ReceiveTempSMS
/
Al-Qurtas-Islamic-bank-The-Best-Bank-in-Iraq
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[truetype] Another GX sanity test. 

* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Check
`tupleCount'.
Add tracing message.
This commit is contained in:
Werner Lemberg 2015-10-13 08:24:32 +02:00
parent 7ef0d8661a
commit 052f6c5649
2 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
2015-10-13 Werner Lemberg <wl@gnu.org>
[truetype] Another GX sanity test.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Check
`tupleCount'.
Add tracing message.
2015-10-13 Werner Lemberg <wl@gnu.org>
[truetype] Fix memory leak for broken GX fonts (#46188).

17
src/truetype/ttgxvar.c
View File

@ -1864,7 +1864,19 @@
goto Fail2;
tupleCount = FT_GET_USHORT();
offsetToData = glyph_start + FT_GET_USHORT();
offsetToData = FT_GET_USHORT();
/* rough sanity test */
if ( offsetToData + tupleCount * 4 > stream->size - stream->pos )
{
FT_TRACE2(( "TT_Vary_Apply_Glyph_Deltas:"
" invalid glyph variation array header\n" ));
error = FT_THROW( Invalid_Table );
goto Fail2;
}
offsetToData += glyph_start;
if ( tupleCount & GX_TC_TUPLES_SHARE_POINT_NUMBERS )
{
@ -1901,6 +1913,9 @@
}
else if ( ( tupleIndex & GX_TI_TUPLE_INDEX_MASK ) >= blend->tuplecount )
{
FT_TRACE2(( "TT_Vary_Apply_Glyph_Deltas:"
" invalid tuple index\n" ));
error = FT_THROW( Invalid_Table );
goto Fail2;
}