shithub: freetype+ttf2subf

Download patch

ref: ad18b367e9c658d94cf85224ba46c11f092ff7fd
parent: 25b14229f1a8a3deefdf4a74c4cadf6057bf6d78
author: Werner Lemberg <[email protected]>
date: Mon Jun 4 03:04:05 EDT 2007 

* src/cid/cidgload.c (cid_load_glyph): Check `fd_select'.

* src/tools/ftrandom/Makefile: Depend on `libfreetype.a'.

git/fs: mount .git/fs: mount/attach disallowed 
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2007-06-04  Werner Lemberg  <[email protected]>
+
+	* src/cid/cidgload.c (cid_load_glyph): Check `fd_select'.
+
+	* src/tools/ftrandom/Makefile: Depend on `libfreetype.a'.
+
 2007-06-03  Werner Lemberg  <[email protected]>
 
 	* src/tools/ftrandom/*: Add the `ftrandom' test program written by
--- a/src/cid/cidgload.c
+++ b/src/cid/cidgload.c
@@ -4,7 +4,7 @@
 /*                                                                         */
 /*    CID-keyed Type1 Glyph Loader (body).                                 */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006 by                   */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007 by             */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@@ -44,12 +44,12 @@
     CID_FaceInfo   cid  = &face->cid;
     FT_Byte*       p;
     FT_UInt        fd_select;
-    FT_Stream      stream = face->cid_stream;
-    FT_Error       error  = 0;
-    FT_Byte*       charstring = 0;
-    FT_Memory      memory = face->root.memory;
+    FT_Stream      stream       = face->cid_stream;
+    FT_Error       error        = CID_Err_Ok;
+    FT_Byte*       charstring   = 0;
+    FT_Memory      memory       = face->root.memory;
     FT_ULong       glyph_length = 0;
-    PSAux_Service  psaux = (PSAux_Service)face->psaux;
+    PSAux_Service  psaux        = (PSAux_Service)face->psaux;
 
 
 #ifdef FT_CONFIG_OPTION_INCREMENTAL
@@ -111,6 +111,11 @@
       glyph_length = cid_get_offset( &p, (FT_Byte)cid->gd_bytes ) - off1;
       FT_FRAME_EXIT();
 
+      if ( fd_select >= (FT_UInt)cid->num_dicts )
+      {
+        error = CID_Err_Invalid_Offset;
+        goto Exit;
+      }
       if ( glyph_length == 0 )
         goto Exit;
       if ( FT_ALLOC( charstring, glyph_length ) )
@@ -150,7 +155,7 @@
 
       error = decoder->funcs.parse_charstrings(
                 decoder, charstring + cs_offset,
-                (FT_Int)glyph_length - cs_offset  );
+                (FT_Int)glyph_length - cs_offset );
     }
 
     FT_FREE( charstring );
--- a/src/tools/ftrandom/Makefile
+++ b/src/tools/ftrandom/Makefile
@@ -5,6 +5,8 @@
 OBJ_DIR ?= $(TOP_DIR)/objs
 
 
+# The setup below is for gcc on a Unix-like platform.
+
 SRC_DIR = $(TOP_DIR)/src/tools/ftrandom
 
 CC = gcc
@@ -27,7 +29,7 @@
 
 all: $(OBJ_DIR)/ftrandom
 
-$(OBJ_DIR)/ftrandom: $(SRC_DIR)/ftrandom.c
+$(OBJ_DIR)/ftrandom: $(SRC_DIR)/ftrandom.c $(OBJ_DIR)/libfreetype.a
 	$(CC) -o $(OBJ_DIR)/ftrandom $(CFLAGS) $(SRC_DIR)/ftrandom.c $(LIBS)
 
 # EOF