[OTS] Allow empty Private DICT inside CFF data
BUG=chromium:112414
TEST=ran test_{un,}malicious_fonts.sh
Review URL: https://chromiumcodereview.appspot.com/9447013
git-svn-id: http://ots.googlecode.com/svn/trunk@81 a4e77c2c-9104-11de-800e-5b313e0d2bf3
diff --git a/src/cff.cc b/src/cff.cc
index 73fc233..a3931de 100644
--- a/src/cff.cc
+++ b/src/cff.cc
@@ -760,14 +760,13 @@
return OTS_FAILURE();
}
const uint32_t private_length = operands.back().first;
- if (private_offset >= table_length) {
+ if (private_offset > table_length) {
return OTS_FAILURE();
}
if (private_length >= table_length) {
return OTS_FAILURE();
}
if (private_length + private_offset > table_length) {
- // does not overflow since table_length < 1GB
return OTS_FAILURE();
}
// parse "15. Private DICT Data"