freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Git][freetype/freetype][master] 2 commits: [truetype] In `ItemVariation

From: Werner Lemberg (@wl)
Subject: [Git][freetype/freetype][master] 2 commits: [truetype] In `ItemVariationStore`, value 0xFFFF for `dataCount` is valid.
Date: Sat, 12 Nov 2022 15:48:09 +0000

Werner Lemberg pushed to branch master at FreeType / FreeType

Commits:

  • 9be958ca
    by Behdad Esfahbod at 2022-11-12T16:41:20+01:00 
    [truetype] In `ItemVariationStore`, value 0xFFFF for `dataCount` is valid.

It corresponds to outer indices of 0 to 0xFFFE.

* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Remove invalid
code.
  • e97cb9e8
    by Behdad Esfahbod at 2022-11-12T16:45:44+01:00 
    [truetype] Improve bounds checks for `ItemVariationStore`.

* src/truetype/ttgxvar.c (tt_hvadvance_adjust): Move bounds check ...
(tt_var_get_item_delta): ...  to this function, because it is safer.  For
example, the 'avar' table 2.0 codepath was not performing a bounds check at
all.

1 changed file:

Changes:

  • src/truetype/ttgxvar.c
    ... ... @@ -525,16 +525,6 @@
    525 525 
           goto Exit;
    526 526 
         }
    527 527
    528 
    -    /* new in OpenType 1.8.4: inner & outer index equal to 0xFFFF    */
    529 
    -    /* has a special meaning (i.e., no variation data for this item) */
    530 
    -    if ( itemStore->dataCount == 0xFFFFU )
    531 
    -    {
    532 
    -      FT_TRACE2(( "ft_var_load_item_variation_store:"
    533 
    -                  " dataCount too large\n" ));
    534 
    -      error = FT_THROW( Invalid_Table );
    535 
    -      goto Exit;
    536 
    -    }
    537 
    -
    538 528 
         /* make temporary copy of item variation data offsets; */
    539 529 
         /* we will parse region list first, then come back     */
    540 530 
         if ( FT_QNEW_ARRAY( dataOffsetArray, itemStore->dataCount ) )
    ... ... @@ -1006,10 +996,16 @@
    1006 996 
         /* See pseudo code from `Font Variations Overview' */
    1007 997 
         /* in the OpenType specification.                  */
    1008 998
    999 
    +    if ( outerIndex >= itemStore->dataCount )
    1000 
    +      return 0; /* Out of range. */
    1001 
    +
    1009 1002 
         varData  = &itemStore->varData[outerIndex];
    1010 1003 
         deltaSet = FT_OFFSET( varData->deltaSet,
    1011 1004 
                               varData->regionIdxCount * innerIndex );
    1012 1005
    1006 
    +    if ( innerIndex >= varData->itemCount )
    1007 
    +      return 0; /* Out of range. */
    1008 
    +
    1013 1009 
         if ( FT_QNEW_ARRAY( scalars, varData->regionIdxCount ) )
    1014 1010 
           return 0;
    1015 1011
    ... ... @@ -1181,20 +1177,9 @@
    1181 1177 
         }
    1182 1178 
         else
    1183 1179 
         {
    1184 
    -      GX_ItemVarData  varData;
    1185 
    -
    1186 
    -
    1187 1180 
           /* no widthMap data */
    1188 1181 
           outerIndex = 0;
    1189 1182 
           innerIndex = gindex;
    1190 
    -
    1191 
    -      varData = &table->itemStore.varData[outerIndex];
    1192 
    -      if ( gindex >= varData->itemCount )
    1193 
    -      {
    1194 
    -        FT_TRACE2(( "gindex %d out of range\n", gindex ));
    1195 
    -        error = FT_THROW( Invalid_Argument );
    1196 
    -        goto Exit;
    1197 
    -      }
    1198 1183 
         }
    1199 1184
    1200 1185 
         delta = tt_var_get_item_delta( face,


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.freedesktop.org. Manage all notifications · Help

    reply via email to
    [Prev in Thread] Current Thread [Next in Thread]