diff options
| author | marha <marha@users.sourceforge.net> | 2011-07-18 10:51:09 +0200 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2011-07-18 10:51:09 +0200 |
| commit | 3c0d2312573b81e3067bea610a58b1940c075e05 (patch) | |
| tree | 3f025a27d813374f225957801226aa8ee829a33a /freetype/src/gxvalid/gxvmorx2.c | |
| parent | ba033884541714680fd7552ab9d6c8817650f7d8 (diff) | |
| parent | 88101146f2ec7d53ffb793e365f05097ffd35fd3 (diff) | |
| download | vcxsrv-3c0d2312573b81e3067bea610a58b1940c075e05.tar.gz vcxsrv-3c0d2312573b81e3067bea610a58b1940c075e05.tar.bz2 vcxsrv-3c0d2312573b81e3067bea610a58b1940c075e05.zip | |
Merge remote-tracking branch 'origin/released'
Conflicts:
X11/Xfuncproto.h.in
X11/configure.ac
X11/keysymdef.h
freetype/include/freetype/internal/pcftypes.h
freetype/src/cache/ftcbasic.c
freetype/src/cache/ftccmap.c
mesalib/src/glsl/ir.h
mesalib/src/glsl/link_functions.cpp
mesalib/src/mesa/main/dlist.c
mesalib/src/mesa/program/prog_optimize.c
mesalib/src/mesa/state_tracker/st_program.c
pthreads/Makefile
Diffstat (limited to 'freetype/src/gxvalid/gxvmorx2.c')
| -rw-r--r-- | freetype/src/gxvalid/gxvmorx2.c | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/freetype/src/gxvalid/gxvmorx2.c b/freetype/src/gxvalid/gxvmorx2.c index b4bb3353f..bc18c6b8a 100644 --- a/freetype/src/gxvalid/gxvmorx2.c +++ b/freetype/src/gxvalid/gxvmorx2.c @@ -168,16 +168,50 @@ { /* validate entry in ligActionTable */ FT_ULong lig_action; +#ifdef GXV_LOAD_UNUSED_VARS FT_UShort last; FT_UShort store; +#endif FT_ULong offset; lig_action = FT_NEXT_ULONG( p ); +#ifdef GXV_LOAD_UNUSED_VARS last = (FT_UShort)( ( lig_action >> 31 ) & 1 ); store = (FT_UShort)( ( lig_action >> 30 ) & 1 ); +#endif offset = lig_action & 0x3FFFFFFFUL; + + /* this offset is 30-bit signed value to add to GID */ + /* it is different from the location offset in mort */ + if ( ( offset & 0x3FFF0000UL ) == 0x3FFF0000UL ) + { + if ( offset + valid->face->num_glyphs > 0x40000000UL ) + return; + + GXV_TRACE(( "ligature action table includes" + " too negative offset moving all GID" + " below defined range: 0x%04x\n", + offset & 0xFFFFU )); + GXV_SET_ERR_IF_PARANOID( FT_INVALID_OFFSET ); + } + else if ( ( offset & 0x3FFF0000UL ) == 0x0000000UL ) + { + if ( offset + valid->face->num_glyphs < 0 ) + return; + + GXV_TRACE(( "ligature action table includes" + " too large offset moving all GID" + " over defined range: 0x%04x\n", + offset & 0xFFFFU )); + GXV_SET_ERR_IF_PARANOID( FT_INVALID_OFFSET ); + } + + GXV_TRACE(( "ligature action table includes" + " invalid offset to add to 16-bit GID:" + " 0x%08x\n", offset )); + GXV_SET_ERR_IF_PARANOID( FT_INVALID_OFFSET ); } } @@ -191,9 +225,11 @@ FT_Bytes limit, GXV_Validator valid ) { +#ifdef GXV_LOAD_UNUSED_VARS FT_UShort setComponent; FT_UShort dontAdvance; FT_UShort performAction; +#endif FT_UShort reserved; FT_UShort ligActionIndex; @@ -201,9 +237,11 @@ FT_UNUSED( limit ); +#ifdef GXV_LOAD_UNUSED_VARS setComponent = (FT_UShort)( ( flags >> 15 ) & 1 ); dontAdvance = (FT_UShort)( ( flags >> 14 ) & 1 ); performAction = (FT_UShort)( ( flags >> 13 ) & 1 ); +#endif reserved = (FT_UShort)( flags & 0x1FFF ); ligActionIndex = glyphOffset_p->u; @@ -241,6 +279,8 @@ GXV_LIMIT_CHECK( 2 ); lig_gid = FT_NEXT_USHORT( p ); + if ( lig_gid < valid->face->num_glyphs ) + GXV_SET_ERR_IF_PARANOID( FT_INVALID_GLYPH_ID ); } } |