From f1c93439b992fa66f17e92ee13314440f13008a2 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Thu, 22 Oct 2015 10:11:23 +0200 Subject: [PATCH] [cff] Avoid overflow/module arithmetic. This modifies the addition of subroutine number to subroutine bias from unsigned to signed, but does not change any results. * src/cff/cf2ft.c (cf2_initGlobalRegionBuffer, cf2_initLocalRegionBuffer): Change variable names from (unsigned) `idx' to (signed) `subrNum', since it is not an index until after the bias is added. * src/cff/cf2ft.h: Updated. * src/cff/cf2intrp.c (cf2_interpT2CharString) : Updated similarly. --- ChangeLog | 17 +++++++++++++++++ src/cff/cf2ft.c | 14 ++++++++++---- src/cff/cf2ft.h | 4 ++-- src/cff/cf2intrp.c | 12 ++++++------ 4 files changed, 35 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f01f1499b..c4a61a105 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +2015-10-22 Dave Arnold + Werner Lemberg + + [cff] Avoid overflow/module arithmetic. + + This modifies the addition of subroutine number to subroutine bias + from unsigned to signed, but does not change any results. + + * src/cff/cf2ft.c (cf2_initGlobalRegionBuffer, + cf2_initLocalRegionBuffer): Change variable names from (unsigned) + `idx' to (signed) `subrNum', since it is not an index until after + the bias is added. + * src/cff/cf2ft.h: Updated. + + * src/cff/cf2intrp.c (cf2_interpT2CharString) : + Updated similarly. + 2015-10-22 Werner Lemberg [cid] Better check of `SubrCount' dictionary entry (#46272). diff --git a/src/cff/cf2ft.c b/src/cff/cf2ft.c index d2544a234..55f3206ac 100644 --- a/src/cff/cf2ft.c +++ b/src/cff/cf2ft.c @@ -544,14 +544,17 @@ /* return 0 on success */ FT_LOCAL_DEF( CF2_Int ) cf2_initGlobalRegionBuffer( CFF_Decoder* decoder, - CF2_UInt idx, + CF2_Int subrNum, CF2_Buffer buf ) { + CF2_UInt idx; + + FT_ASSERT( decoder ); FT_ZERO( buf ); - idx += (CF2_UInt)decoder->globals_bias; + idx = (CF2_UInt)( subrNum + decoder->globals_bias ); if ( idx >= decoder->num_globals ) return TRUE; /* error */ @@ -628,14 +631,17 @@ FT_LOCAL_DEF( CF2_Int ) cf2_initLocalRegionBuffer( CFF_Decoder* decoder, - CF2_UInt idx, + CF2_Int subrNum, CF2_Buffer buf ) { + CF2_UInt idx; + + FT_ASSERT( decoder ); FT_ZERO( buf ); - idx += (CF2_UInt)decoder->locals_bias; + idx = (CF2_UInt)( subrNum + decoder->locals_bias ); if ( idx >= decoder->num_locals ) return TRUE; /* error */ diff --git a/src/cff/cf2ft.h b/src/cff/cf2ft.h index 3073df382..98105111b 100644 --- a/src/cff/cf2ft.h +++ b/src/cff/cf2ft.h @@ -99,7 +99,7 @@ FT_BEGIN_HEADER FT_LOCAL( CF2_Int ) cf2_initGlobalRegionBuffer( CFF_Decoder* decoder, - CF2_UInt idx, + CF2_Int subrNum, CF2_Buffer buf ); FT_LOCAL( FT_Error ) cf2_getSeacComponent( CFF_Decoder* decoder, @@ -110,7 +110,7 @@ FT_BEGIN_HEADER CF2_Buffer buf ); FT_LOCAL( CF2_Int ) cf2_initLocalRegionBuffer( CFF_Decoder* decoder, - CF2_UInt idx, + CF2_Int subrNum, CF2_Buffer buf ); FT_LOCAL( CF2_Fixed ) diff --git a/src/cff/cf2intrp.c b/src/cff/cf2intrp.c index b49b96f00..1910f1b87 100644 --- a/src/cff/cf2intrp.c +++ b/src/cff/cf2intrp.c @@ -746,7 +746,7 @@ case cf2_cmdCALLGSUBR: case cf2_cmdCALLSUBR: { - CF2_UInt subrIndex; + CF2_Int subrNum; FT_TRACE4(( op1 == cf2_cmdCALLGSUBR ? " callgsubr" @@ -766,17 +766,17 @@ (size_t)charstringIndex + 1 ); /* set up the new CFF region and pointer */ - subrIndex = (CF2_UInt)cf2_stack_popInt( opStack ); + subrNum = cf2_stack_popInt( opStack ); switch ( op1 ) { case cf2_cmdCALLGSUBR: FT_TRACE4(( " (idx %d, entering level %d)\n", - subrIndex + (CF2_UInt)decoder->globals_bias, + subrNum + decoder->globals_bias, charstringIndex + 1 )); if ( cf2_initGlobalRegionBuffer( decoder, - subrIndex, + subrNum, charstring ) ) { lastError = FT_THROW( Invalid_Glyph_Format ); @@ -787,11 +787,11 @@ default: /* cf2_cmdCALLSUBR */ FT_TRACE4(( " (idx %d, entering level %d)\n", - subrIndex + (CF2_UInt)decoder->locals_bias, + subrNum + decoder->locals_bias, charstringIndex + 1 )); if ( cf2_initLocalRegionBuffer( decoder, - subrIndex, + subrNum, charstring ) ) { lastError = FT_THROW( Invalid_Glyph_Format );