device table, format %#x, index %i\n", format, index);
+
+        if (format & ~0x3)
+        {
+            WARN("invalid delta format %#x\n", format);
+            return 0;
+        }
+
         index = index << format;
         value = (DeviceTable->DeltaValue[index/sizeof(WORD)] << (index%sizeof(WORD)))&mask[format-1];
         TRACE("offset %i, value %i\n",index, value);

-- 
2.11.0