From 2beca49584c78391625a6bb5a13453d16ba640ec Mon Sep 17 00:00:00 2001
From: suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
Date: Mon, 11 Sep 2017 22:11:05 +0900
Subject: [PATCH] bdf_parse_t->have[], bdf_font_t->{nmod,umod} are allocated in
 runtime. Watcom C compiler refuses too huge structure type > 64k.

---
 src/bdf/bdf.h      |  5 +++--
 src/bdf/bdfdrivr.c | 12 ++++++++++--
 src/bdf/bdflib.c   | 38 ++++++++++++++++++++++++++++++++++----
 3 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/src/bdf/bdf.h b/src/bdf/bdf.h
index 9012727c7..066c22f02 100644
--- a/src/bdf/bdf.h
+++ b/src/bdf/bdf.h
@@ -211,8 +211,9 @@ FT_BEGIN_HEADER
 
     /* The size of the next two arrays must be in sync with the */
     /* size of the `have' array in the `bdf_parse_t' structure. */
-    unsigned long    nmod[34816];    /* Bitmap indicating modified glyphs.  */
-    unsigned long    umod[34816];    /* Bitmap indicating modified          */
+#define BDF_SIZE_OF_ARRAY_MODIFIED_GLYPH 34816
+    unsigned long*   nmod;           /* Bitmap indicating modified glyphs.  */
+    unsigned long*   umod;           /* Bitmap indicating modified          */
                                      /* unencoded glyphs.                   */
     unsigned short   modified;       /* Boolean indicating font modified.   */
     unsigned short   bpp;            /* Bits per pixel.                     */
diff --git a/src/bdf/bdfdrivr.c b/src/bdf/bdfdrivr.c
index fb7781000..41d9341b8 100644
--- a/src/bdf/bdfdrivr.c
+++ b/src/bdf/bdfdrivr.c
@@ -170,6 +170,7 @@ THE SOFTWARE.
     }
 
   Exit:
+#ifdef FT_LONG64
     if ( charcode > 0xFFFFFFFFUL )
     {
       FT_TRACE1(( "bdf_cmap_char_next: charcode 0x%x > 32bit API" ));
@@ -177,6 +178,7 @@ THE SOFTWARE.
       /* XXX: result should be changed to indicate an overflow error */
     }
     else
+#endif
       *acharcode = (FT_UInt32)charcode;
     return result;
   }
@@ -888,21 +890,27 @@ THE SOFTWARE.
         break;
 
       case BDF_INTEGER:
+#ifdef FT_LONG64
         if ( prop->value.l > 0x7FFFFFFFL || prop->value.l < ( -1 - 0x7FFFFFFFL ) )
         {
           FT_TRACE1(( "bdf_get_bdf_property:"
-                      " too large integer 0x%x is truncated\n" ));
+                      " too large integer 0x%x is truncated\n",
+                      prop->value.l ));
         }
+#endif
         aproperty->type      = BDF_PROPERTY_TYPE_INTEGER;
         aproperty->u.integer = (FT_Int32)prop->value.l;
         break;
 
       case BDF_CARDINAL:
+#ifdef FT_LONG64
         if ( prop->value.ul > 0xFFFFFFFFUL )
         {
           FT_TRACE1(( "bdf_get_bdf_property:"
-                      " too large cardinal 0x%x is truncated\n" ));
+                      " too large cardinal 0x%x is truncated\n",
+                      prop->value.l ));
         }
+#endif
         aproperty->type       = BDF_PROPERTY_TYPE_CARDINAL;
         aproperty->u.cardinal = (FT_UInt32)prop->value.ul;
         break;
diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
index bf10887fd..b1585009a 100644
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -270,7 +270,7 @@
     bdf_font_t*     font;
     bdf_options_t*  opts;
 
-    unsigned long   have[34816]; /* must be in sync with `nmod' and `umod' */
+    unsigned long*  have;        /* must be in sync with `nmod' and `umod' */
                                  /* arrays from `bdf_font_t' structure     */
     _bdf_list_t     list;
 
@@ -856,8 +856,10 @@
     FT_ZERO( p );
 
     n = ft_strlen( name ) + 1;
+#ifdef FT_LONG64
     if ( n > FT_ULONG_MAX )
       return FT_THROW( Invalid_Argument );
+#endif
 
     if ( FT_NEW_ARRAY( p->name, n ) )
       goto Exit;
@@ -1465,9 +1467,11 @@
 
       /* Check that the encoding is in the Unicode range because  */
       /* otherwise p->have (a bitmap with static size) overflows. */
-      if ( p->glyph_enc > 0                                      &&
-           (size_t)p->glyph_enc >= sizeof ( p->have ) /
-                                   sizeof ( unsigned long ) * 32 )
+      if ( p->glyph_enc > 0 
+#if SIZE_MAX > (BDF_SIZE_OF_ARRAY_MODIFIED_GLYPH * 32)
+          && (size_t)p->glyph_enc >= BDF_SIZE_OF_ARRAY_MODIFIED_GLYPH * 32
+#endif
+         )
       {
         FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG5, lineno, "ENCODING" ));
         error = FT_THROW( Invalid_File_Format );
@@ -1960,6 +1964,10 @@
 
       if ( FT_NEW( font ) )
         goto Exit;
+      if ( FT_NEW_ARRAY( font->nmod, BDF_SIZE_OF_ARRAY_MODIFIED_GLYPH ) )
+        goto Exit;
+      if ( FT_NEW_ARRAY( font->umod, BDF_SIZE_OF_ARRAY_MODIFIED_GLYPH ) )
+        goto Exit;
       p->font = font;
 
       font->memory = p->memory;
@@ -2192,6 +2200,19 @@
     error = FT_THROW( Invalid_File_Format );
 
   Exit:
+    if ( font && error ) {
+      memory = font->memory;
+      if ( font->nmod )
+        FT_FREE( font->nmod );
+      if ( font->umod )
+        FT_FREE( font->umod );
+      if ( font->name )
+        FT_FREE( font->name );
+      if ( font->props )
+        FT_FREE( font->props );
+
+      FT_FREE( font );
+    }
     return error;
   }
 
@@ -2218,6 +2239,8 @@
 
     if ( FT_NEW( p ) )
       goto Exit;
+    if ( FT_NEW_ARRAY( p->have, BDF_SIZE_OF_ARRAY_MODIFIED_GLYPH ) )
+      goto Exit;
 
     memory    = NULL;
     p->opts   = (bdf_options_t*)( ( opts != 0 ) ? opts : &_bdf_opts );
@@ -2345,6 +2368,7 @@
 
       memory = extmemory;
 
+      FT_FREE( p->have );
       FT_FREE( p->glyph_name );
       FT_FREE( p );
     }
@@ -2439,6 +2463,12 @@
 
     FT_FREE( font->user_props );
 
+    if ( font->nmod )
+      FT_FREE( font->nmod );
+    if ( font->umod )
+      FT_FREE( font->umod );
+
+
     /* FREE( font ); */ /* XXX Fixme */
   }