[freetype2] master 3d083fc: * src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo.

[Werner LEMBERG]

branch: master
commit 3d083fc213c7df18662e1c452b2f8ad56bfa2c4c
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    * src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo.
    
    Also improve tracing message.
    
    Problem reported as
    
      https://bugs.chromium.org/p/chromium/issues/detail?id=738919
---
 ChangeLog              | 10 ++++++++++
 src/truetype/ttpload.c |  8 ++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index fc9efa8..708c71a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2017-07-12  Werner Lemberg  <address@hidden>
+
+       * src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo.
+
+       Also improve tracing message.
+
+       Problem reported as
+
+         https://bugs.chromium.org/p/chromium/issues/detail?id=738919
+
 2017-07-07  Werner Lemberg  <address@hidden>
 
        [cff] Integer overflow.
diff --git a/src/truetype/ttpload.c b/src/truetype/ttpload.c
index 70ac15d..bcf6b34 100644
--- a/src/truetype/ttpload.c
+++ b/src/truetype/ttpload.c
@@ -247,13 +247,13 @@
     if ( pos2 > face->glyf_len )
     {
       /* We try to sanitize the last `loca' entry. */
-      if ( gindex == face->num_locations - 1 )
+      if ( gindex == face->num_locations - 2 )
       {
         FT_TRACE1(( "tt_face_get_location:"
-                    " too large offset (0x%08lx) found for glyph index %ld,\n"
+                    " too large size (%ld bytes) found for glyph index %ld,\n"
                     "                     "
-                    " truncating at the end of `glyf' table (0x%08lx)\n",
-                    pos2, gindex + 1, face->glyf_len ));
+                    " truncating at the end of `glyf' table to %ld bytes\n",
+                    pos2 - pos1, gindex, face->glyf_len - pos1 ));
         pos2 = face->glyf_len;
       }
       else