On Fri, Sep 04, 2015 at 10:28:50PM -0600, Erich E. Hoover wrote:

• size = GetFontData(hdc, MS_MAKE_TAG('p','o','s','t'), 0, NULL, 0);
• if(size == 0 || size == GDI_ERROR)

•    return;
  

Here you'll want to check that size >= sizeof(*post_header).

In the 2nd patch you don't check that this size includes numberOfGlyphs.

In the 3rd patch the size checks are repeated three times, it should be possible to simplify that.

Huw.