From d783adea42f29bd7917929597ca1031b70587e1d Mon Sep 17 00:00:00 2001 From: marha Date: Thu, 10 Nov 2011 15:49:48 +0100 Subject: Updated to freetype 2.4.7 --- freetype/src/lzw/ftzopen.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) (limited to 'freetype/src/lzw/ftzopen.c') diff --git a/freetype/src/lzw/ftzopen.c b/freetype/src/lzw/ftzopen.c index 8bc65c8f5..d7a64576b 100644 --- a/freetype/src/lzw/ftzopen.c +++ b/freetype/src/lzw/ftzopen.c @@ -8,7 +8,7 @@ /* be used to parse compressed PCF fonts, as found with many X11 server */ /* distributions. */ /* */ -/* Copyright 2005, 2006, 2007, 2009 by David Turner. */ +/* Copyright 2005-2007, 2009, 2011 by David Turner. */ /* */ /* This file is part of the FreeType project, and may only be used, */ /* modified, and distributed under the terms of the FreeType project */ @@ -124,6 +124,15 @@ old_size = 0; } + /* requirement of the character stack larger than 1< ( 1 << LZW_MAX_BITS ) ) + { + new_size = 1 << LZW_MAX_BITS; + if ( new_size == old_size ) + return -1; + } + if ( FT_RENEW_ARRAY( state->stack, old_size, new_size ) ) return -1; @@ -279,7 +288,7 @@ : state->max_free + 1; c = ft_lzwstate_get_code( state ); - if ( c < 0 ) + if ( c < 0 || c > 255 ) goto Eof; old_code = old_char = (FT_UInt)c; @@ -312,11 +321,12 @@ /* why not LZW_FIRST-256 ? */ state->free_ent = ( LZW_FIRST - 1 ) - 256; state->buf_clear = 1; - c = ft_lzwstate_get_code( state ); - if ( c < 0 ) - goto Eof; - code = (FT_UInt)c; + /* not quite right, but at least more predictable */ + old_code = 0; + old_char = 0; + + goto NextCode; } in_code = code; /* save code for later */ @@ -326,6 +336,10 @@ /* special case for KwKwKwK */ if ( code - 256U >= state->free_ent ) { + /* corrupted LZW stream */ + if ( code - 256U > state->free_ent ) + goto Eof; + FTLZW_STACK_PUSH( old_char ); code = old_code; } -- cgit v1.2.3