ref: 90c7efc8f233100557514b01f37d50531afbfa46
parent: 95aeebf438f8249cc7645722cc37dbf408ecfe71
author: suzuki toshiya <[email protected]>
date: Fri Jul 31 20:30:13 EDT 2009
otvalid: Prevent an overflow by GPOS/GSUB 32b-bit offset.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2009-07-31 suzuki toshiya <[email protected]>
+ otvalid: Prevent an overflow by GPOS/GSUB 32b-bit offset.
+
+ * src/otvalid/otvgpos.c (otv_ExtensionPos_validate):
+ Extend ExtensionOffset from FT_UInt to FT_ULong, to
+ cover 32-bit offset on 16-bit platform.
+
+ * src/otvalid/otvgsub.c (otv_ExtensionSubst_validate):
+ Ditto.
+
+2009-07-31 suzuki toshiya <[email protected]>
+
ftobjs.c: Prevent an overflow in glyph index handling.
* src/base/ftobjs.c (FT_Face_GetCharsOfVariant):
--- a/src/otvalid/otvgpos.c
+++ b/src/otvalid/otvgpos.c
@@ -911,7 +911,8 @@
{case 1: /* ExtensionPosFormat1 */
{- FT_UInt ExtensionLookupType, ExtensionOffset;
+ FT_UInt ExtensionLookupType;
+ FT_ULong ExtensionOffset;
OTV_Validate_Func validate;
--- a/src/otvalid/otvgsub.c
+++ b/src/otvalid/otvgsub.c
@@ -415,7 +415,8 @@
{case 1: /* ExtensionSubstFormat1 */
{- FT_UInt ExtensionLookupType, ExtensionOffset;
+ FT_UInt ExtensionLookupType;
+ FT_ULong ExtensionOffset;
OTV_Validate_Func validate;