Because FT_Load_Glyph expects CID values for CID-keyed fonts, the
test for a valid glyph index must be deferred to the font drivers.
This patch fixes Savannah bug #18301.
* src/base/ftobjs.c (FT_Load_Glyph): Don't check `glyph_index'.
* src/bdf/bdfdrivr.c (BDF_Glyph_Load), src/cff/cffgload.c
(cff_slot_load), src/cid/cidgload.c (cid_slot_load_glyph),
src/pcf/pcfdrivr.c (PCF_Glyph_Load), src/pfr/pfrobjs.c
(pfr_slot_load), src/truetype/ttdriver.c (Load_Glyph),
src/type1/t1gload.c (T1_Load_Glyph), src/winfonts/winfnt.c
(FNT_Load_Glyph): Check validity of `glyph_index'.
diff --git a/src/type1/t1gload.c b/src/type1/t1gload.c
index 7012b4a..e08a428 100644
--- a/src/type1/t1gload.c
+++ b/src/type1/t1gload.c
@@ -225,6 +225,12 @@
#endif
+ if ( glyph_index >= (FT_UInt)face->root.num_glyphs )
+ {
+ error = T1_Err_Invalid_Argument;
+ goto Exit;
+ }
+
FT_ASSERT( ( face->len_buildchar == 0 ) == ( face->buildchar == NULL ) );
if ( load_flags & FT_LOAD_NO_RECURSE )