Handle some border cases.
* include/freetype/config/ftstdlib.h (FT_USHORT_MAX): New macro. * src/base/ftbitmap.c (FT_Bitmap_Convert): Protect against invalid value of `target->rows'. * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Add check for flex start. * src/raster/ftrend1.c (ft_raster1_render): Check `width' and `height'. * src/truetype/ttgxvar.c (TT_Vary_Get_Glyph_Deltas): Protect against invalid values in `localpoints' array.
This commit is contained in:
parent
6ae8bde444
commit
9c98fbf634
18
ChangeLog
18
ChangeLog
|
@ -1,3 +1,21 @@
|
|||
2011-10-01 Braden Thomas <bthomas@apple.com>
|
||||
|
||||
Handle some border cases.
|
||||
|
||||
* include/freetype/config/ftstdlib.h (FT_USHORT_MAX): New macro.
|
||||
|
||||
* src/base/ftbitmap.c (FT_Bitmap_Convert): Protect against invalid
|
||||
value of `target->rows'.
|
||||
|
||||
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Add check for
|
||||
flex start.
|
||||
|
||||
* src/raster/ftrend1.c (ft_raster1_render): Check `width' and
|
||||
`height'.
|
||||
|
||||
* src/truetype/ttgxvar.c (TT_Vary_Get_Glyph_Deltas): Protect against
|
||||
invalid values in `localpoints' array.
|
||||
|
||||
2011-10-01 Werner Lemberg <wl@gnu.org>
|
||||
|
||||
[psnames] Handle zapfdingbats.
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
/* ANSI-specific library and header configuration file (specification */
|
||||
/* only). */
|
||||
/* */
|
||||
/* Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2009 by */
|
||||
/* Copyright 2002-2007, 2009, 2011 by */
|
||||
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
|
||||
/* */
|
||||
/* This file is part of the FreeType project, and may only be used, */
|
||||
|
@ -59,11 +59,12 @@
|
|||
|
||||
#include <limits.h>
|
||||
|
||||
#define FT_CHAR_BIT CHAR_BIT
|
||||
#define FT_INT_MAX INT_MAX
|
||||
#define FT_INT_MIN INT_MIN
|
||||
#define FT_UINT_MAX UINT_MAX
|
||||
#define FT_ULONG_MAX ULONG_MAX
|
||||
#define FT_CHAR_BIT CHAR_BIT
|
||||
#define FT_USHORT_MAX USHRT_MAX
|
||||
#define FT_INT_MAX INT_MAX
|
||||
#define FT_INT_MIN INT_MIN
|
||||
#define FT_UINT_MAX UINT_MAX
|
||||
#define FT_ULONG_MAX ULONG_MAX
|
||||
|
||||
|
||||
/**********************************************************************/
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
/* */
|
||||
/* FreeType utility functions for bitmaps (body). */
|
||||
/* */
|
||||
/* Copyright 2004, 2005, 2006, 2007, 2008, 2009 by */
|
||||
/* Copyright 2004-2009, 2011 by */
|
||||
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
|
||||
/* */
|
||||
/* This file is part of the FreeType project, and may only be used, */
|
||||
|
@ -417,6 +417,10 @@
|
|||
|
||||
target->pitch = source->width + pad;
|
||||
|
||||
if ( target->pitch > 0 &&
|
||||
target->rows > FT_ULONG_MAX / target->pitch )
|
||||
return FT_Err_Invalid_Argument;
|
||||
|
||||
if ( target->rows * target->pitch > old_size &&
|
||||
FT_QREALLOC( target->buffer,
|
||||
old_size, target->rows * target->pitch ) )
|
||||
|
|
|
@ -764,6 +764,13 @@
|
|||
if ( arg_cnt != 0 )
|
||||
goto Unexpected_OtherSubr;
|
||||
|
||||
if ( decoder->flex_state == 0 )
|
||||
{
|
||||
FT_ERROR(( "t1_decoder_parse_charstrings:"
|
||||
" missing flex start\n" ));
|
||||
goto Syntax_Error;
|
||||
}
|
||||
|
||||
/* note that we should not add a point for index 0; */
|
||||
/* this will move our current position to the flex */
|
||||
/* point without adding any point to the outline */
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
/* */
|
||||
/* The FreeType glyph rasterizer interface (body). */
|
||||
/* */
|
||||
/* Copyright 1996-2001, 2002, 2003, 2005, 2006 by */
|
||||
/* Copyright 1996-2003, 2005, 2006, 2011 by */
|
||||
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
|
||||
/* */
|
||||
/* This file is part of the FreeType project, and may only be used, */
|
||||
|
@ -176,6 +176,13 @@
|
|||
|
||||
width = (FT_UInt)( ( cbox.xMax - cbox.xMin ) >> 6 );
|
||||
height = (FT_UInt)( ( cbox.yMax - cbox.yMin ) >> 6 );
|
||||
|
||||
if ( width > FT_USHORT_MAX || height > FT_USHORT_MAX )
|
||||
{
|
||||
error = Raster_Err_Invalid_Argument;
|
||||
goto Exit;
|
||||
}
|
||||
|
||||
bitmap = &slot->bitmap;
|
||||
memory = render->root.memory;
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
/* */
|
||||
/* TrueType GX Font Variation loader */
|
||||
/* */
|
||||
/* Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010 by */
|
||||
/* Copyright 2004-2011 by */
|
||||
/* David Turner, Robert Wilhelm, Werner Lemberg, and George Williams. */
|
||||
/* */
|
||||
/* This file is part of the FreeType project, and may only be used, */
|
||||
|
@ -1474,6 +1474,9 @@
|
|||
{
|
||||
for ( j = 0; j < point_count; ++j )
|
||||
{
|
||||
if ( localpoints[j] >= n_points )
|
||||
continue;
|
||||
|
||||
delta_xy[localpoints[j]].x += FT_MulFix( deltas_x[j], apply );
|
||||
delta_xy[localpoints[j]].y += FT_MulFix( deltas_y[j], apply );
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue