ReceiveTempSMS
/
Al-Qurtas-Islamic-bank-The-Best-Bank-in-Iraq
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[psaux, cff] Protect against nested `seac' calls. 

* include/freetype/internal/psaux.h (T1_Decoder), src/cff/cffgload.h
(CFF_Decoder): Add `seac' boolean variable.

* src/cff/cffgload.c (cff_operator_seac,
cff_decoder_parse_charstrings), src/psaux/t1decode.c
(t1operator_seac, t1_decoder_parse_charstrings): Use it.
This commit is contained in:
Werner Lemberg 2009-06-28 01:25:55 +02:00
parent 6bb34880e8
commit e7389a4405
5 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -1,3 +1,14 @@
2009-06-28 Werner Lemberg <wl@gnu.org>
[psaux, cff] Protect against nested `seac' calls.
* include/freetype/internal/psaux.h (T1_Decoder), src/cff/cffgload.h
(CFF_Decoder): Add `seac' boolean variable.
* src/cff/cffgload.c (cff_operator_seac,
cff_decoder_parse_charstrings), src/psaux/t1decode.c
(t1operator_seac, t1_decoder_parse_charstrings): Use it.
2009-06-28 Werner Lemberg <wl@gnu.org> 2009-06-28 Werner Lemberg <wl@gnu.org>
Thinko. Thinko.

2
include/freetype/internal/psaux.h
View File

@ -692,6 +692,8 @@ FT_BEGIN_HEADER
FT_Int* buildchar; FT_Int* buildchar;
FT_UInt len_buildchar; FT_UInt len_buildchar;
FT_Bool seac;
} T1_DecoderRec; } T1_DecoderRec;

9
src/cff/cffgload.c
View File

@ -707,6 +707,12 @@
FT_ULong charstring_len; FT_ULong charstring_len;
if ( decoder->seac )
{
FT_ERROR(( "cff_operator_seac: invalid nested seac\n" ));
return CFF_Err_Syntax_Error;
}
#ifdef FT_CONFIG_OPTION_INCREMENTAL #ifdef FT_CONFIG_OPTION_INCREMENTAL
/* Incremental fonts don't necessarily have valid charsets. */ /* Incremental fonts don't necessarily have valid charsets. */
/* They use the character code, not the glyph index, in this case. */ /* They use the character code, not the glyph index, in this case. */
@ -1883,11 +1889,14 @@
FT_Pos glyph_width = decoder->glyph_width; FT_Pos glyph_width = decoder->glyph_width;
/* the seac operator must not be nested */
decoder->seac = TRUE;
error = cff_operator_seac( decoder, error = cff_operator_seac( decoder,
args[-4], args[-4],
args[-3], args[-3],
(FT_Int)( args[-2] >> 16 ), (FT_Int)( args[-2] >> 16 ),
(FT_Int)( args[-1] >> 16 ) ); (FT_Int)( args[-1] >> 16 ) );
decoder->seac = FALSE;
decoder->glyph_width = glyph_width; decoder->glyph_width = glyph_width;
} }

2
src/cff/cffgload.h
View File

@ -154,6 +154,8 @@ FT_BEGIN_HEADER
FT_Render_Mode hint_mode; FT_Render_Mode hint_mode;
FT_Bool seac;
} CFF_Decoder; } CFF_Decoder;

24
src/psaux/t1decode.c
View File

@ -198,6 +198,13 @@
T1_Face face = (T1_Face)decoder->builder.face; T1_Face face = (T1_Face)decoder->builder.face;
#endif #endif
if ( decoder->seac )
{
FT_ERROR(( "t1operator_seac: invalid nested seac\n" ));
return PSaux_Err_Syntax_Error;
}
/* seac weirdness */ /* seac weirdness */
adx += decoder->builder.left_bearing.x; adx += decoder->builder.left_bearing.x;
@ -1118,13 +1125,18 @@
break; break;
case op_seac: case op_seac:
/* the seac operator must not be nested */
decoder->seac = TRUE;
error = t1operator_seac( decoder,
top[0],
top[1],
top[2],
(FT_Int)( top[3] >> 16 ),
(FT_Int)( top[4] >> 16 ) );
decoder->seac = FALSE;
/* return immediately after the processing */ /* return immediately after the processing */
return t1operator_seac( decoder, return error;
top[0],
top[1],
top[2],
(FT_Int)( top[3] >> 16 ),
(FT_Int)( top[4] >> 16 ) );
case op_sbw: case op_sbw:
FT_TRACE4(( " sbw" )); FT_TRACE4(( " sbw" ));