From 4f41d63b02c58bf3512878f71f4f0a07ca2359fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Suzuki=2C=20Toshiya=20=28=E9=88=B4=E6=9C=A8=E4=BF=8A?= =?UTF-8?q?=E5=93=89=29?= Date: Thu, 9 Feb 2006 01:43:00 +0000 Subject: [PATCH] fix src/cid/cidparse.c for too-short CIDFont --- ChangeLog | 5 +++++ src/cid/cidparse.c | 52 ++++++++++++++++++++++++++-------------------- 2 files changed, 34 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index a74a530e9..785b3e747 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2006-02-09 suzuki toshiya + + * src/cid/cidparse.c: Fix for abnormally short or broken CIDFont. + The issue was found by Taek Kwan(TK) Lee (See ft-devel 2005-11-02). + 2006-02-08 suzuki toshiya * builds/unix/configure.ac: Fix bug for "--with-old-mac-fonts" diff --git a/src/cid/cidparse.c b/src/cid/cidparse.c index a964d8157..7fd6c3ccd 100644 --- a/src/cid/cidparse.c +++ b/src/cid/cidparse.c @@ -56,8 +56,6 @@ { FT_Error error; FT_ULong base_offset, offset, ps_len; - FT_Byte buffer[256 + 10]; - FT_Int buff_len; FT_Byte *cur, *limit; FT_Byte *arg1, *arg2; @@ -86,36 +84,44 @@ Again: /* now, read the rest of the file until we find a `StartData' */ - buff_len = 256; - for (;;) { - FT_Byte* p; - FT_ULong top_position; + FT_Byte buffer[256 + 10]; + FT_Int read_len = 256 + 10; + FT_Byte* p = buffer; - /* fill input buffer */ - limit = buffer + 256; - buff_len -= 256; - if ( buff_len > 0 ) - FT_MEM_MOVE( buffer, limit, buff_len ); + for ( offset = (FT_ULong)FT_STREAM_POS(); ; offset += 256 ) + { + FT_Int stream_len; + FT_Byte* limit; - p = buffer + buff_len; - if ( FT_STREAM_READ( p, 256 + 10 - buff_len ) ) - goto Exit; + stream_len = stream->size - FT_STREAM_POS(); + if ( stream_len == 0 ) + goto Exit; - top_position = FT_STREAM_POS() - buff_len; - buff_len = 256 + 10; + read_len = FT_MIN( read_len, stream_len ); + if ( FT_STREAM_READ( p, read_len ) ) + goto Exit; - /* look for `StartData' */ - for ( p = buffer; p < limit; p++ ) - { - if ( p[0] == 'S' && ft_strncmp( (char*)p, "StartData", 9 ) == 0 ) + if ( read_len < 256 ) + p[read_len] = '\0'; + + limit = p + read_len - 10; + + for ( p = buffer; p < limit; p++ ) { - /* save offset of binary data after `StartData' */ - offset = (FT_ULong)( top_position - ( limit - p ) + 10 ); - goto Found; + if ( p[0] == 'S' && ft_strncmp( (char*)p, "StartData", 9 ) == 0 ) + { + /* save offset of binary data after `StartData' */ + offset += p - buffer + 10; + goto Found; + } } + + FT_MEM_MOVE( buffer, p, 10 ); + read_len = 256; + p = buffer + 10; } }