[psaux, type1] Fix null pointer dereferences.
Found with font fuzzying. * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check `decoder->buildchar'. * src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
This commit is contained in:
parent
3abf617b5e
commit
b03c4a0a3f
11
ChangeLog
11
ChangeLog
|
@ -1,3 +1,14 @@
|
|||
2011-07-22 Dirk Müller <dmueller@suse.de>
|
||||
|
||||
[psaux, type1] Fix null pointer dereferences.
|
||||
|
||||
Found with font fuzzying.
|
||||
|
||||
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
|
||||
`decoder->buildchar'.
|
||||
|
||||
* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
|
||||
|
||||
2011-07-20 Chris Morgan <cmorgan@cybexintl.com>
|
||||
|
||||
Add FT_CONFIG_OPTION_DISABLE_STREAM_SUPPORT.
|
||||
|
|
|
@ -397,7 +397,7 @@
|
|||
FT_ASSERT( ( decoder->len_buildchar == 0 ) ==
|
||||
( decoder->buildchar == NULL ) );
|
||||
|
||||
if ( decoder->len_buildchar > 0 )
|
||||
if ( decoder->buildchar && decoder->len_buildchar > 0 )
|
||||
ft_memset( &decoder->buildchar[0],
|
||||
0,
|
||||
sizeof( decoder->buildchar[0] ) * decoder->len_buildchar );
|
||||
|
|
|
@ -4,8 +4,7 @@
|
|||
/* */
|
||||
/* Type 1 font loader (body). */
|
||||
/* */
|
||||
/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, */
|
||||
/* 2010 by */
|
||||
/* Copyright 1996-2011 by */
|
||||
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
|
||||
/* */
|
||||
/* This file is part of the FreeType project, and may only be used, */
|
||||
|
@ -922,6 +921,9 @@
|
|||
PS_Blend blend = face->blend;
|
||||
|
||||
|
||||
if ( blend && blend->num_designs == 0 )
|
||||
blend = NULL;
|
||||
|
||||
/* if the keyword has a dedicated callback, call it */
|
||||
if ( field->type == T1_FIELD_TYPE_CALLBACK )
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue