ref: 346f1867fd32dae8f56e5b482d1af98f626804ac
parent: c06da1ad34663da7b6fc39b030dc3ae185b96557
author: Werner Lemberg <[email protected]>
date: Thu Aug 5 20:47:57 EDT 2010
Fix Savannah bug #30657. * src/truetype/ttinterp.c (BOUNDSL): New macro. Change `BOUNDS' to `BOUNDSL' where appropriate. * src/truetype/ttinterp.h (TT_ExecContextRec): Fix type of `cvtSize'.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2010-08-05 Werner Lemberg <[email protected]>
+ Fix Savannah bug #30657.
+
+ * src/truetype/ttinterp.c (BOUNDSL): New macro.
+ Change `BOUNDS' to `BOUNDSL' where appropriate.
+
+ * src/truetype/ttinterp.h (TT_ExecContextRec): Fix type of
+ `cvtSize'.
+
+2010-08-05 Werner Lemberg <[email protected]>
+
Fix Savannah bug #30656.
* src/type42/t42parse.c (t42_parse_sfnts): Protect against negative
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -224,9 +224,10 @@
/*************************************************************************/
/* */
- /* A simple bounds-checking macro. */
+ /* Two simple bounds-checking macros. */
/* */
-#define BOUNDS( x, n ) ( (FT_UInt)(x) >= (FT_UInt)(n) )
+#define BOUNDS( x, n ) ( (FT_UInt)(x) >= (FT_UInt)(n) )
+#define BOUNDSL( x, n ) ( (FT_ULong)(x) >= (FT_ULong)(n) )
#undef SUCCESS
#define SUCCESS 0
@@ -3281,39 +3282,39 @@
args[0] = FT_PIX_CEIL( args[0] );
-#define DO_RS \
- { \
- FT_ULong I = (FT_ULong)args[0]; \
- \
- \
- if ( BOUNDS( I, CUR.storeSize ) ) \
- { \
- if ( CUR.pedantic_hinting ) \
- { \
- ARRAY_BOUND_ERROR; \
- } \
- else \
- args[0] = 0; \
- } \
- else \
- args[0] = CUR.storage[I]; \
+#define DO_RS \
+ { \
+ FT_ULong I = (FT_ULong)args[0]; \
+ \
+ \
+ if ( BOUNDSL( I, CUR.storeSize ) ) \
+ { \
+ if ( CUR.pedantic_hinting ) \
+ { \
+ ARRAY_BOUND_ERROR; \
+ } \
+ else \
+ args[0] = 0; \
+ } \
+ else \
+ args[0] = CUR.storage[I]; \
}
-#define DO_WS \
- { \
- FT_ULong I = (FT_ULong)args[0]; \
- \
- \
- if ( BOUNDS( I, CUR.storeSize ) ) \
- { \
- if ( CUR.pedantic_hinting ) \
- { \
- ARRAY_BOUND_ERROR; \
- } \
- } \
- else \
- CUR.storage[I] = args[1]; \
+#define DO_WS \
+ { \
+ FT_ULong I = (FT_ULong)args[0]; \
+ \
+ \
+ if ( BOUNDSL( I, CUR.storeSize ) ) \
+ { \
+ if ( CUR.pedantic_hinting ) \
+ { \
+ ARRAY_BOUND_ERROR; \
+ } \
+ } \
+ else \
+ CUR.storage[I] = args[1]; \
}
@@ -3322,7 +3323,7 @@
FT_ULong I = (FT_ULong)args[0]; \
\
\
- if ( BOUNDS( I, CUR.cvtSize ) ) \
+ if ( BOUNDSL( I, CUR.cvtSize ) ) \
{ \
if ( CUR.pedantic_hinting ) \
{ \
@@ -3341,7 +3342,7 @@
FT_ULong I = (FT_ULong)args[0]; \
\
\
- if ( BOUNDS( I, CUR.cvtSize ) ) \
+ if ( BOUNDSL( I, CUR.cvtSize ) ) \
{ \
if ( CUR.pedantic_hinting ) \
{ \
@@ -3358,7 +3359,7 @@
FT_ULong I = (FT_ULong)args[0]; \
\
\
- if ( BOUNDS( I, CUR.cvtSize ) ) \
+ if ( BOUNDSL( I, CUR.cvtSize ) ) \
{ \
if ( CUR.pedantic_hinting ) \
{ \
@@ -4679,7 +4680,7 @@
/* first of all, check the index */
F = args[0];
- if ( BOUNDS( F, CUR.maxFunc + 1 ) )
+ if ( BOUNDSL( F, CUR.maxFunc + 1 ) )
goto Fail;
/* Except for some old Apple fonts, all functions in a TrueType */
@@ -4755,7 +4756,7 @@
/* first of all, check the index */
F = args[1];
- if ( BOUNDS( F, CUR.maxFunc + 1 ) )
+ if ( BOUNDSL( F, CUR.maxFunc + 1 ) )
goto Fail;
/* Except for some old Apple fonts, all functions in a TrueType */
@@ -5030,7 +5031,7 @@
L = (FT_ULong)args[0];
- if ( BOUNDS( L, CUR.zp2.n_points ) )
+ if ( BOUNDSL( L, CUR.zp2.n_points ) )
{
if ( CUR.pedantic_hinting )
{
@@ -5114,8 +5115,8 @@
K = (FT_UShort)args[1];
L = (FT_UShort)args[0];
- if( BOUNDS( L, CUR.zp0.n_points ) ||
- BOUNDS( K, CUR.zp1.n_points ) )
+ if ( BOUNDS( L, CUR.zp0.n_points ) ||
+ BOUNDS( K, CUR.zp1.n_points ) )
{
if ( CUR.pedantic_hinting )
{
@@ -5769,12 +5770,12 @@
static void
Ins_SHZ( INS_ARG )
{
- TT_GlyphZoneRec zp;
- FT_UShort refp;
- FT_F26Dot6 dx,
- dy;
+ TT_GlyphZoneRec zp;
+ FT_UShort refp;
+ FT_F26Dot6 dx,
+ dy;
- FT_UShort last_point, i;
+ FT_UShort last_point, i;
if ( BOUNDS( args[0], 2 ) )
@@ -5976,8 +5977,8 @@
cvtEntry = (FT_ULong)args[1];
point = (FT_UShort)args[0];
- if ( BOUNDS( point, CUR.zp0.n_points ) ||
- BOUNDS( cvtEntry, CUR.cvtSize ) )
+ if ( BOUNDS( point, CUR.zp0.n_points ) ||
+ BOUNDSL( cvtEntry, CUR.cvtSize ) )
{
if ( CUR.pedantic_hinting )
CUR.error = TT_Err_Invalid_Reference;
@@ -6169,7 +6170,7 @@
/* XXX: UNDOCUMENTED! cvt[-1] = 0 always */
if ( BOUNDS( point, CUR.zp1.n_points ) ||
- BOUNDS( cvtEntry, CUR.cvtSize + 1 ) ||
+ BOUNDSL( cvtEntry, CUR.cvtSize + 1 ) ||
BOUNDS( CUR.GS.rp0, CUR.zp0.n_points ) )
{
if ( CUR.pedantic_hinting )
@@ -6420,8 +6421,8 @@
p1 = (FT_UShort)args[0];
p2 = (FT_UShort)args[1];
- if ( BOUNDS( args[0], CUR.zp1.n_points ) ||
- BOUNDS( args[1], CUR.zp0.n_points ) )
+ if ( BOUNDS( p1, CUR.zp1.n_points ) ||
+ BOUNDS( p2, CUR.zp0.n_points ) )
{
if ( CUR.pedantic_hinting )
CUR.error = TT_Err_Invalid_Reference;
@@ -6950,7 +6951,7 @@
A = (FT_ULong)CUR.stack[CUR.args + 1];
B = CUR.stack[CUR.args];
- if ( BOUNDS( A, CUR.cvtSize ) )
+ if ( BOUNDSL( A, CUR.cvtSize ) )
{
if ( CUR.pedantic_hinting )
{
--- a/src/truetype/ttinterp.h
+++ b/src/truetype/ttinterp.h
@@ -150,7 +150,7 @@
FT_Bool step_ins; /* true if the interpreter must */
/* increment IP after ins. exec */
- FT_Long cvtSize;
+ FT_ULong cvtSize;
FT_Long* cvt;
FT_UInt glyphSize; /* glyph instructions buffer size */