ref: b2ea64bcc6c385a8e8318f9c759450a07df58b6d
parent: c2dabdeed05c1517bf1020ba6b2aa2d9b1c75470
author: suzuki toshiya <[email protected]>
date: Fri Jul 2 14:16:02 EDT 2010
Additional fix for Savannah bug #30306. * src/base/ftobjs.c (Mac_Read_POST_Resource): If the type of the POST fragment is 0, the segment is completely ignored. The declared length of the segment is not cared at all. According to Adobe Technical Note 5040, type 0 segment is comment only and should not be loaded for the interpreter. Reported by Robert Swiecki.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2010-07-02 suzuki toshiya <[email protected]>
+
+ Additional fix for Savannah bug #30306.
+
+ * src/base/ftobjs.c (Mac_Read_POST_Resource): If the type
+ of the POST fragment is 0, the segment is completely ignored.
+ The declared length of the segment is not cared at all.
+ According to Adobe Technical Note 5040, type 0 segment is
+ comment only and should not be loaded for the interpreter.
+ Reported by Robert Swiecki.
+
2010-07-01 Werner Lemberg <[email protected]>
[truetype] Protect against code range underflow.
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -1550,6 +1550,9 @@
FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
i, offsets[i], rlen, flags ));
+ if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */
+ continue;
+
/* the flags are part of the resource, so rlen >= 2. */
/* but some fonts declare rlen = 0 for empty fragment */
if ( rlen > 2 )