minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 9 Releases Wiki Activity

[cff] Better check of number of blends. 

* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdBLEND>,
src/cff/cffparse.c (cff_parse_blend): Compare number of blends with
stack size.
This commit is contained in:
Werner Lemberg 2016-12-28 08:33:35 +01:00
parent 48fd5bb2b6
commit c4cd34a9e0
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
2016-12-28 Werner Lemberg <wl@gnu.org>
[cff] Better check of number of blends.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdBLEND>,
src/cff/cffparse.c (cff_parse_blend): Compare number of blends with
stack size.
2016-12-27 Werner Lemberg <wl@gnu.org>
Documentation updates.

9
src/cff/cf2intrp.c
View File

@ -693,12 +693,13 @@
}
/* do the blend */
numBlends = (FT_UInt)cf2_stack_popInt( opStack );
if ( numBlends > stackSize )
{
FT_Int temp = cf2_stack_popInt( opStack );
numBlends = temp > 0 ? (FT_UInt)temp : 0;
lastError = FT_THROW( Invalid_Glyph_Format );
goto exit;
}
cf2_doBlend( &font->blend, opStack, numBlends );
font->blend.usedBV = TRUE;

6
src/cff/cffparse.c
View File

@ -907,6 +907,12 @@
}
numBlends = (FT_UInt)cff_parse_num( parser, parser->top - 1 );
if ( numBlends > parser->stackSize )
{
FT_ERROR(( "cff_parse_blend: Invalid number of blends\n" ));
error = FT_THROW( Invalid_File_Format );
goto Exit;
}
FT_TRACE4(( " %d values blended\n", numBlends ));