From ad18b367e9c658d94cf85224ba46c11f092ff7fd Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Mon, 4 Jun 2007 07:04:05 +0000 Subject: [PATCH] * src/cid/cidgload.c (cid_load_glyph): Check `fd_select'. * src/tools/ftrandom/Makefile: Depend on `libfreetype.a'. --- ChangeLog | 6 ++++++ src/cid/cidgload.c | 19 ++++++++++++------- src/tools/ftrandom/Makefile | 4 +++- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index b15e91606..e61a8b51f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2007-06-04 Werner Lemberg + + * src/cid/cidgload.c (cid_load_glyph): Check `fd_select'. + + * src/tools/ftrandom/Makefile: Depend on `libfreetype.a'. + 2007-06-03 Werner Lemberg * src/tools/ftrandom/*: Add the `ftrandom' test program written by diff --git a/src/cid/cidgload.c b/src/cid/cidgload.c index aec34855c..8bec6e187 100644 --- a/src/cid/cidgload.c +++ b/src/cid/cidgload.c @@ -4,7 +4,7 @@ /* */ /* CID-keyed Type1 Glyph Loader (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006 by */ +/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -44,12 +44,12 @@ CID_FaceInfo cid = &face->cid; FT_Byte* p; FT_UInt fd_select; - FT_Stream stream = face->cid_stream; - FT_Error error = 0; - FT_Byte* charstring = 0; - FT_Memory memory = face->root.memory; + FT_Stream stream = face->cid_stream; + FT_Error error = CID_Err_Ok; + FT_Byte* charstring = 0; + FT_Memory memory = face->root.memory; FT_ULong glyph_length = 0; - PSAux_Service psaux = (PSAux_Service)face->psaux; + PSAux_Service psaux = (PSAux_Service)face->psaux; #ifdef FT_CONFIG_OPTION_INCREMENTAL @@ -111,6 +111,11 @@ glyph_length = cid_get_offset( &p, (FT_Byte)cid->gd_bytes ) - off1; FT_FRAME_EXIT(); + if ( fd_select >= (FT_UInt)cid->num_dicts ) + { + error = CID_Err_Invalid_Offset; + goto Exit; + } if ( glyph_length == 0 ) goto Exit; if ( FT_ALLOC( charstring, glyph_length ) ) @@ -150,7 +155,7 @@ error = decoder->funcs.parse_charstrings( decoder, charstring + cs_offset, - (FT_Int)glyph_length - cs_offset ); + (FT_Int)glyph_length - cs_offset ); } FT_FREE( charstring ); diff --git a/src/tools/ftrandom/Makefile b/src/tools/ftrandom/Makefile index 28e67f312..2e619299c 100644 --- a/src/tools/ftrandom/Makefile +++ b/src/tools/ftrandom/Makefile @@ -5,6 +5,8 @@ TOP_DIR ?= ../../.. OBJ_DIR ?= $(TOP_DIR)/objs +# The setup below is for gcc on a Unix-like platform. + SRC_DIR = $(TOP_DIR)/src/tools/ftrandom CC = gcc @@ -27,7 +29,7 @@ LIBS = -lm \ all: $(OBJ_DIR)/ftrandom -$(OBJ_DIR)/ftrandom: $(SRC_DIR)/ftrandom.c +$(OBJ_DIR)/ftrandom: $(SRC_DIR)/ftrandom.c $(OBJ_DIR)/libfreetype.a $(CC) -o $(OBJ_DIR)/ftrandom $(CFLAGS) $(SRC_DIR)/ftrandom.c $(LIBS) # EOF