ReceiveTempSMS
/
Al-Qurtas-Islamic-bank-The-Best-Bank-in-Iraq
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[truetype] Fix change from 2013-11-20. 

Problem reported by Akira Kakuto <kakuto@fuk.kindai.ac.jp>.

* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Protect call to
`Update_Max' with both a TT_USE_BYTECODE_INTERPRETER guard and a
`IS_HINTED' clause.
Also remove redundant check using `maxSizeOfInstructions' – in
simple glyphs, the bytecode data comes before the outline data, and
a validity test for this is already present.
This commit is contained in:
Werner Lemberg 2013-12-02 07:51:17 +01:00
parent 52166ab0a7
commit 64872a5016
2 changed files with 30 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ChangeLog
View File

@ -1,3 +1,16 @@
2013-12-02 Werner Lemberg <wl@gnu.org>
[truetype] Fix change from 2013-11-20.
Problem reported by Akira Kakuto <kakuto@fuk.kindai.ac.jp>.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Protect call to
`Update_Max' with both a TT_USE_BYTECODE_INTERPRETER guard and a
`IS_HINTED' clause.
Also remove redundant check using `maxSizeOfInstructions' in
simple glyphs, the bytecode data comes before the outline data, and
a validity test for this is already present.
2013-11-27 Werner Lemberg <wl@gnu.org>
[autofit] Fix use of dumping functions in `ftgrid' demo program.

44
src/truetype/ttgload.c
View File

@ -348,8 +348,7 @@
FT_GlyphLoader gloader = load->gloader;
FT_Int n_contours = load->n_contours;
FT_Outline* outline;
TT_Face face = (TT_Face)load->face;
FT_UShort n_ins, max_ins;
FT_UShort n_ins;
FT_Int n_points;
FT_ULong tmp;
@ -418,30 +417,6 @@
FT_TRACE5(( " Instructions size: %u\n", n_ins ));
/* check it */
max_ins = face->max_profile.maxSizeOfInstructions;
if ( n_ins > max_ins )
{
/* don't trust `maxSizeOfInstructions'; */
/* only do a rough safety check */
if ( (FT_Int)n_ins > load->byte_len )
{
FT_TRACE1(( "TT_Load_Simple_Glyph:"
" too many instructions (%d) for glyph with length %d\n",
n_ins, load->byte_len ));
return FT_THROW( Too_Many_Hints );
}
tmp = load->exec->glyphSize;
error = Update_Max( load->exec->memory,
&tmp,
sizeof ( FT_Byte ),
(void*)&load->exec->glyphIns,
n_ins );
load->exec->glyphSize = (FT_UShort)tmp;
if ( error )
return error;
}
if ( ( limit - p ) < n_ins )
{
FT_TRACE0(( "TT_Load_Simple_Glyph: instruction count mismatch\n" ));
@ -453,6 +428,20 @@
if ( IS_HINTED( load->load_flags ) )
{
/* we don't trust `maxSizeOfInstructions' in the `maxp' table */
/* and thus update the bytecode array size by ourselves */
tmp = load->exec->glyphSize;
error = Update_Max( load->exec->memory,
&tmp,
sizeof ( FT_Byte ),
(void*)&load->exec->glyphIns,
n_ins );
load->exec->glyphSize = (FT_UShort)tmp;
if ( error )
return error;
load->glyph->control_len = n_ins;
load->glyph->control_data = load->exec->glyphIns;
@ -1244,12 +1233,13 @@
return FT_THROW( Too_Many_Hints );
}
tmp = loader->exec->glyphSize;
tmp = loader->exec->glyphSize;
error = Update_Max( loader->exec->memory,
&tmp,
sizeof ( FT_Byte ),
(void*)&loader->exec->glyphIns,
n_ins );
loader->exec->glyphSize = (FT_UShort)tmp;
if ( error )
return error;