freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Git][freetype/freetype][master] [sfnt] Miscellaneous POST clean-ups.

From: Alexei Podtelezhnikov (@apodtele)
Subject: [Git][freetype/freetype][master] [sfnt] Miscellaneous POST clean-ups.
Date: Sat, 01 Apr 2023 03:35:07 +0000

Alexei Podtelezhnikov pushed to branch master at FreeType / FreeType

Commits:

  • 6d7b8b22
    by Alexei Podtelezhnikov at 2023-03-31T23:17:46-04:00 
    [sfnt] Miscellaneous POST clean-ups.

* src/sfnt/ttpost.c (load_format_20): Decrease casts.
(load_format_25): Check the table length and impose a theoretical
glyph number limit usable with 8-bit offset.  Decrease casts.
(load_post_names): Pass the mapping data length without 2 bytes.

1 changed file:

Changes:

  • src/sfnt/ttpost.c
    ... ... @@ -163,7 +163,7 @@
    163 163 
         FT_Memory   memory = stream->memory;
    164 164 
         FT_Error    error;
    165 165
    166 
    -    FT_Int      num_glyphs;
    166 
    +    FT_UShort   num_glyphs;
    167 167 
         FT_UShort   num_names = 0;
    168 168
    169 169 
         FT_UShort*  glyph_indices = NULL;
    ... ... @@ -179,8 +179,8 @@
    179 179 
         /* There already exist fonts which have more than 32768 glyph names */
    180 180 
         /* in this table, so the test for this threshold has been dropped.  */
    181 181
    182 
    -    if ( num_glyphs > face->max_profile.numGlyphs  ||
    183 
    -         (FT_ULong)num_glyphs * 2UL > post_len - 2 )
    182 
    +    if ( num_glyphs > face->max_profile.numGlyphs ||
    183 
    +         (FT_ULong)num_glyphs * 2 > post_len      )
    184 184 
         {
    185 185 
           error = FT_THROW( Invalid_File_Format );
    186 186 
           goto Exit;
    ... ... @@ -188,12 +188,12 @@
    188 188
    189 189 
         /* load the indices and note their maximum */
    190 190 
         {
    191 
    -      FT_Int     n;
    191 
    +      FT_UShort  n;
    192 192 
           FT_UShort  idx;
    193 193
    194 194
    195 195 
           if ( FT_QNEW_ARRAY( glyph_indices, num_glyphs ) ||
    196 
    -           FT_FRAME_ENTER( num_glyphs * 2L )          )
    196 
    +           FT_FRAME_ENTER( num_glyphs * 2 )           )
    197 197 
             goto Fail;
    198 198
    199 199 
           for ( n = 0; n < num_glyphs; n++ )
    ... ... @@ -218,7 +218,7 @@
    218 218 
           FT_Byte*   strings;
    219 219
    220 220
    221 
    -      post_len -= (FT_ULong)num_glyphs * 2UL + 2;
    221 
    +      post_len -= (FT_ULong)num_glyphs * 2;
    222 222
    223 223 
           if ( FT_QALLOC( name_strings, num_names * sizeof ( FT_Byte* ) +
    224 224 
                                         post_len + 1 ) )
    ... ... @@ -262,8 +262,8 @@
    262 262 
           TT_Post_20  table = &face->postscript_names.names.format_20;
    263 263
    264 264
    265 
    -      table->num_glyphs    = (FT_UShort)num_glyphs;
    266 
    -      table->num_names     = (FT_UShort)num_names;
    265 
    +      table->num_glyphs    = num_glyphs;
    266 
    +      table->num_names     = num_names;
    267 267 
           table->glyph_indices = glyph_indices;
    268 268 
           table->glyph_names   = name_strings;
    269 269 
         }
    ... ... @@ -286,39 +286,38 @@
    286 286 
         FT_Memory  memory = stream->memory;
    287 287 
         FT_Error   error;
    288 288
    289 
    -    FT_Int     num_glyphs;
    289 
    +    FT_UShort  num_glyphs;
    290 290 
         FT_Char*   offset_table = NULL;
    291 291
    292 
    -    FT_UNUSED( post_len );
    293 
    -
    294 292
    295 293 
         if ( FT_READ_USHORT( num_glyphs ) )
    296 294 
           goto Exit;
    297 295
    298 
    -    /* check the number of glyphs */
    296 
    +    /* check the number of glyphs, including the theoretical limit */
    299 297 
         if ( num_glyphs > face->max_profile.numGlyphs ||
    300 
    -         num_glyphs > 258                         ||
    301 
    -         num_glyphs < 1                           )
    298 
    +         num_glyphs > post_len                    ||
    299 
    +         num_glyphs > 257 + 128                   )
    302 300 
         {
    303 301 
           error = FT_THROW( Invalid_File_Format );
    304 302 
           goto Exit;
    305 303 
         }
    306 304
    307 
    -    if ( FT_QNEW_ARRAY( offset_table, num_glyphs )  ||
    308 
    -         FT_STREAM_READ( offset_table, num_glyphs ) )
    309 
    -      goto Fail;
    310 
    -
    311 
    -    /* now check the offset table */
    305 
    +    if ( num_glyphs )
    312 306 
         {
    313 
    -      FT_Int  n;
    307 
    +      FT_UShort  n;
    308 
    +
    314 309
    310 
    +      if ( FT_QNEW_ARRAY( offset_table, num_glyphs )  ||
    311 
    +           FT_STREAM_READ( offset_table, num_glyphs ) )
    312 
    +        goto Fail;
    315 313
    314 
    +      /* now check the offset table for out-of-range values */
    316 315 
           for ( n = 0; n < num_glyphs; n++ )
    317 316 
           {
    318 
    -        FT_Long  idx = (FT_Long)n + offset_table[n];
    317 
    +        FT_Int  idx = n + offset_table[n];
    319 318
    320 319
    321 
    -        if ( idx < 0 || idx > num_glyphs )
    320 
    +        if ( idx < 0 || idx > 257 )
    322 321 
             {
    323 322 
               error = FT_THROW( Invalid_File_Format );
    324 323 
               goto Fail;
    ... ... @@ -331,7 +330,7 @@
    331 330 
           TT_Post_25  table = &face->postscript_names.names.format_25;
    332 331
    333 332
    334 
    -      table->num_glyphs = (FT_UShort)num_glyphs;
    333 
    +      table->num_glyphs = num_glyphs;
    335 334 
           table->offsets    = offset_table;
    336 335 
         }
    337 336
    ... ... @@ -370,9 +369,9 @@
    370 369
    371 370 
         /* now read postscript table */
    372 371 
         if ( format == 0x00020000L && post_len >= 34 )
    373 
    -      error = load_format_20( face, stream, post_len - 32 );
    372 
    +      error = load_format_20( face, stream, post_len - 34 );
    374 373 
         else if ( format == 0x00025000L && post_len >= 34 )
    375 
    -      error = load_format_25( face, stream, post_len - 32 );
    374 
    +      error = load_format_25( face, stream, post_len - 34 );
    376 375 
         else
    377 376 
           error = FT_THROW( Invalid_File_Format );
    378 377


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.freedesktop.org. Manage all notifications · Help

    reply via email to
    [Prev in Thread] Current Thread [Next in Thread]