[UVS] Stabilizes UVS supporting functions against non-UVS fonts.

UVS supporting functions assume the variation handler functions are valid. When a font without cmap format 14 is given, these function pointers are left as NULL, so calling these functions causes NULL pointer dereference. * src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer FT_CMap_Class->char_var_index before calling it. (FT_Face_GetCharVariantIsDefault): Check the pointer FT_CMap_Class->char_var_default before calling it. (FT_Face_GetVariantSelectors): Check the pointer FT_CMap_Class->variant_list before calling it. (FT_Face_GetVariantsOfChar): Check the pointer FT_CMap_Class->charvariant_list before calling it. (FT_Face_GetCharsOfVariant): Check the pointer FT_CMap_Class->variantchar_list before calling it.
2010-11-04 21:53:11 +09:00 · 2010-11-04 21:53:11 +09:00 · e891e4d6f1
parent 6aee69096f
commit e891e4d6f1
2 changed files with 40 additions and 0 deletions
--- a/20
+++ b/20
@ -1,3 +1,23 @@
+2010-11-04  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
+
+	[UVS] Stabilizes UVS supporting functions against non-UVS fonts.
+
+	UVS supporting functions assume the variation handler functions
+	are valid.  When fonts without cmap format 14 is given, these
+	function pointers are left as NULL, so calling these functions
+	causes NULL pointer dereference.
+
+	* src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer
+	FT_CMap_Class->char_var_index before calling it.
+	(FT_Face_GetCharVariantIsDefault): Check the pointer
+	FT_CMap_Class->char_var_default before calling it.
+	(FT_Face_GetVariantSelectors): Check the pointer
+	FT_CMap_Class->variant_list before calling it.
+	(FT_Face_GetVariantsOfChar): Check the pointer
+	FT_CMap_Class->charvariant_list before calling it.
+	(FT_Face_GetCharsOfVariant): Check the pointer 
+	FT_CMap_Class->variantchar_list before calling it.
+
 2010-11-01  Alexei Podtelezhnikov  <apodtele@gmail.com>

 	[ftsmooth] Improve rendering.
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@ -3291,6 +3291,10 @@
        FT_CMap  vcmap = FT_CMAP( charmap );


+	/* font without TT cmap format 14 has no char_var_index() */
+        if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_index ) )
+          return result;
+
        if ( charcode > 0xFFFFFFFFUL )
        {
          FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@ -3332,6 +3336,10 @@
        FT_CMap  vcmap = FT_CMAP( charmap );


+	/* font without TT cmap format 14 has no char_var_index() */
+        if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_default ) )
+          return result;
+
        if ( charcode > 0xFFFFFFFFUL )
        {
          FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@ -3372,6 +3380,10 @@
        FT_Memory  memory = FT_FACE_MEMORY( face );


+	/* font without TT cmap format 14 has no variant_list() */
+        if ( !( vcmap->clazz ) || !( vcmap->clazz->variant_list ) )
+          return result;
+
        result = vcmap->clazz->variant_list( vcmap, memory );
      }
    }
@ -3400,6 +3412,10 @@
        FT_Memory  memory = FT_FACE_MEMORY( face );


+	/* font without TT cmap format 14 has no charvariant_list() */
+        if ( !( vcmap->clazz ) || !( vcmap->clazz->charvariant_list ) )
+          return result;
+
        if ( charcode > 0xFFFFFFFFUL )
        {
          FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@ -3434,6 +3450,10 @@
        FT_Memory  memory = FT_FACE_MEMORY( face );


+	/* font without TT cmap format 14 has no variantchar_list() */
+        if ( !( vcmap->clazz ) || !( vcmap->clazz->variantchar_list ) )
+          return result;
+
        if ( variantSelector > 0xFFFFFFFFUL )
        {
          FT_TRACE1(( "FT_Get_Char_Index: too large variantSelector" ));