ref: ad4eecca7732a0b7c1ec000d178864df2bbe7629
parent: 1e1688340e381cc77d8325e3cb0d1ed59504b83d
author: Werner Lemberg <[email protected]>
date: Sat Oct 20 17:27:17 EDT 2012
[cff] Improve parsing of invalid real numbers. * src/cff/cffparse.c (cff_parse_real): Always parse complete number, even in case of overflow or underflow. Also trace one more underflow.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2012-10-20 Werner Lemberg <[email protected]>
+
+ [cff] Improve parsing of invalid real numbers.
+
+ * src/cff/cffparse.c (cff_parse_real): Always parse complete number,
+ even in case of overflow or underflow.
+ Also trace one more underflow.
+
2012-10-20 Andreas Pehnack <[email protected]>
[sfnt] Load pure CFF fonts wrapped in SFNT container.
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@@ -137,7 +137,7 @@
FT_UInt phase;
FT_Long result, number, exponent;
- FT_Int sign = 0, exponent_sign = 0;
+ FT_Int sign = 0, exponent_sign = 0, have_overflow = 0;
FT_Long exponent_add, integer_length, fraction_length;
@@ -251,16 +251,11 @@
if ( nib >= 10 )
break;
- exponent = exponent * 10 + nib;
-
/* Arbitrarily limit exponent. */
if ( exponent > 1000 )
- {- if ( exponent_sign )
- goto Underflow;
- else
- goto Overflow;
- }
+ have_overflow = 1;
+ else
+ exponent = exponent * 10 + nib;
}
if ( exponent_sign )
@@ -270,6 +265,14 @@
if ( !number )
goto Exit;
+ if ( have_overflow )
+ {+ if ( exponent_sign )
+ goto Underflow;
+ else
+ goto Overflow;
+ }
+
/* We don't check `power_ten' and `exponent_add'. */
exponent += power_ten + exponent_add;
@@ -336,9 +339,10 @@
integer_length += exponent;
fraction_length -= exponent;
- /* Check for overflow and underflow. */
- if ( FT_ABS( integer_length ) > 5 )
+ if ( integer_length > 5 )
goto Overflow;
+ if ( integer_length < -5 )
+ goto Underflow;
/* Remove non-significant digits. */
if ( integer_length < 0 )