ref: 1720e81e3ecc7c266e54fe40175cc39c47117bf5
parent: 18a8f0d9943369449bc4de92d411c78fb08d616c
author: suzuki toshiya <[email protected]>
date: Wed Nov 26 11:39:00 EST 2014
* src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments and fold too long tracing messages.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2014-11-26 suzuki toshiya <[email protected]>
+ * src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments
+ and fold too long tracing messages.
+
+2014-11-26 suzuki toshiya <[email protected]>
+
Fix Savannah bug #43540.
* src/base/ftmac.c (parse_fond): Prevent a buffer overrun
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -1580,21 +1580,28 @@
goto Exit;
if ( FT_READ_ULONG( temp ) )
goto Exit;
-#if 0
- FT_TRACE4(( " POST fragment #%d: length=0x%08x\n", i, temp));
+
+ /* FT2 allocator takes signed long buffer length,
+ * too large value causing overflow should be checked
+ */
+ FT_TRACE4(( " POST fragment #%d: length=0x%08x\n",
+ i, temp));
if ( 0x7FFFFFFFUL < temp )
{
error = FT_THROW( Invalid_Offset );
goto Exit;
}
-#endif
pfb_len += temp + 6;
}
- FT_TRACE2(( " total buffer size to concatenate %d POST fragments: 0x%08x\n",
+ FT_TRACE2(( " total buffer size to concatenate %d"
+ " POST fragments: 0x%08x\n",
resource_cnt, pfb_len + 2));
if ( pfb_len + 2 < 6 ) {
+ FT_TRACE2(( " too long fragment length makes"
+ " pfb_len confused: 0x%08x\n",
+ pfb_len ));
error = FT_THROW( Array_Too_Large );
goto Exit;
}
@@ -1619,13 +1626,16 @@
goto Exit2;
if ( FT_READ_ULONG( rlen ) )
goto Exit2;
-#if 0
+
+ /* FT2 allocator takes signed long buffer length,
+ * too large fragment length causing overflow should be checked
+ */
if ( 0x7FFFFFFFUL < rlen )
{
error = FT_THROW( Invalid_Offset );
goto Exit2;
}
-#endif
+
if ( FT_READ_USHORT( flags ) )
goto Exit2;
FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
@@ -1650,7 +1660,8 @@
len += rlen;
else
{
- FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos ));
+ FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer"
+ " 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos ));
if ( pfb_lenpos + 3 > pfb_len + 2 )
goto Exit2;
pfb_data[pfb_lenpos ] = (FT_Byte)( len );
@@ -1661,7 +1672,8 @@
if ( ( flags >> 8 ) == 5 ) /* End of font mark */
break;
- FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer 0x%p + 0x%08x\n", i, pfb_data, pfb_pos ));
+ FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer"
+ " 0x%p + 0x%08x\n", i, pfb_data, pfb_pos ));
if ( pfb_pos + 6 > pfb_len + 2 )
goto Exit2;
pfb_data[pfb_pos++] = 0x80;
@@ -1680,7 +1692,8 @@
if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
goto Exit2;
- FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos ));
+ FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer"
+ " 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos ));
error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );
if ( error )
goto Exit2;
@@ -1709,7 +1722,8 @@
Exit2:
if ( error == FT_ERR( Array_Too_Large ) )
- FT_TRACE2(( " Abort due to too-short buffer to store all POST fragments\n" ));
+ FT_TRACE2(( " Abort due to too-short buffer to store"
+ " all POST fragments\n" ));
else if ( error == FT_ERR( Invalid_Offset ) )
FT_TRACE2(( " Abort due to invalid offset in a POST fragment\n" ));
if ( error )