Werner Lemberg pushed to branch master at FreeType / FreeType
Commits:
-
7a493e3a
by Werner Lemberg at 2022-01-08T10:28:19+01:00
2 changed files:
Changes:
| ... | ... | @@ -200,7 +200,7 @@ |
| 200 | 200 |
|
| 201 | 201 |
for ( nn = 0; nn < sfnt->num_tables; nn++ )
|
| 202 | 202 |
{
|
| 203 |
- TT_TableRec table = { 0, 0, 0, 0 };
|
|
| 203 |
+ TT_TableRec table;
|
|
| 204 | 204 |
|
| 205 | 205 |
|
| 206 | 206 |
if ( FT_STREAM_READ_FIELDS( table_dir_entry_fields, &table ) )
|
| ... | ... | @@ -718,7 +718,9 @@ |
| 718 | 718 |
goto Fail;
|
| 719 | 719 |
}
|
| 720 | 720 |
|
| 721 |
- if ( FT_QREALLOC( face->ttf_data, 12, face->ttf_size ) )
|
|
| 721 |
+ /* To handle bad fonts with an invalid table directory */
|
|
| 722 |
+ /* we don't use `FT_QREALLOC` here. */
|
|
| 723 |
+ if ( FT_REALLOC( face->ttf_data, 12, face->ttf_size ) )
|
|
| 722 | 724 |
goto Fail;
|
| 723 | 725 |
}
|
| 724 | 726 |
/* fall through */
|
| ... | ... | @@ -767,8 +769,13 @@ |
| 767 | 769 |
FT_TRACE2(( " allocating %ld bytes\n", face->ttf_size + 1 ));
|
| 768 | 770 |
FT_TRACE2(( "\n" ));
|
| 769 | 771 |
|
| 770 |
- if ( FT_QREALLOC( face->ttf_data, 12 + 16 * num_tables,
|
|
| 771 |
- face->ttf_size + 1 ) )
|
|
| 772 |
+ /* To handle bad fonts we don't use `FT_QREALLOC` here: */
|
|
| 773 |
+ /* chances are high that due to incorrect values in the */
|
|
| 774 |
+ /* table directory the computation of `ttf_size` would be */
|
|
| 775 |
+ /* incorrect otherwise, causing run-time errors because of */
|
|
| 776 |
+ /* accessing uninitialized memory. */
|
|
| 777 |
+ if ( FT_REALLOC( face->ttf_data, 12 + 16 * num_tables,
|
|
| 778 |
+ face->ttf_size + 1 ) )
|
|
| 772 | 779 |
goto Fail;
|
| 773 | 780 |
}
|
| 774 | 781 |
/* fall through */
|