shithub: freetype+ttf2subf

Download patch

ref: 42f5c714c055d9d8cade2ede35c3abb5ae448a2c
parent: ab7e52b1c78b27d74e9555c6488c46bd62101804
author: Werner Lemberg <[email protected]>
date: Tue Mar 3 18:34:49 EST 2009 

Formatting.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,12 @@
 2009-03-03  David Turner  <[email protected]>
 
-	Fix SFNT kerning table parser against malformed tables.
-	Closes Savannah BUG #25750
+	Protect SFNT kerning table parser against malformed tables.
 
-	* src/sfnt/ttkern.c (tt_face_get_kerning): fix a bug
-	where a malformed table would be succesfully loaded but
-	later crash the engine during parsing.
+	This closes Savannah BUG #25750.
+
+	* src/sfnt/ttkern.c (tt_face_load_kern, tt_face_get_kerning): Fix a
+	bug where a malformed table would be successfully loaded but later
+	crash the engine during parsing.
 
 2009-03-03  David Turner  <[email protected]>
 
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -33,8 +33,8 @@
     - `FT_Get_Advance' (and `FT_Get_Advances') returned bad values for
       almost all font formats except TrueType fonts.
 
-    - Fix a bug in the SFNT kerning table loader/parser which could crash
-      the engine if certain malformed tables were encountered.
+    - Fix a bug  in the SFNT  kerning table  loader/parser which could
+      crash the engine if certain malformed tables were encountered.
 
   II. IMPORTANT CHANGES
 
--- a/src/sfnt/ttkern.c
+++ b/src/sfnt/ttkern.c
@@ -5,7 +5,7 @@
 /*    Load the basic TrueType kerning table.  This doesn't handle          */
 /*    kerning data within the GPOS table at the moment.                    */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007 by             */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009 by       */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -103,8 +103,8 @@
 
       p_next += length;
 
-      if (p_next > p_limit)  /* handle broken table */
-         p_next = p_limit;
+      if ( p_next > p_limit )  /* handle broken table */
+        p_next = p_limit;
 
       /* only use horizontal kerning tables */
       if ( ( coverage & ~8 ) != 0x0001 ||
@@ -114,8 +114,8 @@
       num_pairs = FT_NEXT_USHORT( p );
       p        += 6;
 
-      if ( (p_next - p)/6 < (int)num_pairs ) /* handle broken count */
-        num_pairs = (FT_UInt)((p_next - p)/6);
+      if ( ( p_next - p ) / 6 < (int)num_pairs ) /* handle broken count */
+        num_pairs = (FT_UInt)( ( p_next - p ) / 6 );
 
       avail |= mask;
 
@@ -207,7 +207,7 @@
 
       next = base + length;
 
-      if (next > p_limit)  /* handle broken table */
+      if ( next > p_limit )  /* handle broken table */
         next = p_limit;
 
       if ( ( face->kern_avail_bits & mask ) == 0 )
@@ -219,8 +219,8 @@
       num_pairs = FT_NEXT_USHORT( p );
       p        += 6;
 
-      if ((next - p)/6 < (int)num_pairs)  /* handle broken count  */
-        num_pairs = (FT_UInt)((next - p)/6);
+      if ( ( next - p ) / 6 < (int)num_pairs )  /* handle broken count  */
+        num_pairs = (FT_UInt)( ( next - p ) / 6 );
 
       switch ( coverage >> 8 )
       {