fix src/cid/cidparse.c for too-short CIDFont

This commit is contained in:
Suzuki, Toshiya (鈴木俊哉) 2006-02-09 01:43:00 +00:00
parent 458c34233d
commit 4f41d63b02
2 changed files with 37 additions and 26 deletions

View File

@ -1,3 +1,8 @@
2006-02-09 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
* src/cid/cidparse.c: Fix for abnormally short or broken CIDFont.
The issue was found by Taek Kwan(TK) Lee (See ft-devel 2005-11-02).
2006-02-08 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
* builds/unix/configure.ac: Fix bug for "--with-old-mac-fonts"

View File

@ -56,8 +56,6 @@
{
FT_Error error;
FT_ULong base_offset, offset, ps_len;
FT_Byte buffer[256 + 10];
FT_Int buff_len;
FT_Byte *cur, *limit;
FT_Byte *arg1, *arg2;
@ -86,36 +84,44 @@
Again:
/* now, read the rest of the file until we find a `StartData' */
buff_len = 256;
for (;;)
{
FT_Byte* p;
FT_ULong top_position;
FT_Byte buffer[256 + 10];
FT_Int read_len = 256 + 10;
FT_Byte* p = buffer;
/* fill input buffer */
limit = buffer + 256;
buff_len -= 256;
if ( buff_len > 0 )
FT_MEM_MOVE( buffer, limit, buff_len );
p = buffer + buff_len;
if ( FT_STREAM_READ( p, 256 + 10 - buff_len ) )
goto Exit;
top_position = FT_STREAM_POS() - buff_len;
buff_len = 256 + 10;
/* look for `StartData' */
for ( p = buffer; p < limit; p++ )
for ( offset = (FT_ULong)FT_STREAM_POS(); ; offset += 256 )
{
if ( p[0] == 'S' && ft_strncmp( (char*)p, "StartData", 9 ) == 0 )
FT_Int stream_len;
FT_Byte* limit;
stream_len = stream->size - FT_STREAM_POS();
if ( stream_len == 0 )
goto Exit;
read_len = FT_MIN( read_len, stream_len );
if ( FT_STREAM_READ( p, read_len ) )
goto Exit;
if ( read_len < 256 )
p[read_len] = '\0';
limit = p + read_len - 10;
for ( p = buffer; p < limit; p++ )
{
/* save offset of binary data after `StartData' */
offset = (FT_ULong)( top_position - ( limit - p ) + 10 );
goto Found;
if ( p[0] == 'S' && ft_strncmp( (char*)p, "StartData", 9 ) == 0 )
{
/* save offset of binary data after `StartData' */
offset += p - buffer + 10;
goto Found;
}
}
FT_MEM_MOVE( buffer, p, 10 );
read_len = 256;
p = buffer + 10;
}
}