shithub: freetype+ttf2subf

Download patch

ref: 4f41d63b02c58bf3512878f71f4f0a07ca2359fa
parent: 458c34233d48e0e997cfd4443ef8ede580b34d20
author: Suzuki, Toshiya (鈴木俊哉) <[email protected]>
date: Wed Feb 8 20:43:00 EST 2006 

fix src/cid/cidparse.c for too-short CIDFont

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-02-09  suzuki toshiya <[email protected]>
+
+	* src/cid/cidparse.c: Fix for abnormally short or broken CIDFont.
+	The issue was found by Taek Kwan(TK) Lee (See ft-devel 2005-11-02).
+
 2006-02-08  suzuki toshiya <[email protected]>
 
 	* builds/unix/configure.ac: Fix bug for "--with-old-mac-fonts"
--- a/src/cid/cidparse.c
+++ b/src/cid/cidparse.c
@@ -56,8 +56,6 @@
   {
     FT_Error  error;
     FT_ULong  base_offset, offset, ps_len;
-    FT_Byte   buffer[256 + 10];
-    FT_Int    buff_len;
     FT_Byte   *cur, *limit;
     FT_Byte   *arg1, *arg2;
 
@@ -86,36 +84,44 @@
 
   Again:
     /* now, read the rest of the file until we find a `StartData' */
-    buff_len = 256;
-    for (;;)
     {
-      FT_Byte*  p;
-      FT_ULong  top_position;
+      FT_Byte   buffer[256 + 10];
+      FT_Int    read_len = 256 + 10;
+      FT_Byte*  p        = buffer;
 
 
-      /* fill input buffer */
-      limit     = buffer + 256;
-      buff_len -= 256;
-      if ( buff_len > 0 )
-        FT_MEM_MOVE( buffer, limit, buff_len );
+      for ( offset = (FT_ULong)FT_STREAM_POS(); ; offset += 256 )
+      {
+        FT_Int    stream_len;
+        FT_Byte*  limit;
 
-      p = buffer + buff_len;
 
-      if ( FT_STREAM_READ( p, 256 + 10 - buff_len ) )
-        goto Exit;
+        stream_len = stream->size - FT_STREAM_POS();
+        if ( stream_len == 0 )
+          goto Exit;
 
-      top_position = FT_STREAM_POS() - buff_len;
-      buff_len     = 256 + 10;
+        read_len = FT_MIN( read_len, stream_len );
+        if ( FT_STREAM_READ( p, read_len ) )
+          goto Exit;
 
-      /* look for `StartData' */
-      for ( p = buffer; p < limit; p++ )
-      {
-        if ( p[0] == 'S' && ft_strncmp( (char*)p, "StartData", 9 ) == 0 )
+        if ( read_len < 256 )
+          p[read_len]  = '\0';
+
+        limit = p + read_len - 10;
+
+        for ( p = buffer; p < limit; p++ )
         {
-          /* save offset of binary data after `StartData' */
-          offset = (FT_ULong)( top_position - ( limit - p ) + 10 );
-          goto Found;
+          if ( p[0] == 'S' && ft_strncmp( (char*)p, "StartData", 9 ) == 0 )
+          {
+            /* save offset of binary data after `StartData' */
+            offset += p - buffer + 10;
+            goto Found;
+          }
         }
+
+        FT_MEM_MOVE( buffer, p, 10 );
+        read_len = 256;
+        p = buffer + 10;
       }
     }