[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master dcfc4d9: [truetype] Better protection against malform
From: |
Werner LEMBERG |
Subject: |
[freetype2] master dcfc4d9: [truetype] Better protection against malformed `fpgm' (#46223). |
Date: |
Sun, 18 Oct 2015 14:47:20 +0000 |
branch: master
commit dcfc4d9c2184bd36dacf73c1a9f331e98aa8ed1d
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>
[truetype] Better protection against malformed `fpgm' (#46223).
* src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a
malformed `fpgm' table more than once.
---
ChangeLog | 7 +++++++
src/truetype/ttobjs.c | 8 ++++++++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 09ba4b2..369bef4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-10-18 Werner Lemberg <address@hidden>
+
+ [truetype] Better protection against malformed `fpgm' (#46223).
+
+ * src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a
+ malformed `fpgm' table more than once.
+
2015-10-17 Werner Lemberg <address@hidden>
* src/cid/cidgload.c (cid_load_glyph): Fix memory leak.
diff --git a/src/truetype/ttobjs.c b/src/truetype/ttobjs.c
index 6060d6f..b0d9f28 100644
--- a/src/truetype/ttobjs.c
+++ b/src/truetype/ttobjs.c
@@ -1078,7 +1078,15 @@
}
/* Fine, now run the font program! */
+
+ /* In case of an error while executing `fpgm', we intentionally don't */
+ /* clean up immediately – bugs in the `fpgm' are so fundamental that */
+ /* all following hinting calls should fail. Additionally, `fpgm' is */
+ /* to be executed just once; calling it again is completely useless */
+ /* and might even lead to extremely slow behaviour if it is malformed */
+ /* (containing an infinite loop, for example). */
error = tt_size_run_fpgm( size, pedantic );
+ return error;
Exit:
if ( error )
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master dcfc4d9: [truetype] Better protection against malformed `fpgm' (#46223).,
Werner LEMBERG <=