Bug 1324379 - Fix cairo_cff_font_write_cid_fontdict array output. r=jrmuizel, a=jcristau
authorLee Salzman <lsalzman@mozilla.com>
Mon, 19 Dec 2016 14:12:58 -0500
changeset 375683 e35c1d17cc9ba97e680551fe291909fa0e2da96f
parent 375682 d4a9c3ed6ed9db6ba9038574c833a7d198ea2385
child 375684 cceb7f61ef17d0c10d42f4e4a9820d40cc46528d
push id6996
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 20:48:21 +0000
treeherdermozilla-beta@d89512dab048 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjrmuizel, jcristau
bugs1324379
milestone53.0a2
Bug 1324379 - Fix cairo_cff_font_write_cid_fontdict array output. r=jrmuizel, a=jcristau MozReview-Commit-ID: DVMOpNLmY6D
gfx/cairo/cairo/src/cairo-cff-subset.c
--- a/gfx/cairo/cairo/src/cairo-cff-subset.c
+++ b/gfx/cairo/cairo/src/cairo-cff-subset.c
@@ -1461,42 +1461,49 @@ cairo_cff_font_write_charstrings (cairo_
     return cff_index_write (&font->charstrings_subset_index, &font->output);
 }
 
 static cairo_status_t
 cairo_cff_font_write_cid_fontdict (cairo_cff_font_t *font)
 {
     unsigned int i;
     cairo_int_status_t status;
-    uint32_t *offset_array;
+    unsigned int offset_array;
+    uint32_t *offset_array_ptr;
     int offset_base;
     uint16_t count;
     uint8_t offset_size = 4;
 
     cairo_cff_font_set_topdict_operator_to_cur_pos (font, FDARRAY_OP);
     count = cpu_to_be16 (font->num_subset_fontdicts);
     status = _cairo_array_append_multiple (&font->output, &count, sizeof (uint16_t));
     if (unlikely (status))
         return status;
     status = _cairo_array_append (&font->output, &offset_size);
     if (unlikely (status))
         return status;
+
+    offset_array = _cairo_array_num_elements (&font->output);
     status = _cairo_array_allocate (&font->output,
                                     (font->num_subset_fontdicts + 1)*offset_size,
-                                    (void **) &offset_array);
+                                    (void **) &offset_array_ptr);
     if (unlikely (status))
         return status;
     offset_base = _cairo_array_num_elements (&font->output) - 1;
-    *offset_array++ = cpu_to_be32(1);
+    *offset_array_ptr = cpu_to_be32(1);
+    offset_array += sizeof(uint32_t);
     for (i = 0; i < font->num_subset_fontdicts; i++) {
         status = cff_dict_write (font->fd_dict[font->fd_subset_map[i]],
                                  &font->output);
         if (unlikely (status))
             return status;
-        *offset_array++ = cpu_to_be32(_cairo_array_num_elements (&font->output) - offset_base);
+
+	offset_array_ptr = (uint32_t *) _cairo_array_index (&font->output, offset_array);
+        *offset_array_ptr = cpu_to_be32(_cairo_array_num_elements (&font->output) - offset_base);
+	offset_array += sizeof(uint32_t);
     }
 
     return CAIRO_STATUS_SUCCESS;
 }
 
 static cairo_status_t
 cairo_cff_font_write_private_dict (cairo_cff_font_t   *font,
                                    int                 dict_num,