freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Git][freetype/freetype][master] [truetype] Fix recent fallout in memory

From: Alexei Podtelezhnikov (@apodtele)
Subject: [Git][freetype/freetype][master] [truetype] Fix recent fallout in memory management.
Date: Sat, 11 Mar 2023 04:52:46 +0000

Alexei Podtelezhnikov pushed to branch master at FreeType / FreeType

Commits:

  • b9376065
    by Alexei Podtelezhnikov at 2023-03-10T23:41:39-05:00 
    [truetype] Fix recent fallout in memory management.

* src/truetype/ttgload.c (TT_Process_Composite_Glyph,
TT_Load_Simple_Glyph): Clean up old instructions regardless of
new ones, postpone setting `control_len` and `control_data` until...
(TT_Load_Glyph): ... the exit from this function.

1 changed file:

Changes:

  • src/truetype/ttgload.c
    ... ... @@ -422,10 +422,6 @@
    422 422 
         if ( error )
    423 423 
           goto Fail;
    424 424
    425 
    -    /* reading the bytecode instructions */
    426 
    -    load->glyph->control_len  = 0;
    427 
    -    load->glyph->control_data = NULL;
    428 
    -
    429 425 
         if ( p + 2 > limit )
    430 426 
           goto Invalid_Outline;
    431 427
    ... ... @@ -449,21 +445,20 @@
    449 445 
             goto Fail;
    450 446 
           }
    451 447
    448 
    +      if ( exec->glyphSize )
    449 
    +        FT_FREE( exec->glyphIns );
    450 
    +      exec->glyphSize = 0;
    451 
    +
    452 452 
           /* we don't trust `maxSizeOfInstructions' in the `maxp' table */
    453 453 
           /* and thus allocate the bytecode array size by ourselves     */
    454 454 
           if ( n_ins )
    455 455 
           {
    456 
    -        if ( exec->glyphSize )
    457 
    -          FT_FREE( exec->glyphIns );
    458 456 
             if ( FT_QNEW_ARRAY( exec->glyphIns, n_ins ) )
    459 457 
               return error;
    460 458
    461 459 
             FT_MEM_COPY( exec->glyphIns, p, (FT_Long)n_ins );
    462 460
    463 461 
             exec->glyphSize  = n_ins;
    464 
    -
    465 
    -        load->glyph->control_len  = n_ins;
    466 
    -        load->glyph->control_data = exec->glyphIns;
    467 462 
           }
    468 463 
         }
    469 464
    ... ... @@ -1347,27 +1342,6 @@
    1347 1342
    1348 1343 
     #ifdef TT_USE_BYTECODE_INTERPRETER
    1349 1344
    1350 
    -    /* TT_Load_Composite_Glyph only gives us the offset of instructions */
    1351 
    -    /* so we read them here                                             */
    1352 
    -    if ( FT_STREAM_SEEK( loader->ins_pos ) ||
    1353 
    -         FT_READ_USHORT( n_ins )           )
    1354 
    -      return error;
    1355 
    -
    1356 
    -    FT_TRACE5(( "  Instructions size = %hu\n", n_ins ));
    1357 
    -
    1358 
    -    if ( !n_ins )
    1359 
    -      return FT_Err_Ok;
    1360 
    -
    1361 
    -    /* don't trust `maxSizeOfInstructions'; */
    1362 
    -    /* only do a rough safety check         */
    1363 
    -    if ( n_ins > loader->byte_len )
    1364 
    -    {
    1365 
    -      FT_TRACE1(( "TT_Process_Composite_Glyph:"
    1366 
    -                  " too many instructions (%hu) for glyph with length %u\n",
    1367 
    -                  n_ins, loader->byte_len ));
    1368 
    -      return FT_THROW( Too_Many_Hints );
    1369 
    -    }
    1370 
    -
    1371 1345 
         {
    1372 1346 
           TT_ExecContext  exec = loader->exec;
    1373 1347 
           FT_Memory       memory = exec->memory;
    ... ... @@ -1375,14 +1349,34 @@
    1375 1349
    1376 1350 
           if ( exec->glyphSize )
    1377 1351 
             FT_FREE( exec->glyphIns );
    1352 
    +      exec->glyphSize = 0;
    1353 
    +
    1354 
    +      /* TT_Load_Composite_Glyph only gives us the offset of instructions */
    1355 
    +      /* so we read them here                                             */
    1356 
    +      if ( FT_STREAM_SEEK( loader->ins_pos ) ||
    1357 
    +           FT_READ_USHORT( n_ins )           )
    1358 
    +        return error;
    1359 
    +
    1360 
    +      FT_TRACE5(( "  Instructions size = %hu\n", n_ins ));
    1361 
    +
    1362 
    +      if ( !n_ins )
    1363 
    +        return FT_Err_Ok;
    1364 
    +
    1365 
    +      /* don't trust `maxSizeOfInstructions'; */
    1366 
    +      /* only do a rough safety check         */
    1367 
    +      if ( n_ins > loader->byte_len )
    1368 
    +      {
    1369 
    +        FT_TRACE1(( "TT_Process_Composite_Glyph:"
    1370 
    +                    " too many instructions (%hu) for glyph with length %u\n",
    1371 
    +                    n_ins, loader->byte_len ));
    1372 
    +        return FT_THROW( Too_Many_Hints );
    1373 
    +      }
    1374 
    +
    1378 1375 
           if ( FT_QNEW_ARRAY( exec->glyphIns, n_ins )  ||
    1379 1376 
                FT_STREAM_READ( exec->glyphIns, n_ins ) )
    1380 1377 
             return error;
    1381 1378
    1382 1379 
           exec->glyphSize = n_ins;
    1383 
    -
    1384 
    -      loader->glyph->control_len  = n_ins;
    1385 
    -      loader->glyph->control_data = exec->glyphIns;
    1386 1380 
         }
    1387 1381
    1388 1382 
     #endif
    ... ... @@ -2940,6 +2934,9 @@
    2940 2934
    2941 2935 
           if ( IS_HINTED( load_flags ) )
    2942 2936 
           {
    2937 
    +        glyph->control_data = loader.exec->glyphIns;
    2938 
    +        glyph->control_len  = loader.exec->glyphSize;
    2939 
    +
    2943 2940 
             if ( loader.exec->GS.scan_control )
    2944 2941 
             {
    2945 2942 
               /* convert scan conversion mode to FT_OUTLINE_XXX flags */


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.freedesktop.org. Manage all notifications · Help

    reply via email to
    [Prev in Thread] Current Thread [Next in Thread]