From 35bb214ae620400cd09a2cfaf3bacd66e179a1f6 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Sat, 3 Mar 2012 12:29:53 +0100 Subject: [PATCH] [cff] One more check against malformed font matrix. * src/cff/cffparse.c (cff_parse_font_matrix): Guard against `xx' and `yy' matrix coefficients being zero. --- ChangeLog | 7 +++++++ src/cff/cffparse.c | 31 +++++++++++++++++++------------ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f5840ca3f..3f727d3b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2012-03-03 Werner Lemberg + + [cff] One more check against malformed font matrix. + + * src/cff/cffparse.c (cff_parse_font_matrix): Guard against `xx' and + `yy' matrix coefficients being zero. + 2012-03-03 Werner Lemberg Fix Savannah bug #35660. diff --git a/src/cff/cffparse.c b/src/cff/cffparse.c index 61fa87c80..0873379c9 100644 --- a/src/cff/cffparse.c +++ b/src/cff/cffparse.c @@ -474,22 +474,11 @@ if ( scaling < 0 || scaling > 9 ) { - /* Return default matrix in case of unlikely values. */ - FT_TRACE1(( "cff_parse_font_matrix:" " strange scaling value for xx element (%d),\n" " " " using default matrix\n", scaling )); - - matrix->xx = 0x10000L; - matrix->yx = 0; - matrix->xy = 0; - matrix->yy = 0x10000L; - offset->x = 0; - offset->y = 0; - *upm = 1; - - goto Exit; + goto Default_matrix; } matrix->yx = cff_parse_fixed_scaled( data++, scaling ); @@ -498,6 +487,13 @@ offset->x = cff_parse_fixed_scaled( data++, scaling ); offset->y = cff_parse_fixed_scaled( data, scaling ); + if ( matrix->xx == 0 || matrix->yy == 0 ) + { + FT_TRACE1(( "cff_parse_font_matrix:" + " xx or yy element is zero, using default matrix\n" )); + goto Default_matrix; + } + *upm = power_tens[scaling]; FT_TRACE4(( " [%f %f %f %f %f %f]\n", @@ -509,6 +505,17 @@ (double)offset->y / *upm / 65536 )); } + goto Exit; + + Default_matrix: + matrix->xx = 0x10000L; + matrix->yx = 0; + matrix->xy = 0; + matrix->yy = 0x10000L; + offset->x = 0; + offset->y = 0; + *upm = 1; + Exit: return error; }