rgraves
/
freetype2
forked from minhngoc25a/freetype2
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[psaux] Fix some value overflows and improve tracing. 

* src/psaux/psconv.c: Include FT_INTERNAL_DEBUG_H.
(FT_COMPONENT): Define.
(PS_Conv_Strtol): Return FT_Long.
Handle bad data and overflow.
Emit some tracing messages in case of error.
(PS_Conv_ToInt): Return FT_Long.
(PS_Conv_ToFixed): Updated.
* src/psaux/psconv.h: Updated.

* include/freetype/internal/fttrace.h: Add `psconv'.
This commit is contained in:
Werner Lemberg 2012-10-20 11:27:25 +02:00
parent dda1e93db8
commit eaf0afb4c7
4 changed files with 67 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ChangeLog
View File

@ -1,3 +1,18 @@
2012-10-20 Werner Lemberg <wl@gnu.org>
[psaux] Fix some value overflows and improve tracing.
* src/psaux/psconv.c: Include FT_INTERNAL_DEBUG_H.
(FT_COMPONENT): Define.
(PS_Conv_Strtol): Return FT_Long.
Handle bad data and overflow.
Emit some tracing messages in case of error.
(PS_Conv_ToInt): Return FT_Long.
(PS_Conv_ToFixed): Updated.
* src/psaux/psconv.h: Updated.
* include/freetype/internal/fttrace.h: Add `psconv'.
2012-10-20 Werner Lemberg <wl@gnu.org> 2012-10-20 Werner Lemberg <wl@gnu.org>
[autofit] Fix `make multi CC=c++'. [autofit] Fix `make multi CC=c++'.

1
include/freetype/internal/fttrace.h
View File

@ -73,6 +73,7 @@ FT_TRACE_DEF( t1parse )
/* PostScript helper module `psaux' */ /* PostScript helper module `psaux' */
FT_TRACE_DEF( t1decode ) FT_TRACE_DEF( t1decode )
FT_TRACE_DEF( psobjs ) FT_TRACE_DEF( psobjs )
FT_TRACE_DEF( psconv )
/* PostScript hinting module `pshinter' */ /* PostScript hinting module `pshinter' */
FT_TRACE_DEF( pshrec ) FT_TRACE_DEF( pshrec )

56
src/psaux/psconv.c
View File

@ -18,11 +18,22 @@
#include <ft2build.h> #include <ft2build.h>
#include FT_INTERNAL_POSTSCRIPT_AUX_H #include FT_INTERNAL_POSTSCRIPT_AUX_H
#include FT_INTERNAL_DEBUG_H
#include "psconv.h" #include "psconv.h"
#include "psauxerr.h" #include "psauxerr.h"
/*************************************************************************/
/* */
/* The macro FT_COMPONENT is used in trace mode. It is an implicit */
/* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log */
/* messages during execution. */
/* */
#undef FT_COMPONENT
#define FT_COMPONENT trace_psconv
/* The following array is used by various functions to quickly convert */ /* The following array is used by various functions to quickly convert */
/* digits (both decimal and non-decimal) into numbers. */ /* digits (both decimal and non-decimal) into numbers. */
@ -69,18 +80,27 @@
#endif /* 'A' == 193 */ #endif /* 'A' == 193 */
FT_LOCAL_DEF( FT_Int ) FT_LOCAL_DEF( FT_Long )
PS_Conv_Strtol( FT_Byte** cursor, PS_Conv_Strtol( FT_Byte** cursor,
FT_Byte* limit, FT_Byte* limit,
FT_Int base ) FT_Long base )
{ {
FT_Byte* p = *cursor; FT_Byte* p = *cursor;
FT_Int num = 0; FT_Long num = 0;
FT_Bool sign = 0; FT_Bool sign = 0;
FT_Long num_limit;
FT_Char c_limit;
if ( p >= limit || base < 2 || base > 36 )
if ( p >= limit )
goto Bad;
if ( base < 2 || base > 36 )
{
FT_TRACE4(( "!!!INVALID BASE:!!!" ));
return 0; return 0;
}
if ( *p == '-' || *p == '+' ) if ( *p == '-' || *p == '+' )
{ {
@ -88,9 +108,12 @@
p++; p++;
if ( p == limit ) if ( p == limit )
return 0; goto Bad;
} }
num_limit = 0x7FFFFFFFL / base;
c_limit = (FT_Char)( 0x7FFFFFFFL % base );
for ( ; p < limit; p++ ) for ( ; p < limit; p++ )
{ {
FT_Char c; FT_Char c;
@ -104,25 +127,38 @@
if ( c < 0 || c >= base ) if ( c < 0 || c >= base )
break; break;
if ( num > num_limit || ( num == num_limit && c > c_limit ) )
goto Overflow;
num = num * base + c; num = num * base + c;
} }
*cursor = p;
Exit:
if ( sign ) if ( sign )
num = -num; num = -num;
*cursor = p;
return num; return num;
Overflow:
num = 0x7FFFFFFFL;
FT_TRACE4(( "!!!OVERFLOW:!!!" ));
goto Exit;
Bad:
num = 0;
FT_TRACE4(( "!!!END OF DATA:!!!" ));
goto Exit;
} }
FT_LOCAL_DEF( FT_Int ) FT_LOCAL_DEF( FT_Long )
PS_Conv_ToInt( FT_Byte** cursor, PS_Conv_ToInt( FT_Byte** cursor,
FT_Byte* limit ) FT_Byte* limit )
{ {
FT_Byte* p; FT_Byte* p;
FT_Int num; FT_Long num;
num = PS_Conv_Strtol( cursor, limit, 10 ); num = PS_Conv_Strtol( cursor, limit, 10 );
@ -142,7 +178,7 @@
FT_LOCAL_DEF( FT_Fixed ) FT_LOCAL_DEF( FT_Fixed )
PS_Conv_ToFixed( FT_Byte** cursor, PS_Conv_ToFixed( FT_Byte** cursor,
FT_Byte* limit, FT_Byte* limit,
FT_Int power_ten ) FT_Long power_ten )
{ {
FT_Byte* p = *cursor; FT_Byte* p = *cursor;
FT_Fixed integral; FT_Fixed integral;

10
src/psaux/psconv.h
View File

@ -4,7 +4,7 @@
/* */ /* */
/* Some convenience conversions (specification). */ /* Some convenience conversions (specification). */
/* */ /* */
/* Copyright 2006 by */ /* Copyright 2006, 2012 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */ /* */
/* This file is part of the FreeType project, and may only be used, */ /* This file is part of the FreeType project, and may only be used, */
@ -26,20 +26,20 @@
FT_BEGIN_HEADER FT_BEGIN_HEADER
FT_LOCAL( FT_Int ) FT_LOCAL( FT_Long )
PS_Conv_Strtol( FT_Byte** cursor, PS_Conv_Strtol( FT_Byte** cursor,
FT_Byte* limit, FT_Byte* limit,
FT_Int base ); FT_Long base );
FT_LOCAL( FT_Int ) FT_LOCAL( FT_Long )
PS_Conv_ToInt( FT_Byte** cursor, PS_Conv_ToInt( FT_Byte** cursor,
FT_Byte* limit ); FT_Byte* limit );
FT_LOCAL( FT_Fixed ) FT_LOCAL( FT_Fixed )
PS_Conv_ToFixed( FT_Byte** cursor, PS_Conv_ToFixed( FT_Byte** cursor,
FT_Byte* limit, FT_Byte* limit,
FT_Int power_ten ); FT_Long power_ten );
#if 0 #if 0
FT_LOCAL( FT_UInt ) FT_LOCAL( FT_UInt )