diff --git a/ChangeLog b/ChangeLog index 0063881ae..57efb24cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,12 @@ -2016-04-24 Werner Lemberg +2016-06-26 Alexei Podtelezhnikov + + [pcf] Fix handling of very large fonts (#47708). + + * src/pcf/pcfread.c (pcf_get_encodings): Make `encodingOffset' an + unsigned short. + Only reject `0xFFFF' as an invalid encoding offset. + +2016-06-25 Werner Lemberg [truetype] Really fix deallocation in case of error (#47726). diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c index dec05db17..a86b45d6b 100644 --- a/src/pcf/pcfread.c +++ b/src/pcf/pcfread.c @@ -849,7 +849,7 @@ THE SOFTWARE. int firstCol, lastCol; int firstRow, lastRow; FT_ULong nencoding; - int encodingOffset; + FT_UShort encodingOffset; int i, j; FT_ULong k; PCF_Encoding encoding = NULL; @@ -921,15 +921,19 @@ THE SOFTWARE. { for ( j = firstCol; j <= lastCol; j++ ) { + /* X11's reference implementation uses the equivalent to */ + /* `FT_GET_SHORT', however PCF fonts with more than 32768 */ + /* characters (e.g. `unifont.pcf') clearly show that an */ + /* unsigned value is needed. */ if ( PCF_BYTE_ORDER( format ) == MSBFirst ) - encodingOffset = FT_GET_SHORT(); + encodingOffset = FT_GET_USHORT(); else - encodingOffset = FT_GET_SHORT_LE(); + encodingOffset = FT_GET_USHORT_LE(); - if ( encodingOffset > -1 ) + if ( encodingOffset != 0xFFFFU ) { encoding[k].enc = i * 256 + j; - encoding[k].glyph = (FT_UShort)encodingOffset; + encoding[k].glyph = encodingOffset; FT_TRACE5(( " code %d (0x%04X): idx %d\n", encoding[k].enc, encoding[k].enc, encoding[k].glyph ));