* src/cid/cidgload.c (cid_load_glyph): Check `fd_select'.

* src/tools/ftrandom/Makefile: Depend on `libfreetype.a'.
This commit is contained in:
Werner Lemberg 2007-06-04 07:04:05 +00:00
parent 25b14229f1
commit ad18b367e9
3 changed files with 21 additions and 8 deletions

View File

@ -1,3 +1,9 @@
2007-06-04 Werner Lemberg <wl@gnu.org>
* src/cid/cidgload.c (cid_load_glyph): Check `fd_select'.
* src/tools/ftrandom/Makefile: Depend on `libfreetype.a'.
2007-06-03 Werner Lemberg <wl@gnu.org> 2007-06-03 Werner Lemberg <wl@gnu.org>
* src/tools/ftrandom/*: Add the `ftrandom' test program written by * src/tools/ftrandom/*: Add the `ftrandom' test program written by

View File

@ -4,7 +4,7 @@
/* */ /* */
/* CID-keyed Type1 Glyph Loader (body). */ /* CID-keyed Type1 Glyph Loader (body). */
/* */ /* */
/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006 by */ /* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */ /* */
/* This file is part of the FreeType project, and may only be used, */ /* This file is part of the FreeType project, and may only be used, */
@ -44,12 +44,12 @@
CID_FaceInfo cid = &face->cid; CID_FaceInfo cid = &face->cid;
FT_Byte* p; FT_Byte* p;
FT_UInt fd_select; FT_UInt fd_select;
FT_Stream stream = face->cid_stream; FT_Stream stream = face->cid_stream;
FT_Error error = 0; FT_Error error = CID_Err_Ok;
FT_Byte* charstring = 0; FT_Byte* charstring = 0;
FT_Memory memory = face->root.memory; FT_Memory memory = face->root.memory;
FT_ULong glyph_length = 0; FT_ULong glyph_length = 0;
PSAux_Service psaux = (PSAux_Service)face->psaux; PSAux_Service psaux = (PSAux_Service)face->psaux;
#ifdef FT_CONFIG_OPTION_INCREMENTAL #ifdef FT_CONFIG_OPTION_INCREMENTAL
@ -111,6 +111,11 @@
glyph_length = cid_get_offset( &p, (FT_Byte)cid->gd_bytes ) - off1; glyph_length = cid_get_offset( &p, (FT_Byte)cid->gd_bytes ) - off1;
FT_FRAME_EXIT(); FT_FRAME_EXIT();
if ( fd_select >= (FT_UInt)cid->num_dicts )
{
error = CID_Err_Invalid_Offset;
goto Exit;
}
if ( glyph_length == 0 ) if ( glyph_length == 0 )
goto Exit; goto Exit;
if ( FT_ALLOC( charstring, glyph_length ) ) if ( FT_ALLOC( charstring, glyph_length ) )
@ -150,7 +155,7 @@
error = decoder->funcs.parse_charstrings( error = decoder->funcs.parse_charstrings(
decoder, charstring + cs_offset, decoder, charstring + cs_offset,
(FT_Int)glyph_length - cs_offset ); (FT_Int)glyph_length - cs_offset );
} }
FT_FREE( charstring ); FT_FREE( charstring );

View File

@ -5,6 +5,8 @@ TOP_DIR ?= ../../..
OBJ_DIR ?= $(TOP_DIR)/objs OBJ_DIR ?= $(TOP_DIR)/objs
# The setup below is for gcc on a Unix-like platform.
SRC_DIR = $(TOP_DIR)/src/tools/ftrandom SRC_DIR = $(TOP_DIR)/src/tools/ftrandom
CC = gcc CC = gcc
@ -27,7 +29,7 @@ LIBS = -lm \
all: $(OBJ_DIR)/ftrandom all: $(OBJ_DIR)/ftrandom
$(OBJ_DIR)/ftrandom: $(SRC_DIR)/ftrandom.c $(OBJ_DIR)/ftrandom: $(SRC_DIR)/ftrandom.c $(OBJ_DIR)/libfreetype.a
$(CC) -o $(OBJ_DIR)/ftrandom $(CFLAGS) $(SRC_DIR)/ftrandom.c $(LIBS) $(CC) -o $(OBJ_DIR)/ftrandom $(CFLAGS) $(SRC_DIR)/ftrandom.c $(LIBS)
# EOF # EOF