shithub: freetype+ttf2subf

Download patch

ref: ad4eecca7732a0b7c1ec000d178864df2bbe7629
parent: 1e1688340e381cc77d8325e3cb0d1ed59504b83d
author: Werner Lemberg <[email protected]>
date: Sat Oct 20 17:27:17 EDT 2012

[cff] Improve parsing of invalid real numbers.

* src/cff/cffparse.c (cff_parse_real): Always parse complete number,
even in case of overflow or underflow.
Also trace one more underflow.

git/fs: mount .git/fs: mount/attach disallowed
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2012-10-20  Werner Lemberg  <[email protected]>
+
+	[cff] Improve parsing of invalid real numbers.
+
+	* src/cff/cffparse.c (cff_parse_real): Always parse complete number,
+	even in case of overflow or underflow.
+	Also trace one more underflow.
+
 2012-10-20  Andreas Pehnack  <[email protected]>
 
 	[sfnt] Load pure CFF fonts wrapped in SFNT container.
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@@ -137,7 +137,7 @@
     FT_UInt   phase;
 
     FT_Long   result, number, exponent;
-    FT_Int    sign = 0, exponent_sign = 0;
+    FT_Int    sign = 0, exponent_sign = 0, have_overflow = 0;
     FT_Long   exponent_add, integer_length, fraction_length;
 
 
@@ -251,16 +251,11 @@
         if ( nib >= 10 )
           break;
 
-        exponent = exponent * 10 + nib;
-
         /* Arbitrarily limit exponent. */
         if ( exponent > 1000 )
-        {
-          if ( exponent_sign )
-            goto Underflow;
-          else
-            goto Overflow;
-        }
+          have_overflow = 1;
+        else
+          exponent = exponent * 10 + nib;
       }
 
       if ( exponent_sign )
@@ -270,6 +265,14 @@
     if ( !number )
       goto Exit;
 
+    if ( have_overflow )
+    {
+      if ( exponent_sign )
+        goto Underflow;
+      else
+        goto Overflow;
+    }
+
     /* We don't check `power_ten' and `exponent_add'. */
     exponent += power_ten + exponent_add;
 
@@ -336,9 +339,10 @@
       integer_length  += exponent;
       fraction_length -= exponent;
 
-      /* Check for overflow and underflow. */
-      if ( FT_ABS( integer_length ) > 5 )
+      if ( integer_length > 5 )
         goto Overflow;
+      if ( integer_length < -5 )
+        goto Underflow;
 
       /* Remove non-significant digits. */
       if ( integer_length < 0 )