Chiebot-Mirror
/
freetype
mirror of https://github.com/freetype/freetype.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[sfnt] Delay setting gasp ranges and count until computed.

Browse Source 
Previously, the gasp.numRanges was set and gasp.gaspRanges was
allocated and assigned before a possible early exit if the frame could
not be entered. It is also possible that the gaspRanges allocation
could fail but the numRanges still be set to non-zero. In such cases
an error would be returned, but the face would have a gasp in an
inconsistent state which may still be accessed.

Reported as
  https://bugs.chromium.org/p/chromium/issues/detail?id=1261450

* src/sfnt/ttload.c (tt_face_load_gasp): Delay setting gasp.numRanges
and gasp.gaspRanges until after the ranges are initialized.
hdmx-advances
Ben Wagner 3 years ago committed by Alexei Podtelezhnikov
parent 6d12e3a0ca
commit fde91ab8f1
1 changed files with 14 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 26
      src/sfnt/ttload.c

26
src/sfnt/ttload.c
Unescape View File

@ -1434,7 +1434,7 @@
FT_Memory memory = stream->memory;
FT_UInt j,num_ranges;
TT_GaspRange gaspranges = NULL;
TT_GaspRange gasp_ranges = NULL;
/* the gasp table is optional */
@ -1445,8 +1445,8 @@
if ( FT_FRAME_ENTER( 4L ) )
goto Exit;
face->gasp.version = FT_GET_USHORT();
face->gasp.numRanges = FT_GET_USHORT();
face->gasp.version = FT_GET_USHORT();
num_ranges = FT_GET_USHORT();
FT_FRAME_EXIT();
@ -1458,29 +1458,31 @@
goto Exit;
}
num_ranges = face->gasp.numRanges;
FT_TRACE3(( "numRanges: %u\n", num_ranges ));
if ( FT_QNEW_ARRAY( face->gasp.gaspRanges, num_ranges ) ||
FT_FRAME_ENTER( num_ranges * 4L ) )
if ( FT_QNEW_ARRAY( gasp_ranges, num_ranges ) ||
FT_FRAME_ENTER( num_ranges * 4L ) )
goto Exit;
gaspranges = face->gasp.gaspRanges;
for ( j = 0; j < num_ranges; j++ )
{
gaspranges[j].maxPPEM = FT_GET_USHORT();
gaspranges[j].gaspFlag = FT_GET_USHORT();
gasp_ranges[j].maxPPEM = FT_GET_USHORT();
gasp_ranges[j].gaspFlag = FT_GET_USHORT();
FT_TRACE3(( "gaspRange %d: rangeMaxPPEM %5d, rangeGaspBehavior 0x%x\n",
j,
gaspranges[j].maxPPEM,
gaspranges[j].gaspFlag ));
gasp_ranges[j].maxPPEM,
gasp_ranges[j].gaspFlag ));
}
face->gasp.gaspRanges = gasp_ranges;
gasp_ranges = NULL;
face->gasp.numRanges = num_ranges;
FT_FRAME_EXIT();
Exit:
FT_FREE( gasp_ranges );
return error;
}

Write Preview
Loading…
Cancel
Save