aboutsummaryrefslogtreecommitdiff
path: root/freetype/src/sfnt
diff options
context:
space:
mode:
authorMike DePaulo <mikedep333@gmail.com>2015-02-28 07:31:25 -0500
committerMike DePaulo <mikedep333@gmail.com>2015-02-28 18:11:34 -0500
commit360fe27b55c93c9c6c86895dbbf5db3efc66cc43 (patch)
tree01d8b3510d6a36ceba211168268d09658a8aa68b /freetype/src/sfnt
parenta769ab7159f0718e189f1aaa8b6a5a046c66c52c (diff)
downloadvcxsrv-360fe27b55c93c9c6c86895dbbf5db3efc66cc43.tar.gz
vcxsrv-360fe27b55c93c9c6c86895dbbf5db3efc66cc43.tar.bz2
vcxsrv-360fe27b55c93c9c6c86895dbbf5db3efc66cc43.zip
Updated to freetype 2.5.5
Conflicts: freetype/src/base/ftbdf.c freetype/src/base/fttype1.c freetype/src/pfr/pfrobjs.c
Diffstat (limited to 'freetype/src/sfnt')
-rw-r--r--freetype/src/sfnt/pngshim.c22
-rw-r--r--freetype/src/sfnt/sfdriver.c24
-rw-r--r--freetype/src/sfnt/sfntpic.h22
-rw-r--r--freetype/src/sfnt/sfobjs.c54
-rw-r--r--freetype/src/sfnt/ttcmap.c56
-rw-r--r--freetype/src/sfnt/ttkern.c2
-rw-r--r--freetype/src/sfnt/ttload.c12
-rw-r--r--freetype/src/sfnt/ttmtx.c6
-rw-r--r--freetype/src/sfnt/ttmtx.h4
-rw-r--r--freetype/src/sfnt/ttpost.c12
-rw-r--r--freetype/src/sfnt/ttsbit.c60
11 files changed, 163 insertions, 111 deletions
diff --git a/freetype/src/sfnt/pngshim.c b/freetype/src/sfnt/pngshim.c
index 878de1fef..9bfcc2a77 100644
--- a/freetype/src/sfnt/pngshim.c
+++ b/freetype/src/sfnt/pngshim.c
@@ -4,7 +4,7 @@
/* */
/* PNG Bitmap glyph support. */
/* */
-/* Copyright 2013 by Google, Inc. */
+/* Copyright 2013, 2014 by Google, Inc. */
/* Written by Stuart Gill and Behdad Esfahbod. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -129,7 +129,7 @@
*error = FT_THROW( Out_Of_Memory );
#ifdef PNG_SETJMP_SUPPORTED
- longjmp( png_jmpbuf( png ), 1 );
+ ft_longjmp( png_jmpbuf( png ), 1 );
#endif
/* if we get here, then we have no choice but to abort ... */
}
@@ -205,11 +205,11 @@
goto Exit;
}
- if ( !populate_map_and_metrics &&
- ( x_offset + metrics->width > map->width ||
- y_offset + metrics->height > map->rows ||
- pix_bits != 32 ||
- map->pixel_mode != FT_PIXEL_MODE_BGRA ) )
+ if ( !populate_map_and_metrics &&
+ ( (FT_UInt)x_offset + metrics->width > map->width ||
+ (FT_UInt)y_offset + metrics->height > map->rows ||
+ pix_bits != 32 ||
+ map->pixel_mode != FT_PIXEL_MODE_BGRA ) )
{
error = FT_THROW( Invalid_Argument );
goto Exit;
@@ -269,6 +269,14 @@
map->pitch = map->width * 4;
map->num_grays = 256;
+ /* reject too large bitmaps similarly to the rasterizer */
+ if ( map->rows > 0x7FFF || map->width > 0x7FFF )
+ {
+ error = FT_THROW( Array_Too_Large );
+ goto DestroyExit;
+ }
+
+ /* this doesn't overflow: 0x7FFF * 0x7FFF * 4 < 2^32 */
size = map->rows * map->pitch;
error = ft_glyphslot_alloc_bitmap( slot, size );
diff --git a/freetype/src/sfnt/sfdriver.c b/freetype/src/sfnt/sfdriver.c
index 2b7ffd556..5475712e7 100644
--- a/freetype/src/sfnt/sfdriver.c
+++ b/freetype/src/sfnt/sfdriver.c
@@ -75,36 +75,36 @@
switch ( tag )
{
- case ft_sfnt_head:
+ case FT_SFNT_HEAD:
table = &face->header;
break;
- case ft_sfnt_hhea:
+ case FT_SFNT_HHEA:
table = &face->horizontal;
break;
- case ft_sfnt_vhea:
- table = face->vertical_info ? &face->vertical : 0;
+ case FT_SFNT_VHEA:
+ table = face->vertical_info ? &face->vertical : NULL;
break;
- case ft_sfnt_os2:
- table = face->os2.version == 0xFFFFU ? 0 : &face->os2;
+ case FT_SFNT_OS2:
+ table = face->os2.version == 0xFFFFU ? NULL : &face->os2;
break;
- case ft_sfnt_post:
+ case FT_SFNT_POST:
table = &face->postscript;
break;
- case ft_sfnt_maxp:
+ case FT_SFNT_MAXP:
table = &face->max_profile;
break;
- case ft_sfnt_pclt:
- table = face->pclt.Version ? &face->pclt : 0;
+ case FT_SFNT_PCLT:
+ table = face->pclt.Version ? &face->pclt : NULL;
break;
default:
- table = 0;
+ table = NULL;
}
return table;
@@ -427,7 +427,7 @@
sfnt_get_interface( FT_Module module,
const char* module_interface )
{
- /* SFNT_SERVICES_GET derefers `library' in PIC mode */
+ /* SFNT_SERVICES_GET dereferences `library' in PIC mode */
#ifdef FT_CONFIG_OPTION_PIC
FT_Library library;
diff --git a/freetype/src/sfnt/sfntpic.h b/freetype/src/sfnt/sfntpic.h
index 948148899..bf50624c6 100644
--- a/freetype/src/sfnt/sfntpic.h
+++ b/freetype/src/sfnt/sfntpic.h
@@ -72,26 +72,26 @@ FT_BEGIN_HEADER
} sfntModulePIC;
-#define GET_PIC( lib ) \
- ( (sfntModulePIC*)((lib)->pic_container.sfnt) )
+#define GET_PIC( lib ) \
+ ( (sfntModulePIC*)( (lib)->pic_container.sfnt ) )
-#define SFNT_SERVICES_GET \
+#define SFNT_SERVICES_GET \
( GET_PIC( library )->sfnt_services )
-#define SFNT_SERVICE_GLYPH_DICT_GET \
+#define SFNT_SERVICE_GLYPH_DICT_GET \
( GET_PIC( library )->sfnt_service_glyph_dict )
-#define SFNT_SERVICE_PS_NAME_GET \
+#define SFNT_SERVICE_PS_NAME_GET \
( GET_PIC( library )->sfnt_service_ps_name )
-#define TT_SERVICE_CMAP_INFO_GET \
+#define TT_SERVICE_CMAP_INFO_GET \
( GET_PIC( library )->tt_service_get_cmap_info )
-#define SFNT_SERVICES_GET \
+#define SFNT_SERVICES_GET \
( GET_PIC( library )->sfnt_services )
-#define TT_CMAP_CLASSES_GET \
+#define TT_CMAP_CLASSES_GET \
( GET_PIC( library )->tt_cmap_classes )
-#define SFNT_SERVICE_SFNT_TABLE_GET \
+#define SFNT_SERVICE_SFNT_TABLE_GET \
( GET_PIC( library )->sfnt_service_sfnt_table )
-#define SFNT_SERVICE_BDF_GET \
+#define SFNT_SERVICE_BDF_GET \
( GET_PIC( library )->sfnt_service_bdf )
-#define SFNT_INTERFACE_GET \
+#define SFNT_INTERFACE_GET \
( GET_PIC( library )->sfnt_interface )
diff --git a/freetype/src/sfnt/sfobjs.c b/freetype/src/sfnt/sfobjs.c
index 112753160..0f941467d 100644
--- a/freetype/src/sfnt/sfobjs.c
+++ b/freetype/src/sfnt/sfobjs.c
@@ -4,7 +4,7 @@
/* */
/* SFNT object management (base). */
/* */
-/* Copyright 1996-2008, 2010-2013 by */
+/* Copyright 1996-2008, 2010-2014 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -348,29 +348,22 @@
}
-#define WRITE_BYTE( p, v ) \
- do \
- { \
- *(p)++ = (v) >> 0; \
- \
+#define WRITE_USHORT( p, v ) \
+ do \
+ { \
+ *(p)++ = (FT_Byte)( (v) >> 8 ); \
+ *(p)++ = (FT_Byte)( (v) >> 0 ); \
+ \
} while ( 0 )
-#define WRITE_USHORT( p, v ) \
- do \
- { \
- *(p)++ = (v) >> 8; \
- *(p)++ = (v) >> 0; \
- \
- } while ( 0 )
-
-#define WRITE_ULONG( p, v ) \
- do \
- { \
- *(p)++ = (v) >> 24; \
- *(p)++ = (v) >> 16; \
- *(p)++ = (v) >> 8; \
- *(p)++ = (v) >> 0; \
- \
+#define WRITE_ULONG( p, v ) \
+ do \
+ { \
+ *(p)++ = (FT_Byte)( (v) >> 24 ); \
+ *(p)++ = (FT_Byte)( (v) >> 16 ); \
+ *(p)++ = (FT_Byte)( (v) >> 8 ); \
+ *(p)++ = (FT_Byte)( (v) >> 0 ); \
+ \
} while ( 0 )
@@ -574,8 +567,10 @@
if ( table->Offset != woff_offset ||
- table->Offset + table->CompLength > woff.length ||
- sfnt_offset + table->OrigLength > woff.totalSfntSize ||
+ table->CompLength > woff.length ||
+ table->Offset > woff.length - table->CompLength ||
+ table->OrigLength > woff.totalSfntSize ||
+ sfnt_offset > woff.totalSfntSize - table->OrigLength ||
table->CompLength > table->OrigLength )
{
error = FT_THROW( Invalid_Table );
@@ -661,6 +656,8 @@
}
else
{
+#ifdef FT_CONFIG_OPTION_USE_ZLIB
+
/* Uncompress with zlib. */
FT_ULong output_len = table->OrigLength;
@@ -675,6 +672,13 @@
error = FT_THROW( Invalid_Table );
goto Exit;
}
+
+#else /* !FT_CONFIG_OPTION_USE_ZLIB */
+
+ error = FT_THROW( Unimplemented_Feature );
+ goto Exit;
+
+#endif /* !FT_CONFIG_OPTION_USE_ZLIB */
}
FT_FRAME_EXIT();
@@ -717,7 +721,6 @@
}
-#undef WRITE_BYTE
#undef WRITE_USHORT
#undef WRITE_ULONG
@@ -1015,7 +1018,6 @@
if ( is_apple_sbix )
has_outline = FALSE;
-
/* if this font doesn't contain outlines, we try to load */
/* a `bhed' table */
if ( !has_outline && sfnt->load_bhed )
diff --git a/freetype/src/sfnt/ttcmap.c b/freetype/src/sfnt/ttcmap.c
index 580c43050..63b7a2e3a 100644
--- a/freetype/src/sfnt/ttcmap.c
+++ b/freetype/src/sfnt/ttcmap.c
@@ -845,9 +845,6 @@
p = table + 2; /* skip format */
length = TT_NEXT_USHORT( p );
- if ( length < 16 )
- FT_INVALID_TOO_SHORT;
-
/* in certain fonts, the `length' field is invalid and goes */
/* out of bound. We try to correct this here... */
if ( table + length > valid->limit )
@@ -858,6 +855,9 @@
length = (FT_UInt)( valid->limit - table );
}
+ if ( length < 16 )
+ FT_INVALID_TOO_SHORT;
+
p = table + 6;
num_segs = TT_NEXT_USHORT( p ); /* read segCountX2 */
@@ -1669,7 +1669,8 @@
p = is32 + 8192; /* skip `is32' array */
num_groups = TT_NEXT_ULONG( p );
- if ( p + num_groups * 12 > valid->limit )
+ /* p + num_groups * 12 > valid->limit ? */
+ if ( num_groups > (FT_UInt32)( valid->limit - p ) / 12 )
FT_INVALID_TOO_SHORT;
/* check groups, they must be in increasing order */
@@ -1694,7 +1695,12 @@
if ( valid->level >= FT_VALIDATE_TIGHT )
{
- if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) )
+ FT_UInt32 d = end - start;
+
+
+ /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */
+ if ( d > TT_VALID_GLYPH_COUNT( valid ) ||
+ start_id >= TT_VALID_GLYPH_COUNT( valid ) - d )
FT_INVALID_GLYPH_ID;
count = (FT_UInt32)( end - start + 1 );
@@ -1892,7 +1898,9 @@
count = TT_NEXT_ULONG( p );
if ( length > (FT_ULong)( valid->limit - table ) ||
- length < 20 + count * 2 )
+ /* length < 20 + count * 2 ? */
+ length < 20 ||
+ ( length - 20 ) / 2 < count )
FT_INVALID_TOO_SHORT;
/* check glyph indices */
@@ -2079,7 +2087,9 @@
num_groups = TT_NEXT_ULONG( p );
if ( length > (FT_ULong)( valid->limit - table ) ||
- length < 16 + 12 * num_groups )
+ /* length < 16 + 12 * num_groups ? */
+ length < 16 ||
+ ( length - 16 ) / 12 < num_groups )
FT_INVALID_TOO_SHORT;
/* check groups, they must be in increasing order */
@@ -2101,7 +2111,12 @@
if ( valid->level >= FT_VALIDATE_TIGHT )
{
- if ( start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) )
+ FT_UInt32 d = end - start;
+
+
+ /* start_id + end - start >= TT_VALID_GLYPH_COUNT( valid ) ? */
+ if ( d > TT_VALID_GLYPH_COUNT( valid ) ||
+ start_id >= TT_VALID_GLYPH_COUNT( valid ) - d )
FT_INVALID_GLYPH_ID;
}
@@ -2401,7 +2416,9 @@
num_groups = TT_NEXT_ULONG( p );
if ( length > (FT_ULong)( valid->limit - table ) ||
- length < 16 + 12 * num_groups )
+ /* length < 16 + 12 * num_groups ? */
+ length < 16 ||
+ ( length - 16 ) / 12 < num_groups )
FT_INVALID_TOO_SHORT;
/* check groups, they must be in increasing order */
@@ -2787,7 +2804,9 @@
num_selectors = TT_NEXT_ULONG( p );
if ( length > (FT_ULong)( valid->limit - table ) ||
- length < 10 + 11 * num_selectors )
+ /* length < 10 + 11 * num_selectors ? */
+ length < 10 ||
+ ( length - 10 ) / 11 < num_selectors )
FT_INVALID_TOO_SHORT;
/* check selectors, they must be in increasing order */
@@ -2823,7 +2842,8 @@
FT_ULong lastBase = 0;
- if ( defp + numRanges * 4 > valid->limit )
+ /* defp + numRanges * 4 > valid->limit ? */
+ if ( numRanges > (FT_ULong)( valid->limit - defp ) / 4 )
FT_INVALID_TOO_SHORT;
for ( i = 0; i < numRanges; ++i )
@@ -2850,7 +2870,8 @@
FT_ULong i, lastUni = 0;
- if ( numMappings * 4 > (FT_ULong)( valid->limit - ndp ) )
+ /* numMappings * 4 > (FT_ULong)( valid->limit - ndp ) ? */
+ if ( numMappings > ( (FT_ULong)( valid->limit - ndp ) ) / 4 )
FT_INVALID_TOO_SHORT;
for ( i = 0; i < numMappings; ++i )
@@ -3473,23 +3494,14 @@
/* only recognize format 0 */
if ( TT_NEXT_USHORT( p ) != 0 )
{
- p -= 2;
FT_ERROR(( "tt_face_build_cmaps:"
" unsupported `cmap' table format = %d\n",
- TT_PEEK_USHORT( p ) ));
+ TT_PEEK_USHORT( p - 2 ) ));
return FT_THROW( Invalid_Table );
}
num_cmaps = TT_NEXT_USHORT( p );
-#ifdef FT_MAX_CHARMAP_CACHEABLE
- if ( num_cmaps > FT_MAX_CHARMAP_CACHEABLE )
- FT_ERROR(( "tt_face_build_cmaps: too many cmap subtables (%d)\n"
- " subtable #%d and higher are loaded"
- " but cannot be searched\n",
- num_cmaps, FT_MAX_CHARMAP_CACHEABLE + 1 ));
-#endif
-
for ( ; num_cmaps > 0 && p + 8 <= limit; num_cmaps-- )
{
FT_CharMapRec charmap;
diff --git a/freetype/src/sfnt/ttkern.c b/freetype/src/sfnt/ttkern.c
index 3bfd78891..98c091e91 100644
--- a/freetype/src/sfnt/ttkern.c
+++ b/freetype/src/sfnt/ttkern.c
@@ -99,7 +99,7 @@
length = FT_NEXT_USHORT( p );
coverage = FT_NEXT_USHORT( p );
- if ( length <= 6 )
+ if ( length <= 6 + 8 )
break;
p_next += length;
diff --git a/freetype/src/sfnt/ttload.c b/freetype/src/sfnt/ttload.c
index 1ca2dd5c2..fe179360d 100644
--- a/freetype/src/sfnt/ttload.c
+++ b/freetype/src/sfnt/ttload.c
@@ -5,7 +5,7 @@
/* Load the basic TrueType tables, i.e., tables that can be either in */
/* TTF or OTF fonts (body). */
/* */
-/* Copyright 1996-2010, 2012, 2013 by */
+/* Copyright 1996-2010, 2012-2014 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -207,7 +207,10 @@
}
/* we ignore invalid tables */
- if ( table.Offset + table.Length > stream->size )
+
+ /* table.Offset + table.Length > stream->size ? */
+ if ( table.Length > stream->size ||
+ table.Offset > stream->size - table.Length )
{
FT_TRACE2(( "check_table_dir: table entry %d invalid\n", nn ));
continue;
@@ -395,7 +398,10 @@
entry->Length = FT_GET_ULONG();
/* ignore invalid tables */
- if ( entry->Offset + entry->Length > stream->size )
+
+ /* entry->Offset + entry->Length > stream->size ? */
+ if ( entry->Length > stream->size ||
+ entry->Offset > stream->size - entry->Length )
continue;
else
{
diff --git a/freetype/src/sfnt/ttmtx.c b/freetype/src/sfnt/ttmtx.c
index 920b2b92a..cd3a31aec 100644
--- a/freetype/src/sfnt/ttmtx.c
+++ b/freetype/src/sfnt/ttmtx.c
@@ -4,7 +4,7 @@
/* */
/* Load the metrics tables common to TTF and OTF fonts (body). */
/* */
-/* Copyright 2006-2009, 2011-2013 by */
+/* Copyright 2006-2009, 2011-2014 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -201,7 +201,7 @@
/* aadvance :: The advance width or advance height, depending on */
/* the `vertical' flag. */
/* */
- FT_LOCAL_DEF( FT_Error )
+ FT_LOCAL_DEF( void )
tt_face_get_metrics( TT_Face face,
FT_Bool vertical,
FT_UInt gindex,
@@ -274,8 +274,6 @@
*abearing = 0;
*aadvance = 0;
}
-
- return FT_Err_Ok;
}
diff --git a/freetype/src/sfnt/ttmtx.h b/freetype/src/sfnt/ttmtx.h
index 13b0775ce..0142626bb 100644
--- a/freetype/src/sfnt/ttmtx.h
+++ b/freetype/src/sfnt/ttmtx.h
@@ -4,7 +4,7 @@
/* */
/* Load the metrics tables common to TTF and OTF fonts (specification). */
/* */
-/* Copyright 2006 by */
+/* Copyright 2006, 2014 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -40,7 +40,7 @@ FT_BEGIN_HEADER
FT_Bool vertical );
- FT_LOCAL( FT_Error )
+ FT_LOCAL( void )
tt_face_get_metrics( TT_Face face,
FT_Bool vertical,
FT_UInt gindex,
diff --git a/freetype/src/sfnt/ttpost.c b/freetype/src/sfnt/ttpost.c
index 164edd8ce..b62bc5f97 100644
--- a/freetype/src/sfnt/ttpost.c
+++ b/freetype/src/sfnt/ttpost.c
@@ -5,7 +5,7 @@
/* Postcript name table processing for TrueType and OpenType fonts */
/* (body). */
/* */
-/* Copyright 1996-2003, 2006-2010, 2013 by */
+/* Copyright 1996-2003, 2006-2010, 2013, 2014 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -64,12 +64,12 @@
#define MAC_NAME( x ) ( (FT_String*)tt_post_default_names[x] )
- /* the 258 default Mac PS glyph names */
+ /* the 258 default Mac PS glyph names; see file `tools/glnames.py' */
static const FT_String* const tt_post_default_names[258] =
{
/* 0 */
- ".notdef", ".null", "CR", "space", "exclam",
+ ".notdef", ".null", "nonmarkingreturn", "space", "exclam",
"quotedbl", "numbersign", "dollar", "percent", "ampersand",
/* 10 */
"quotesingle", "parenleft", "parenright", "asterisk", "plus",
@@ -120,7 +120,7 @@
"ae", "oslash", "questiondown", "exclamdown", "logicalnot",
"radical", "florin", "approxequal", "Delta", "guillemotleft",
/* 170 */
- "guillemotright", "ellipsis", "nbspace", "Agrave", "Atilde",
+ "guillemotright", "ellipsis", "nonbreakingspace", "Agrave", "Atilde",
"Otilde", "OE", "oe", "endash", "emdash",
/* 180 */
"quotedblleft", "quotedblright", "quoteleft", "quoteright", "divide",
@@ -144,8 +144,8 @@
"multiply", "onesuperior", "twosuperior", "threesuperior", "onehalf",
"onequarter", "threequarters", "franc", "Gbreve", "gbreve",
/* 250 */
- "Idot", "Scedilla", "scedilla", "Cacute", "cacute",
- "Ccaron", "ccaron", "dmacron",
+ "Idotaccent", "Scedilla", "scedilla", "Cacute", "cacute",
+ "Ccaron", "ccaron", "dcroat",
};
diff --git a/freetype/src/sfnt/ttsbit.c b/freetype/src/sfnt/ttsbit.c
index 01dfac015..6bfb1869f 100644
--- a/freetype/src/sfnt/ttsbit.c
+++ b/freetype/src/sfnt/ttsbit.c
@@ -150,12 +150,25 @@
error = FT_THROW( Unknown_File_Format );
goto Exit;
}
- if ( flags != 0x0001 || num_strikes >= 0x10000UL )
+
+ /* Bit 0 must always be `1'. */
+ /* Bit 1 controls the overlay of bitmaps with outlines. */
+ /* All other bits should be zero. */
+ if ( !( flags == 1 || flags == 3 ) ||
+ num_strikes >= 0x10000UL )
{
error = FT_THROW( Invalid_File_Format );
goto Exit;
}
+ /* we currently don't support bit 1; however, it is better to */
+ /* draw at least something... */
+ if ( flags == 3 )
+ FT_TRACE1(( "tt_face_load_sbit_strikes:"
+ " sbix overlay not supported yet\n"
+ " "
+ " expect bad rendering results\n" ));
+
/*
* Count the number of strikes available in the table. We are a bit
* paranoid there and don't trust the data.
@@ -256,7 +269,8 @@
case TT_SBIT_TABLE_TYPE_SBIX:
{
FT_Stream stream = face->root.stream;
- FT_UInt offset, ppem, resolution, upem;
+ FT_UInt offset, upem;
+ FT_UShort ppem, resolution;
TT_HoriHeader *hori;
FT_ULong table_size;
@@ -380,9 +394,11 @@
p += 34;
decoder->bit_depth = *p;
- if ( decoder->strike_index_array > face->sbit_table_size ||
- decoder->strike_index_array + 8 * decoder->strike_index_count >
- face->sbit_table_size )
+ /* decoder->strike_index_array + */
+ /* 8 * decoder->strike_index_count > face->sbit_table_size ? */
+ if ( decoder->strike_index_array > face->sbit_table_size ||
+ decoder->strike_index_count >
+ ( face->sbit_table_size - decoder->strike_index_array ) / 8 )
error = FT_THROW( Invalid_File_Format );
}
@@ -504,13 +520,20 @@
p += 3;
}
+ else
+ {
+ /* avoid uninitialized data in case there is no vertical info -- */
+ metrics->vertBearingX = 0;
+ metrics->vertBearingY = 0;
+ metrics->vertAdvance = 0;
+ }
decoder->metrics_loaded = 1;
*pp = p;
return FT_Err_Ok;
Fail:
- FT_TRACE1(( "tt_sbit_decoder_load_metrics: broken table" ));
+ FT_TRACE1(( "tt_sbit_decoder_load_metrics: broken table\n" ));
return FT_THROW( Invalid_Argument );
}
@@ -800,12 +823,12 @@
FT_Error error = FT_Err_Ok;
FT_UInt num_components, nn;
- FT_Char horiBearingX = decoder->metrics->horiBearingX;
- FT_Char horiBearingY = decoder->metrics->horiBearingY;
- FT_Byte horiAdvance = decoder->metrics->horiAdvance;
- FT_Char vertBearingX = decoder->metrics->vertBearingX;
- FT_Char vertBearingY = decoder->metrics->vertBearingY;
- FT_Byte vertAdvance = decoder->metrics->vertAdvance;
+ FT_Char horiBearingX = (FT_Char)decoder->metrics->horiBearingX;
+ FT_Char horiBearingY = (FT_Char)decoder->metrics->horiBearingY;
+ FT_Byte horiAdvance = (FT_Byte)decoder->metrics->horiAdvance;
+ FT_Char vertBearingX = (FT_Char)decoder->metrics->vertBearingX;
+ FT_Char vertBearingY = (FT_Char)decoder->metrics->vertBearingY;
+ FT_Byte vertAdvance = (FT_Byte)decoder->metrics->vertAdvance;
if ( p + 2 > limit )
@@ -1147,7 +1170,8 @@
num_glyphs = FT_NEXT_ULONG( p );
/* overflow check for p + ( num_glyphs + 1 ) * 4 */
- if ( num_glyphs > (FT_ULong)( ( ( p_limit - p ) >> 2 ) - 1 ) )
+ if ( p + 4 > p_limit ||
+ num_glyphs > (FT_ULong)( ( ( p_limit - p ) >> 2 ) - 1 ) )
goto NoBitmap;
for ( mm = 0; mm < num_glyphs; mm++ )
@@ -1334,6 +1358,7 @@
case FT_MAKE_TAG( 'j', 'p', 'g', ' ' ):
case FT_MAKE_TAG( 't', 'i', 'f', 'f' ):
+ case FT_MAKE_TAG( 'r', 'g', 'b', 'l' ): /* used on iOS 7.1 */
error = FT_THROW( Unknown_File_Format );
break;
@@ -1352,10 +1377,11 @@
tt_face_get_metrics( face, FALSE, glyph_index, &abearing, &aadvance );
- metrics->horiBearingX = originOffsetX;
- metrics->horiBearingY = -originOffsetY + metrics->height;
- metrics->horiAdvance = aadvance * face->root.size->metrics.x_ppem /
- face->header.Units_Per_EM;
+ metrics->horiBearingX = (FT_Short)originOffsetX;
+ metrics->horiBearingY = (FT_Short)( -originOffsetY + metrics->height );
+ metrics->horiAdvance = (FT_Short)( aadvance *
+ face->root.size->metrics.x_ppem /
+ face->header.Units_Per_EM );
}
return error;
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-10 01:10:20 +0000