forked from minhngoc25a/freetype2
[sfnt] Additional guards on the POST table.
Fixes timeout (#1055) analyzed by Ben Wagner, reported as https://crbug.com/1194092 * src/sfnt/ttload.c (tt_face_load_post): Check POST format. * src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode charmap only if the glyph names exist. * src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and ".null".
This commit is contained in:
parent
de15165774
commit
1bc801b0d6
14
ChangeLog
14
ChangeLog
|
@ -1,3 +1,17 @@
|
||||||
|
2021-05-16 Alexei Podtelezhnikov <apodtele@gmail.com>
|
||||||
|
|
||||||
|
[sfnt] Additional guards on the POST table.
|
||||||
|
|
||||||
|
Fixes timeout (#1055) analyzed by Ben Wagner, reported as
|
||||||
|
|
||||||
|
https://crbug.com/1194092
|
||||||
|
|
||||||
|
* src/sfnt/ttload.c (tt_face_load_post): Check POST format.
|
||||||
|
* src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode
|
||||||
|
charmap only if the glyph names exist.
|
||||||
|
* src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and
|
||||||
|
".null".
|
||||||
|
|
||||||
2021-05-13 Daniel McArdle <dmcardle@chromium.org>
|
2021-05-13 Daniel McArdle <dmcardle@chromium.org>
|
||||||
|
|
||||||
[psaux] Use doubling allocation strategy for CF2_ArrStack.
|
[psaux] Use doubling allocation strategy for CF2_ArrStack.
|
||||||
|
|
|
@ -155,25 +155,24 @@
|
||||||
/* Look for a non-initial dot in the glyph name in order to */
|
/* Look for a non-initial dot in the glyph name in order to */
|
||||||
/* find variants like `A.swash', `e.final', etc. */
|
/* find variants like `A.swash', `e.final', etc. */
|
||||||
{
|
{
|
||||||
|
FT_UInt32 value = 0;
|
||||||
const char* p = glyph_name;
|
const char* p = glyph_name;
|
||||||
const char* dot = NULL;
|
|
||||||
|
|
||||||
|
|
||||||
for ( ; *p; p++ )
|
for ( ; *p && *p != '.'; p++ )
|
||||||
|
;
|
||||||
|
|
||||||
|
/* now look up the glyph in the Adobe Glyph List; */
|
||||||
|
/* `.notdef', `.null' and the empty name are short cut */
|
||||||
|
if ( p > glyph_name )
|
||||||
{
|
{
|
||||||
if ( *p == '.' && p > glyph_name )
|
value = (FT_UInt32)ft_get_adobe_glyph_index( glyph_name, p );
|
||||||
{
|
|
||||||
dot = p;
|
if ( *p == '.' )
|
||||||
break;
|
value |= (FT_UInt32)VARIANT_BIT;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* now look up the glyph in the Adobe Glyph List */
|
return value;
|
||||||
if ( !dot )
|
|
||||||
return (FT_UInt32)ft_get_adobe_glyph_index( glyph_name, p );
|
|
||||||
else
|
|
||||||
return (FT_UInt32)( ft_get_adobe_glyph_index( glyph_name, dot ) |
|
|
||||||
VARIANT_BIT );
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1150,7 +1150,8 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
/* synthesize Unicode charmap if one is missing */
|
/* synthesize Unicode charmap if one is missing */
|
||||||
if ( !has_unicode )
|
if ( !has_unicode &&
|
||||||
|
root->face_flags & FT_FACE_FLAG_GLYPH_NAMES )
|
||||||
{
|
{
|
||||||
FT_CharMapRec cmaprec;
|
FT_CharMapRec cmaprec;
|
||||||
|
|
||||||
|
|
|
@ -1312,6 +1312,12 @@
|
||||||
if ( FT_STREAM_READ_FIELDS( post_fields, post ) )
|
if ( FT_STREAM_READ_FIELDS( post_fields, post ) )
|
||||||
return error;
|
return error;
|
||||||
|
|
||||||
|
if ( post->FormatType != 0x00030000L &&
|
||||||
|
post->FormatType != 0x00025000L &&
|
||||||
|
post->FormatType != 0x00020000L &&
|
||||||
|
post->FormatType != 0x00010000L )
|
||||||
|
return FT_THROW( Invalid_Post_Table_Format );
|
||||||
|
|
||||||
/* we don't load the glyph names, we do that in another */
|
/* we don't load the glyph names, we do that in another */
|
||||||
/* module (ttpost). */
|
/* module (ttpost). */
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue