ref: 26170df08b30c1cca4e31321746d4e48511187cc
parent: b6f6d2479a716e01f3f9c242f7963a156ac17adc
author: Werner Lemberg <[email protected]>
date: Sun Mar 26 02:19:07 EST 2006
* src/bdf/bdflib.c (ERRMSG4): New macro. (_bdf_parse_glyphs): Handle invalid BBX values. * include/freetype/fterrdef.h (FT_Err_Bbx_Too_Big): New error macro.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2006-03-26 Werner Lemberg <[email protected]>
+
+ * src/bdf/bdflib.c (ERRMSG4): New macro.
+ (_bdf_parse_glyphs): Handle invalid BBX values.
+
+ * include/freetype/fterrdef.h (FT_Err_Bbx_Too_Big): New error
+ macro.
+
2006-03-23 Werner Lemberg <[email protected]>
* docs/CHANGES: Updated.
--- a/include/freetype/fterrdef.h
+++ b/include/freetype/fterrdef.h
@@ -4,7 +4,7 @@
/* */
/* FreeType error codes (specification). */
/* */
-/* Copyright 2002, 2004 by */
+/* Copyright 2002, 2004, 2006 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -226,6 +226,8 @@
"`ENCODING' field missing" )
FT_ERRORDEF_( Missing_Bbx_Field, 0xB6, \
"`BBX' field missing" )
+ FT_ERRORDEF_( Bbx_Too_Big, 0xB7, \
+ "`BBX' too big" )
/* END */
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -1092,6 +1092,7 @@
#define ERRMSG1 "[line %ld] Missing \"%s\" line.\n"
#define ERRMSG2 "[line %ld] Font header corrupted or missing fields.\n"
#define ERRMSG3 "[line %ld] Font glyphs corrupted or missing fields.\n"
+#define ERRMSG4 "[line %ld] BBX too big.\n"
static FT_Error
@@ -1814,6 +1815,9 @@
/* And finally, gather up the bitmap. */
if ( ft_memcmp( line, "BITMAP", 6 ) == 0 )
{
+ unsigned long bitmap_size;
+
+
if ( !( p->flags & _BDF_BBX ) )
{
/* Missing BBX field. */
@@ -1824,7 +1828,16 @@
/* Allocate enough space for the bitmap. */
glyph->bpr = ( glyph->bbx.width * p->font->bpp + 7 ) >> 3;
- glyph->bytes = (unsigned short)( glyph->bpr * glyph->bbx.height );
+
+ bitmap_size = glyph->bpr * glyph->bbx.height;
+ if ( bitmap_size > 0xFFFFU )
+ {
+ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG4, lineno ));
+ error = BDF_Err_Bbx_Too_Big;
+ goto Exit;
+ }
+ else
+ glyph->bytes = (unsigned short)bitmap_size;
if ( FT_NEW_ARRAY( glyph->bitmap, glyph->bytes ) )
goto Exit;