[cff] Fix handling of reserved byte 0xFF.

* src/cff/cffgload.c (cff_decoder_parse_charstrings): Abort if byte
0xFF is encountered.
This commit is contained in:
Werner Lemberg 2009-06-19 23:50:37 +02:00
parent 86fa2ebc1f
commit f1631f2db0
2 changed files with 10 additions and 11 deletions

View File

@ -1,3 +1,10 @@
2009-06-19 Werner Lemberg <wl@gnu.org>
[cff] Fix handling of reserved byte 0xFF.
* src/cff/cffgload.c (cff_decoder_parse_charstrings): Abort if byte
0xFF is encountered.
2009-06-19 Werner Lemberg <wl@gnu.org>
Improve debug messages for Type1 charstrings.

View File

@ -938,17 +938,9 @@
goto Syntax_Error;
val = -( (FT_Long)v - 251 ) * 256 - *ip++ - 108;
}
else
{
if ( ip + 3 >= limit )
goto Syntax_Error;
val = ( (FT_Int32)ip[0] << 24 ) |
( (FT_Int32)ip[1] << 16 ) |
( (FT_Int32)ip[2] << 8 ) |
ip[3];
ip += 4;
shift = 0;
}
else /* 255 */
goto Syntax_Error;
if ( decoder->top - stack >= CFF_MAX_OPERANDS )
goto Stack_Overflow;