[psaux, type1] Fix null pointer dereferences.

Found with font fuzzying.

* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
`decoder->buildchar'.

* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
This commit is contained in:
Dirk Müller 2011-07-22 05:24:11 +02:00 committed by Werner Lemberg
parent 3abf617b5e
commit b03c4a0a3f
3 changed files with 16 additions and 3 deletions

View File

@ -1,3 +1,14 @@
2011-07-22 Dirk Müller <dmueller@suse.de>
[psaux, type1] Fix null pointer dereferences.
Found with font fuzzying.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
`decoder->buildchar'.
* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
2011-07-20 Chris Morgan <cmorgan@cybexintl.com> 2011-07-20 Chris Morgan <cmorgan@cybexintl.com>
Add FT_CONFIG_OPTION_DISABLE_STREAM_SUPPORT. Add FT_CONFIG_OPTION_DISABLE_STREAM_SUPPORT.

View File

@ -397,7 +397,7 @@
FT_ASSERT( ( decoder->len_buildchar == 0 ) == FT_ASSERT( ( decoder->len_buildchar == 0 ) ==
( decoder->buildchar == NULL ) ); ( decoder->buildchar == NULL ) );
if ( decoder->len_buildchar > 0 ) if ( decoder->buildchar && decoder->len_buildchar > 0 )
ft_memset( &decoder->buildchar[0], ft_memset( &decoder->buildchar[0],
0, 0,
sizeof( decoder->buildchar[0] ) * decoder->len_buildchar ); sizeof( decoder->buildchar[0] ) * decoder->len_buildchar );

View File

@ -4,8 +4,7 @@
/* */ /* */
/* Type 1 font loader (body). */ /* Type 1 font loader (body). */
/* */ /* */
/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, */ /* Copyright 1996-2011 by */
/* 2010 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */ /* */
/* This file is part of the FreeType project, and may only be used, */ /* This file is part of the FreeType project, and may only be used, */
@ -922,6 +921,9 @@
PS_Blend blend = face->blend; PS_Blend blend = face->blend;
if ( blend && blend->num_designs == 0 )
blend = NULL;
/* if the keyword has a dedicated callback, call it */ /* if the keyword has a dedicated callback, call it */
if ( field->type == T1_FIELD_TYPE_CALLBACK ) if ( field->type == T1_FIELD_TYPE_CALLBACK )
{ {