Chiebot-Mirror
/
freetype
mirror of https://github.com/freetype/freetype.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[cff] Avoid overflow/module arithmetic.

Browse Source 
This modifies the addition of subroutine number to subroutine bias
from unsigned to signed, but does not change any results.

* src/cff/cf2ft.c (cf2_initGlobalRegionBuffer,
cf2_initLocalRegionBuffer): Change variable names from (unsigned)
`idx' to (signed) `subrNum', since it is not an index until after
the bias is added.
* src/cff/cf2ft.h: Updated.

* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>:
Updated similarly.
2.6.5
Werner Lemberg 9 years ago
parent 59ae73fe16
commit f1c93439b9
4 changed files with 35 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      ChangeLog
  2. 14
      src/cff/cf2ft.c
  3. 4
      src/cff/cf2ft.h
  4. 12
      src/cff/cf2intrp.c

17
ChangeLog
Unescape View File

@ -1,3 +1,20 @@
2015-10-22 Dave Arnold <darnold@adobe.com>
Werner Lemberg <wl@gnu.org>
[cff] Avoid overflow/module arithmetic.
This modifies the addition of subroutine number to subroutine bias
from unsigned to signed, but does not change any results.
* src/cff/cf2ft.c (cf2_initGlobalRegionBuffer,
cf2_initLocalRegionBuffer): Change variable names from (unsigned)
`idx' to (signed) `subrNum', since it is not an index until after
the bias is added.
* src/cff/cf2ft.h: Updated.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>:
Updated similarly.
2015-10-22 Werner Lemberg <wl@gnu.org>
[cid] Better check of `SubrCount' dictionary entry (#46272).

14
src/cff/cf2ft.c
Unescape View File

@ -544,14 +544,17 @@
/* return 0 on success */
FT_LOCAL_DEF( CF2_Int )
cf2_initGlobalRegionBuffer( CFF_Decoder* decoder,
CF2_UInt idx,
CF2_Int subrNum,
CF2_Buffer buf )
{
CF2_UInt idx;
FT_ASSERT( decoder );
FT_ZERO( buf );
idx += (CF2_UInt)decoder->globals_bias;
idx = (CF2_UInt)( subrNum + decoder->globals_bias );
if ( idx >= decoder->num_globals )
return TRUE; /* error */
@ -628,14 +631,17 @@
FT_LOCAL_DEF( CF2_Int )
cf2_initLocalRegionBuffer( CFF_Decoder* decoder,
CF2_UInt idx,
CF2_Int subrNum,
CF2_Buffer buf )
{
CF2_UInt idx;
FT_ASSERT( decoder );
FT_ZERO( buf );
idx += (CF2_UInt)decoder->locals_bias;
idx = (CF2_UInt)( subrNum + decoder->locals_bias );
if ( idx >= decoder->num_locals )
return TRUE; /* error */

4
src/cff/cf2ft.h
Unescape View File

@ -99,7 +99,7 @@ FT_BEGIN_HEADER
FT_LOCAL( CF2_Int )
cf2_initGlobalRegionBuffer( CFF_Decoder* decoder,
CF2_UInt idx,
CF2_Int subrNum,
CF2_Buffer buf );
FT_LOCAL( FT_Error )
cf2_getSeacComponent( CFF_Decoder* decoder,
@ -110,7 +110,7 @@ FT_BEGIN_HEADER
CF2_Buffer buf );
FT_LOCAL( CF2_Int )
cf2_initLocalRegionBuffer( CFF_Decoder* decoder,
CF2_UInt idx,
CF2_Int subrNum,
CF2_Buffer buf );
FT_LOCAL( CF2_Fixed )

12
src/cff/cf2intrp.c
Unescape View File

@ -746,7 +746,7 @@
case cf2_cmdCALLGSUBR:
case cf2_cmdCALLSUBR:
{
CF2_UInt subrIndex;
CF2_Int subrNum;
FT_TRACE4(( op1 == cf2_cmdCALLGSUBR ? " callgsubr"
@ -766,17 +766,17 @@
(size_t)charstringIndex + 1 );
/* set up the new CFF region and pointer */
subrIndex = (CF2_UInt)cf2_stack_popInt( opStack );
subrNum = cf2_stack_popInt( opStack );
switch ( op1 )
{
case cf2_cmdCALLGSUBR:
FT_TRACE4(( " (idx %d, entering level %d)\n",
subrIndex + (CF2_UInt)decoder->globals_bias,
subrNum + decoder->globals_bias,
charstringIndex + 1 ));
if ( cf2_initGlobalRegionBuffer( decoder,
subrIndex,
subrNum,
charstring ) )
{
lastError = FT_THROW( Invalid_Glyph_Format );
@ -787,11 +787,11 @@
default:
/* cf2_cmdCALLSUBR */
FT_TRACE4(( " (idx %d, entering level %d)\n",
subrIndex + (CF2_UInt)decoder->locals_bias,
subrNum + decoder->locals_bias,
charstringIndex + 1 ));
if ( cf2_initLocalRegionBuffer( decoder,
subrIndex,
subrNum,
charstring ) )
{
lastError = FT_THROW( Invalid_Glyph_Format );

Write Preview
Loading…
Cancel
Save