From d9b3e39484bbafbec3e42734c9b585e35485f2c1 Mon Sep 17 00:00:00 2001 From: suzuki toshiya Date: Thu, 5 Aug 2010 17:10:32 +0900 Subject: [PATCH] [cff] Don't use any values in decoder after parsing error. * src/cff/cffgload.c (cff_slot_load): Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error. --- ChangeLog | 10 ++++++- src/cff/cffgload.c | 67 +++++++++++++++++++++++++--------------------- 2 files changed, 45 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 66e67a861..b042fc9da 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2010-08-05 suzuki toshiya + + [cff] Don't use any values in decoder after parsing error. + + * src/cff/cffgload.c (cff_slot_load): Skip the evaluations + of the values in decoder, if cff_decoder_parse_charstrings() + returns any error. + 2010-08-04 Werner Lemberg Fix Savannah bug #30644. @@ -11,7 +19,7 @@ * devel/ftoption.h: Synchronize with include/freetype/config/ftoption.h. -2010-08-04 Suzuki, Toshiya (鈴木俊哉) +2010-08-04 suzuki toshiya [cff] Improve stack overflow test. diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c index 887c87978..c47f238a3 100644 --- a/src/cff/cffgload.c +++ b/src/cff/cffgload.c @@ -2731,48 +2731,53 @@ /* now load the unscaled outline */ error = cff_get_glyph_data( face, glyph_index, &charstring, &charstring_len ); - if ( !error ) - { - error = cff_decoder_prepare( &decoder, size, glyph_index ); - if ( !error ) - { - error = cff_decoder_parse_charstrings( &decoder, - charstring, - charstring_len ); + if ( error ) + goto Glyph_Build_Finished; - cff_free_glyph_data( face, &charstring, charstring_len ); + error = cff_decoder_prepare( &decoder, size, glyph_index ); + if ( error ) + goto Glyph_Build_Finished; + error = cff_decoder_parse_charstrings( &decoder, + charstring, + charstring_len ); + + cff_free_glyph_data( face, &charstring, charstring_len ); + + if ( error ) + goto Glyph_Build_Finished; #ifdef FT_CONFIG_OPTION_INCREMENTAL - /* Control data and length may not be available for incremental */ - /* fonts. */ - if ( face->root.internal->incremental_interface ) - { - glyph->root.control_data = 0; - glyph->root.control_len = 0; - } - else + /* Control data and length may not be available for incremental */ + /* fonts. */ + if ( face->root.internal->incremental_interface ) + { + glyph->root.control_data = 0; + glyph->root.control_len = 0; + } + else #endif /* FT_CONFIG_OPTION_INCREMENTAL */ - /* We set control_data and control_len if charstrings is loaded. */ - /* See how charstring loads at cff_index_access_element() in */ - /* cffload.c. */ - { - CFF_Index csindex = &cff->charstrings_index; + /* We set control_data and control_len if charstrings is loaded. */ + /* See how charstring loads at cff_index_access_element() in */ + /* cffload.c. */ + { + CFF_Index csindex = &cff->charstrings_index; - if ( csindex->offsets ) - { - glyph->root.control_data = csindex->bytes + - csindex->offsets[glyph_index] - 1; - glyph->root.control_len = charstring_len; - } - } + if ( csindex->offsets ) + { + glyph->root.control_data = csindex->bytes + + csindex->offsets[glyph_index] - 1; + glyph->root.control_len = charstring_len; } } - /* save new glyph tables */ - cff_builder_done( &decoder.builder ); + Glyph_Build_Finished: + /* save new glyph tables, if no error */ + if ( !error ) + cff_builder_done( &decoder.builder ); + /* XXX: anything to do for broken glyph entry? */ } #ifdef FT_CONFIG_OPTION_INCREMENTAL