shithub: freetype+ttf2subf

Download patch

ref: 26170df08b30c1cca4e31321746d4e48511187cc
parent: b6f6d2479a716e01f3f9c242f7963a156ac17adc
author: Werner Lemberg <[email protected]>
date: Sun Mar 26 02:19:07 EST 2006

* src/bdf/bdflib.c (ERRMSG4): New macro.
(_bdf_parse_glyphs): Handle invalid BBX values.

* include/freetype/fterrdef.h (FT_Err_Bbx_Too_Big): New error
macro.

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2006-03-26  Werner Lemberg  <[email protected]>
+
+	* src/bdf/bdflib.c (ERRMSG4): New macro.
+	(_bdf_parse_glyphs): Handle invalid BBX values.
+
+	* include/freetype/fterrdef.h (FT_Err_Bbx_Too_Big): New error
+	macro.
+
 2006-03-23  Werner Lemberg  <[email protected]>
 
 	* docs/CHANGES: Updated.
--- a/include/freetype/fterrdef.h
+++ b/include/freetype/fterrdef.h
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    FreeType error codes (specification).                                */
 /*                                                                         */
-/*  Copyright 2002, 2004 by                                                */
+/*  Copyright 2002, 2004, 2006 by                                          */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -226,6 +226,8 @@
                 "`ENCODING' field missing" )
   FT_ERRORDEF_( Missing_Bbx_Field,                           0xB6, \
                 "`BBX' field missing" )
+  FT_ERRORDEF_( Bbx_Too_Big,                                 0xB7, \
+                "`BBX' too big" )
 
 
 /* END */
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -1092,6 +1092,7 @@
 #define ERRMSG1  "[line %ld] Missing \"%s\" line.\n"
 #define ERRMSG2  "[line %ld] Font header corrupted or missing fields.\n"
 #define ERRMSG3  "[line %ld] Font glyphs corrupted or missing fields.\n"
+#define ERRMSG4  "[line %ld] BBX too big.\n"
 
 
   static FT_Error
@@ -1814,6 +1815,9 @@
     /* And finally, gather up the bitmap. */
     if ( ft_memcmp( line, "BITMAP", 6 ) == 0 )
     {
+      unsigned long  bitmap_size;
+
+
       if ( !( p->flags & _BDF_BBX ) )
       {
         /* Missing BBX field. */
@@ -1824,7 +1828,16 @@
 
       /* Allocate enough space for the bitmap. */
       glyph->bpr   = ( glyph->bbx.width * p->font->bpp + 7 ) >> 3;
-      glyph->bytes = (unsigned short)( glyph->bpr * glyph->bbx.height );
+
+      bitmap_size = glyph->bpr * glyph->bbx.height;
+      if ( bitmap_size > 0xFFFFU )
+      {
+        FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG4, lineno ));
+        error = BDF_Err_Bbx_Too_Big;
+        goto Exit;
+      }
+      else
+        glyph->bytes = (unsigned short)bitmap_size;
 
       if ( FT_NEW_ARRAY( glyph->bitmap, glyph->bytes ) )
         goto Exit;