shithub: freetype+ttf2subf

Download patch

ref: 9d83d290287d6c844a7fe514050604cd75a76b3a
parent: a7c00b79e04bb205a2fcdab7f94da4793a522e3b
author: Werner Lemberg <[email protected]>
date: Fri Jan 9 02:58:08 EST 2009 

Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2.

* src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle
`count_offset' if it is zero (i.e., unused).  Otherwise, the first
element of the structure which holds the data is erroneously
modified.  Problem reported by Chi Nguyen <[email protected]>.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2009-01-09  Werner Lemberg  <[email protected]>
+
+	Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2.
+
+	* src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle
+	`count_offset' if it is zero (i.e., unused).  Otherwise, the first
+	element of the structure which holds the data is erroneously
+	modified.  Problem reported by Chi Nguyen <[email protected]>.
+
 2009-01-09  suzuki toshiya  <[email protected]>
 
 	* src/base/ftadvanc.c (_ft_face_scale_advances, FT_Get_Advance,
--- a/include/freetype/internal/psaux.h
+++ b/include/freetype/internal/psaux.h
@@ -5,7 +5,7 @@
 /*    Auxiliary functions and data structures related to PostScript fonts  */
 /*    (specification).                                                     */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008 by                   */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008, 2009 by             */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -227,7 +227,11 @@
     FT_UInt             array_max;    /* maximal number of elements for */
                                       /* array                          */
     FT_UInt             count_offset; /* offset of element count for    */
-                                      /* arrays                         */
+                                      /* arrays; must not be zero if in */
+                                      /* use -- in other words, a       */
+                                      /* `num_FOO' element must not     */
+                                      /* start the used structure if we */
+                                      /* parse a `FOO' array            */
     FT_UInt             dict;         /* where we expect it             */
   } T1_FieldRec;
 
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    Auxiliary functions for PostScript fonts (body).                     */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by       */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -1265,8 +1265,9 @@
     old_cursor = parser->cursor;
     old_limit  = parser->limit;
 
-    /* we store the elements count if necessary */
-    if ( field->type != T1_FIELD_TYPE_BBOX )
+    /* we store the elements count if necessary;           */
+    /* we further assume that `count_offset' can't be zero */
+    if ( field->type != T1_FIELD_TYPE_BBOX && field->count_offset != 0 )
       *(FT_Byte*)( (FT_Byte*)objects[0] + field->count_offset ) =
         (FT_Byte)num_elements;