diff options
| author | marha <marha@users.sourceforge.net> | 2011-01-16 19:26:40 +0000 |
|---|---|---|
| committer | marha <marha@users.sourceforge.net> | 2011-01-16 19:26:40 +0000 |
| commit | 4e370208d0f941a4cceb6f9fefa78444c2bf3498 (patch) | |
| tree | 543c693b5dee03c965b0c9ef79869a8536024432 /freetype/src/sfnt | |
| parent | 1eaf4b3f1d746b054298358d81233364bb1b7ba2 (diff) | |
| parent | 2177eb8fad173f2b0fe04f188c4d6dadaa8f4441 (diff) | |
| download | vcxsrv-4e370208d0f941a4cceb6f9fefa78444c2bf3498.tar.gz vcxsrv-4e370208d0f941a4cceb6f9fefa78444c2bf3498.tar.bz2 vcxsrv-4e370208d0f941a4cceb6f9fefa78444c2bf3498.zip | |
svn merge ^/branches/released .
Diffstat (limited to 'freetype/src/sfnt')
| -rw-r--r-- | freetype/src/sfnt/sfobjs.c | 4 | ||||
| -rw-r--r-- | freetype/src/sfnt/ttload.c | 13 | ||||
| -rw-r--r-- | freetype/src/sfnt/ttpost.c | 62 |
3 files changed, 62 insertions, 17 deletions
diff --git a/freetype/src/sfnt/sfobjs.c b/freetype/src/sfnt/sfobjs.c index 9b168873a..449c6b000 100644 --- a/freetype/src/sfnt/sfobjs.c +++ b/freetype/src/sfnt/sfobjs.c @@ -691,9 +691,7 @@ LOAD_( os2 ); if ( error ) { - if ( error != SFNT_Err_Table_Missing ) - goto Exit; - + /* we treat the table as missing if there are any errors */ face->os2.version = 0xFFFFU; } } diff --git a/freetype/src/sfnt/ttload.c b/freetype/src/sfnt/ttload.c index aadd1d5f6..65fa0015f 100644 --- a/freetype/src/sfnt/ttload.c +++ b/freetype/src/sfnt/ttload.c @@ -384,6 +384,10 @@ entry = face->dir_tables; + FT_TRACE2(( "\n" + " tag offset length checksum\n" + " ----------------------------------\n" )); + for ( nn = 0; nn < sfnt.num_tables; nn++ ) { entry->Tag = FT_GET_TAG4(); @@ -396,13 +400,14 @@ continue; else { - FT_TRACE2(( " %c%c%c%c - %08lx - %08lx\n", + FT_TRACE2(( " %c%c%c%c %08lx %08lx %08lx\n", (FT_Char)( entry->Tag >> 24 ), (FT_Char)( entry->Tag >> 16 ), (FT_Char)( entry->Tag >> 8 ), (FT_Char)( entry->Tag ), entry->Offset, - entry->Length )); + entry->Length, + entry->CheckSum )); entry++; } } @@ -680,9 +685,9 @@ /* broken fonts like `Keystrokes MT' :-( */ /* */ /* We allocate 64 function entries by default when */ - /* the maxFunctionDefs field is null. */ + /* the maxFunctionDefs value is smaller. */ - if ( maxProfile->maxFunctionDefs == 0 ) + if ( maxProfile->maxFunctionDefs < 64 ) maxProfile->maxFunctionDefs = 64; /* we add 4 phantom points later */ diff --git a/freetype/src/sfnt/ttpost.c b/freetype/src/sfnt/ttpost.c index 32c18b861..e5e1429a0 100644 --- a/freetype/src/sfnt/ttpost.c +++ b/freetype/src/sfnt/ttpost.c @@ -5,7 +5,7 @@ /* Postcript name table processing for TrueType and OpenType fonts */ /* (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2006, 2007, 2008, 2009 by */ +/* Copyright 1996-2001, 2002, 2003, 2006, 2007, 2008, 2009, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -26,8 +26,9 @@ #include <ft2build.h> +#include <freetype/internal/ftdebug.h> #include <freetype/internal/ftstream.h> -#include FT_TRUETYPE_TAGS_H +#include <freetype/tttags.h> #include "ttpost.h" #include "sferrors.h" @@ -153,7 +154,8 @@ static FT_Error load_format_20( TT_Face face, - FT_Stream stream ) + FT_Stream stream, + FT_Long post_limit ) { FT_Memory memory = stream->memory; FT_Error error; @@ -230,13 +232,46 @@ FT_UInt len; - if ( FT_READ_BYTE ( len ) || - FT_NEW_ARRAY( name_strings[n], len + 1 ) || - FT_STREAM_READ ( name_strings[n], len ) ) + if ( FT_STREAM_POS() >= post_limit ) + break; + else + { + FT_TRACE6(( "load_format_20: %d byte left in post table\n", + post_limit - FT_STREAM_POS() )); + + if ( FT_READ_BYTE( len ) ) + goto Fail1; + } + + if ( (FT_Int)len > post_limit || + FT_STREAM_POS() > post_limit - (FT_Int)len ) + { + FT_ERROR(( "load_format_20:" + " exceeding string length (%d)," + " truncating at end of post table (%d byte left)\n", + len, post_limit - FT_STREAM_POS() )); + len = FT_MAX( 0, post_limit - FT_STREAM_POS() ); + } + + if ( FT_NEW_ARRAY( name_strings[n], len + 1 ) || + FT_STREAM_READ( name_strings[n], len ) ) goto Fail1; name_strings[n][len] = '\0'; } + + if ( n < num_names ) + { + FT_ERROR(( "load_format_20:" + " all entries in post table are already parsed," + " using NULL names for gid %d - %d\n", + n, num_names - 1 )); + for ( ; n < num_names; n++ ) + if ( FT_NEW_ARRAY( name_strings[n], 1 ) ) + goto Fail1; + else + name_strings[n][0] = '\0'; + } } /* all right, set table fields and exit successfully */ @@ -271,7 +306,8 @@ static FT_Error load_format_25( TT_Face face, - FT_Stream stream ) + FT_Stream stream, + FT_Long post_limit ) { FT_Memory memory = stream->memory; FT_Error error; @@ -279,6 +315,8 @@ FT_Int num_glyphs; FT_Char* offset_table = 0; + FT_UNUSED( post_limit ); + /* UNDOCUMENTED! This value appears only in the Apple TT specs. */ if ( FT_READ_USHORT( num_glyphs ) ) @@ -338,16 +376,20 @@ FT_Stream stream; FT_Error error; FT_Fixed format; + FT_ULong post_len; + FT_Long post_limit; /* get a stream for the face's resource */ stream = face->root.stream; /* seek to the beginning of the PS names table */ - error = face->goto_table( face, TTAG_post, stream, 0 ); + error = face->goto_table( face, TTAG_post, stream, &post_len ); if ( error ) goto Exit; + post_limit = FT_STREAM_POS() + post_len; + format = face->postscript.FormatType; /* go to beginning of subtable */ @@ -356,9 +398,9 @@ /* now read postscript table */ if ( format == 0x00020000L ) - error = load_format_20( face, stream ); + error = load_format_20( face, stream, post_limit ); else if ( format == 0x00028000L ) - error = load_format_25( face, stream ); + error = load_format_25( face, stream, post_limit ); else error = SFNT_Err_Invalid_File_Format; |