!17 CVE漏洞修复

Merge pull request !17 from sunman4/OpenHarmony-3.0-LTS

src/base/ftobjs.c

@@ -3264,6 +3264,9 @@
     if ( !face )
       return FT_THROW( Invalid_Face_Handle );
 
+    if ( !face->size )
+      return FT_THROW( Invalid_Size_Handle );
+	
     if ( !req || req->width < 0 || req->height < 0 ||
          req->type >= FT_SIZE_REQUEST_TYPE_MAX )
       return FT_THROW( Invalid_Argument );

src/sfnt/sfobjs.c

@@ -553,7 +553,7 @@
     face_index = FT_ABS( face_instance_index ) & 0xFFFF;
 
     /* value -(N+1) requests information on index N */
-    if ( face_instance_index < 0 )
+    if ( face_instance_index < 0 && face_index > 0)
       face_index--;
 
     if ( face_index >= face->ttc_header.count )

src/sfnt/sfwoff2.c

@@ -2098,7 +2098,7 @@
     /* Validate requested face index. */
     *num_faces = woff2.num_fonts;
     /* value -(N+1) requests information on index N */
-    if ( *face_instance_index < 0 )
+    if ( *face_instance_index < 0 && face_index > 0)
       face_index--;
 
     if ( face_index >= woff2.num_fonts )