From: Aric Stewart <aric@codeweavers.com>
Subject: Re: [PATCH] usp10: Ignore device tables with invalid delta format
Message-Id: <3387ee56-ea8a-a3bd-ab79-fd19d4b98d84@codeweavers.com>
Date: Tue, 21 Feb 2017 07:08:33 -0600
In-Reply-To: <20170219233639.23194-1-nsivov@codeweavers.com>
References: <20170219233639.23194-1-nsivov@codeweavers.com>

Signed-off-by: Aric Stewart <aric@codeweavers.com>

On 2/19/17 5:36 PM, Nikolay Sivov wrote:
> Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>
> ---
> 
> Fixes https://bugs.winehq.org/show_bug.cgi?id=42487
> 
>  dlls/usp10/opentype.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
> index a9aa4f4ac6..0ce01e5418 100644
> --- a/dlls/usp10/opentype.c
> +++ b/dlls/usp10/opentype.c
> @@ -1479,10 +1479,18 @@ static INT GPOS_get_device_table_value(const OT_DeviceTable *DeviceTable, WORD p
>      static const WORD mask[3] = {3,0xf,0xff};
>      if (DeviceTable && ppem >= GET_BE_WORD(DeviceTable->StartSize) && ppem  <= GET_BE_WORD(DeviceTable->EndSize))
>      {
> -        int format = GET_BE_WORD(DeviceTable->DeltaFormat);
> +        WORD format = GET_BE_WORD(DeviceTable->DeltaFormat);
>          int index = ppem - GET_BE_WORD(DeviceTable->StartSize);
>          int value;
> -        TRACE("device table, format %i, index %i\n",format, index);
> +
> +        TRACE("device table, format %#x, index %i\n", format, index);
> +
> +        if (format & ~0x3)
> +        {
> +            WARN("invalid delta format %#x\n", format);
> +            return 0;
> +        }
> +
>          index = index << format;
>          value = (DeviceTable->DeltaValue[index/sizeof(WORD)] << (index%sizeof(WORD)))&mask[format-1];
>          TRACE("offset %i, value %i\n",index, value);
>