From 96341dc3785acd54d682ca51656dbcb91bd1066c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jarkko=20P=C3=B6yry?= <jarkko.poyry@gmail.com>
Date: Mon, 24 Nov 2014 09:53:07 +0100
Subject: [PATCH] [cff, pfr, psaux, winfonts] Fix Savannah bug #43676.

Don't cast cmap init function pointers to an incompatible type.

Without this patch, the number of parameters between declaration and
the real signature differs.  Calling such a function results in
undefined behavior.

  ISO/IEC 9899:TC3 (Committee Draft September 7, 2007)
    6.5.2.2 Function calls
      9 If the function is defined with a type that is not
        compatible with the type (of the expression) pointed to by
        the expression that denotes the called function, the
        behavior is undefined.

On certain platforms (c -> js with emscripten) this causes
termination of execution or invalid calls because in the emscripten
implementation, function pointers of different types are stored in
different pointer arrays.  Incorrect pointer type here results in
indexing of an incorrect array.

* src/cff/cffcmap.c (cff_cmap_encoding_init, cff_cmap_unicode_init),
src/pfr/pfrcmap.c (pfr_cmap_init), src/psaux/t1cmap.c
t1_cmap_standard_init, t1_cmap_expert_init, t1_cmap_custom_init,
t1_cmap_unicode_init), src/winfonts/winfnt.c (fnt_cmap_init): Fix
signature.
---
 ChangeLog             | 29 +++++++++++++++++++++++++++++
 src/cff/cffcmap.c     | 10 ++++++++--
 src/pfr/pfrcmap.c     |  5 ++++-
 src/psaux/t1cmap.c    | 22 ++++++++++++++++++----
 src/winfonts/winfnt.c |  5 ++++-
 5 files changed, 63 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 432186ec6..76ca6752a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,32 @@
+2014-11-24  Jarkko Pöyry  <jarkko.poyry@gmail.com>
+
+	[cff, pfr, psaux, winfonts] Fix Savannah bug #43676.
+
+	Don't cast cmap init function pointers to an incompatible type. 
+
+	Without this patch, the number of parameters between declaration and
+	the real signature differs.  Calling such a function results in
+	undefined behavior.
+
+	  ISO/IEC 9899:TC3 (Committee Draft September 7, 2007)
+	    6.5.2.2 Function calls
+	      9 If the function is defined with a type that is not
+	        compatible with the type (of the expression) pointed to by
+	        the expression that denotes the called function, the
+	        behavior is undefined.
+
+	On certain platforms (c -> js with emscripten) this causes
+	termination of execution or invalid calls because in the emscripten
+	implementation, function pointers of different types are stored in
+	different pointer arrays.  Incorrect pointer type here results in
+	indexing of an incorrect array.
+
+	* src/cff/cffcmap.c (cff_cmap_encoding_init, cff_cmap_unicode_init),
+	src/pfr/pfrcmap.c (pfr_cmap_init), src/psaux/t1cmap.c
+	t1_cmap_standard_init, t1_cmap_expert_init, t1_cmap_custom_init,
+	t1_cmap_unicode_init), src/winfonts/winfnt.c (fnt_cmap_init): Fix
+	signature.
+
 2014-11-24  Werner Lemberg  <wl@gnu.org>
 
 	[sfnt] Fix Savannah bug #43672.
diff --git a/src/cff/cffcmap.c b/src/cff/cffcmap.c
index f6e03c642..52248b2b9 100644
--- a/src/cff/cffcmap.c
+++ b/src/cff/cffcmap.c
@@ -33,12 +33,15 @@
   /*************************************************************************/
 
   FT_CALLBACK_DEF( FT_Error )
-  cff_cmap_encoding_init( CFF_CMapStd  cmap )
+  cff_cmap_encoding_init( CFF_CMapStd  cmap,
+                          FT_Pointer   pointer )
   {
     TT_Face       face     = (TT_Face)FT_CMAP_FACE( cmap );
     CFF_Font      cff      = (CFF_Font)face->extra.data;
     CFF_Encoding  encoding = &cff->encoding;
 
+    FT_UNUSED( pointer );
+
 
     cmap->gids  = encoding->codes;
 
@@ -135,7 +138,8 @@
 
 
   FT_CALLBACK_DEF( FT_Error )
-  cff_cmap_unicode_init( PS_Unicodes  unicodes )
+  cff_cmap_unicode_init( PS_Unicodes  unicodes,
+                         FT_Pointer   pointer )
   {
     TT_Face             face    = (TT_Face)FT_CMAP_FACE( unicodes );
     FT_Memory           memory  = FT_FACE_MEMORY( face );
@@ -143,6 +147,8 @@
     CFF_Charset         charset = &cff->charset;
     FT_Service_PsCMaps  psnames = (FT_Service_PsCMaps)cff->psnames;
 
+    FT_UNUSED( pointer );
+
 
     /* can't build Unicode map for CID-keyed font */
     /* because we don't know glyph names.         */
diff --git a/src/pfr/pfrcmap.c b/src/pfr/pfrcmap.c
index 1f05640cc..90ba0105e 100644
--- a/src/pfr/pfrcmap.c
+++ b/src/pfr/pfrcmap.c
@@ -25,11 +25,14 @@
 
 
   FT_CALLBACK_DEF( FT_Error )
-  pfr_cmap_init( PFR_CMap  cmap )
+  pfr_cmap_init( PFR_CMap    cmap,
+                 FT_Pointer  pointer )
   {
     FT_Error  error = FT_Err_Ok;
     PFR_Face  face  = (PFR_Face)FT_CMAP_FACE( cmap );
 
+    FT_UNUSED( pointer );
+
 
     cmap->num_chars = face->phy_font.num_chars;
     cmap->chars     = face->phy_font.chars;
diff --git a/src/psaux/t1cmap.c b/src/psaux/t1cmap.c
index 9e5bd34ff..fb1353ae0 100644
--- a/src/psaux/t1cmap.c
+++ b/src/psaux/t1cmap.c
@@ -120,8 +120,12 @@
 
 
   FT_CALLBACK_DEF( FT_Error )
-  t1_cmap_standard_init( T1_CMapStd  cmap )
+  t1_cmap_standard_init( T1_CMapStd  cmap,
+                         FT_Pointer  pointer )
   {
+    FT_UNUSED( pointer );
+
+
     t1_cmap_std_init( cmap, 0 );
     return 0;
   }
@@ -142,8 +146,12 @@
 
 
   FT_CALLBACK_DEF( FT_Error )
-  t1_cmap_expert_init( T1_CMapStd  cmap )
+  t1_cmap_expert_init( T1_CMapStd  cmap,
+                       FT_Pointer  pointer )
   {
+    FT_UNUSED( pointer );
+
+
     t1_cmap_std_init( cmap, 1 );
     return 0;
   }
@@ -172,11 +180,14 @@
 
 
   FT_CALLBACK_DEF( FT_Error )
-  t1_cmap_custom_init( T1_CMapCustom  cmap )
+  t1_cmap_custom_init( T1_CMapCustom  cmap,
+                       FT_Pointer     pointer )
   {
     T1_Face      face     = (T1_Face)FT_CMAP_FACE( cmap );
     T1_Encoding  encoding = &face->type1.encoding;
 
+    FT_UNUSED( pointer );
+
 
     cmap->first   = encoding->code_first;
     cmap->count   = (FT_UInt)( encoding->code_last - cmap->first );
@@ -272,12 +283,15 @@
 
 
   FT_CALLBACK_DEF( FT_Error )
-  t1_cmap_unicode_init( PS_Unicodes  unicodes )
+  t1_cmap_unicode_init( PS_Unicodes  unicodes,
+                        FT_Pointer   pointer )
   {
     T1_Face             face    = (T1_Face)FT_CMAP_FACE( unicodes );
     FT_Memory           memory  = FT_FACE_MEMORY( face );
     FT_Service_PsCMaps  psnames = (FT_Service_PsCMaps)face->psnames;
 
+    FT_UNUSED( pointer );
+
 
     return psnames->unicodes_init( memory,
                                    unicodes,
diff --git a/src/winfonts/winfnt.c b/src/winfonts/winfnt.c
index e9c1a9b5f..fd5cc4a1a 100644
--- a/src/winfonts/winfnt.c
+++ b/src/winfonts/winfnt.c
@@ -591,11 +591,14 @@
 
 
   static FT_Error
-  fnt_cmap_init( FNT_CMap  cmap )
+  fnt_cmap_init( FNT_CMap    cmap,
+                 FT_Pointer  pointer )
   {
     FNT_Face  face = (FNT_Face)FT_CMAP_FACE( cmap );
     FNT_Font  font = face->font;
 
+    FT_UNUSED( pointer );
+
 
     cmap->first = (FT_UInt32)  font->header.first_char;
     cmap->count = (FT_UInt32)( font->header.last_char - cmap->first + 1 );