From 5f131cfd20135ac5a1609854a1c2bde425741d3e Mon Sep 17 00:00:00 2001 From: Alexei Podtelezhnikov Date: Tue, 21 May 2024 16:24:43 -0400 Subject: [PATCH] [cff, truetype] Validate variation axes immediately. Instead of validating variation axes in every access, OpenType specs suggest that peak = 0 be used to tag invalid ranges. This implements just that once during loading. * src/cff/cffload.c (cff_blend_build_vector): Move the range checks... (cff_vstore_load): ... here. * src/truetype/ttgxvar.c (tt_var_get_item_delta): Ditto... (tt_var_load_item_variation_store): ... ditto. --- src/cff/cffload.c | 28 ++++++++++++---------------- src/truetype/ttgxvar.c | 16 ++++++---------- 2 files changed, 18 insertions(+), 26 deletions(-) diff --git a/src/cff/cffload.c b/src/cff/cffload.c index 01d78770b..979fd45f6 100644 --- a/src/cff/cffload.c +++ b/src/cff/cffload.c @@ -1202,17 +1202,21 @@ { CFF_AxisCoords* axis = ®ion->axisList[j]; - FT_Int16 start14, peak14, end14; + FT_Int start, peak, end; - if ( FT_READ_SHORT( start14 ) || - FT_READ_SHORT( peak14 ) || - FT_READ_SHORT( end14 ) ) + if ( FT_READ_SHORT( start ) || + FT_READ_SHORT( peak ) || + FT_READ_SHORT( end ) ) goto Exit; - axis->startCoord = FT_fdot14ToFixed( start14 ); - axis->peakCoord = FT_fdot14ToFixed( peak14 ); - axis->endCoord = FT_fdot14ToFixed( end14 ); + /* immediately tag invalid ranges with special peak = 0 */ + if ( ( start < 0 && end > 0 ) || start > peak || peak > end ) + peak = 0; + + axis->startCoord = FT_fdot14ToFixed( start ); + axis->peakCoord = FT_fdot14ToFixed( peak ); + axis->endCoord = FT_fdot14ToFixed( end ); } } @@ -1498,19 +1502,11 @@ /* compute the scalar contribution of this axis */ - /* while running mandatory range checks */ + /* with peak of 0 used for invalid axes */ if ( axis->peakCoord == NDV[j] || axis->peakCoord == 0 ) continue; - else if ( axis->startCoord < 0 && - axis->endCoord > 0 ) - continue; - - else if ( axis->startCoord > axis->peakCoord || - axis->peakCoord > axis->endCoord ) - continue; - /* ignore this region if coords are out of range */ else if ( NDV[j] <= axis->startCoord || NDV[j] >= axis->endCoord ) diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c index 2e0cc7539..205310d13 100644 --- a/src/truetype/ttgxvar.c +++ b/src/truetype/ttgxvar.c @@ -596,7 +596,7 @@ for ( j = 0; j < itemStore->axisCount; j++ ) { - FT_Short start, peak, end; + FT_Int start, peak, end; if ( FT_READ_SHORT( start ) || @@ -604,6 +604,10 @@ FT_READ_SHORT( end ) ) goto Exit; + /* immediately tag invalid ranges with special peak = 0 */ + if ( ( start < 0 && end > 0 ) || start > peak || peak > end ) + peak = 0; + axisCoords[j].startCoord = FT_fdot14ToFixed( start ); axisCoords[j].peakCoord = FT_fdot14ToFixed( peak ); axisCoords[j].endCoord = FT_fdot14ToFixed( end ); @@ -1078,19 +1082,11 @@ /* compute the scalar contribution of this axis */ - /* while running mandatory range checks */ + /* with peak of 0 used for invalid axes */ if ( axis->peakCoord == ncv || axis->peakCoord == 0 ) continue; - else if ( axis->startCoord < 0 && - axis->endCoord > 0 ) - continue; - - else if ( axis->startCoord > axis->peakCoord || - axis->peakCoord > axis->endCoord ) - continue; - /* ignore this region if coords are out of range */ else if ( ncv <= axis->startCoord || ncv >= axis->endCoord )