From 2177eb8fad173f2b0fe04f188c4d6dadaa8f4441 Mon Sep 17 00:00:00 2001 From: marha Date: Sun, 16 Jan 2011 17:43:39 +0000 Subject: freetype 2.4.4 --- freetype/src/cff/cffload.c | 54 +++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 32 deletions(-) (limited to 'freetype/src/cff/cffload.c') diff --git a/freetype/src/cff/cffload.c b/freetype/src/cff/cffload.c index 42e77309a..000cbe3ac 100644 --- a/freetype/src/cff/cffload.c +++ b/freetype/src/cff/cffload.c @@ -519,6 +519,18 @@ } } + /* XXX: should check off2 does not exceed the end of this entry; */ + /* at present, only truncate off2 at the end of this stream */ + if ( off2 > stream->size + 1 || + idx->data_offset > stream->size - off2 + 1 ) + { + FT_ERROR(( "cff_index_access_element:" + " offset to next entry (%d)" + " exceeds the end of stream (%d)\n", + off2, stream->size - idx->data_offset + 1 )); + off2 = stream->size - idx->data_offset + 1; + } + /* access element */ if ( off1 && off2 > off1 ) { @@ -779,11 +791,12 @@ goto Exit; for ( i = 0; i < num_glyphs; i++ ) + { if ( charset->sids[i] > max_cid ) max_cid = charset->sids[i]; - max_cid++; + } - if ( FT_NEW_ARRAY( charset->cids, max_cid ) ) + if ( FT_NEW_ARRAY( charset->cids, (FT_ULong)max_cid + 1 ) ) goto Exit; /* When multiple GIDs map to the same CID, we choose the lowest */ @@ -807,7 +820,7 @@ FT_UInt result = 0; - if ( cid < charset->max_cid ) + if ( cid <= charset->max_cid ) result = charset->cids[cid]; return result; @@ -881,20 +894,7 @@ goto Exit; for ( j = 1; j < num_glyphs; j++ ) - { - FT_UShort sid = FT_GET_USHORT(); - - - /* this constant is given in the CFF specification */ - if ( sid < 65000L ) - charset->sids[j] = sid; - else - { - FT_TRACE0(( "cff_charset_load:" - " invalid SID value %d set to zero\n", sid )); - charset->sids[j] = 0; - } - } + charset->sids[j] = FT_GET_USHORT(); FT_FRAME_EXIT(); } @@ -927,20 +927,12 @@ goto Exit; } - /* check whether the range contains at least one valid glyph; */ - /* the constant is given in the CFF specification */ - if ( glyph_sid >= 65000L ) - { - FT_ERROR(( "cff_charset_load: invalid SID range\n" )); - error = CFF_Err_Invalid_File_Format; - goto Exit; - } - /* try to rescue some of the SIDs if `nleft' is too large */ - if ( nleft > 65000L - 1L || glyph_sid >= 65000L - nleft ) + if ( glyph_sid > 0xFFFFL - nleft ) { - FT_ERROR(( "cff_charset_load: invalid SID range trimmed\n" )); - nleft = ( FT_UInt )( 65000L - 1L - glyph_sid ); + FT_ERROR(( "cff_charset_load: invalid SID range trimmed" + " nleft=%d -> %d\n", nleft, 0xFFFFL - glyph_sid )); + nleft = ( FT_UInt )( 0xFFFFL - glyph_sid ); } /* Fill in the range of sids -- `nleft + 1' glyphs. */ @@ -1277,9 +1269,7 @@ if ( gid != 0 ) { encoding->codes[j] = (FT_UShort)gid; - - if ( encoding->count < j + 1 ) - encoding->count = j + 1; + encoding->count = j + 1; } else { -- cgit v1.2.3