From 9a8fb30c20d6391517324451bef869891551f114 Mon Sep 17 00:00:00 2001
From: Nigel Tao <nigeltao@golang.org>
Date: Mon, 7 May 2012 09:37:34 +1000
Subject: [PATCH] freetype: remove arbitrary 1<<24 limit on ttf file size.

I'm not sure why I put that limit in in the first place. I can't find
that limit in either the C Freetype code or the TTF spec.

R=bradfitz
CC=golang-dev
http://codereview.appspot.com/6201043
---
 freetype/truetype/truetype.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/freetype/truetype/truetype.go b/freetype/truetype/truetype.go
index 28f2859..8c0eb03 100644
--- a/freetype/truetype/truetype.go
+++ b/freetype/truetype/truetype.go
@@ -80,14 +80,18 @@ func (d *data) skip(n int) {
 func readTable(ttf []byte, offsetLength []byte) ([]byte, error) {
 	d := data(offsetLength)
 	offset := int(d.u32())
-	if offset < 0 || offset > 1<<24 || offset > len(ttf) {
-		return nil, FormatError(fmt.Sprintf("offset too large: %d", offset))
+	if offset < 0 {
+		return nil, FormatError(fmt.Sprintf("offset too large: %d", uint32(offset)))
 	}
 	length := int(d.u32())
-	if length < 0 || length > 1<<24 || offset+length > len(ttf) {
-		return nil, FormatError(fmt.Sprintf("length too large: %d", length))
+	if length < 0 {
+		return nil, FormatError(fmt.Sprintf("length too large: %d", uint32(length)))
 	}
-	return ttf[offset : offset+length], nil
+	end := offset + length
+	if end < 0 || end > len(ttf) {
+		return nil, FormatError(fmt.Sprintf("offset + length too large: %d", uint32(offset)+uint32(length)))
+	}
+	return ttf[offset:end], nil
 }
 
 const (