ref: e891e4d6f130408d171724723673472a4e0359f9
parent: 6aee69096f7c04f3c16fa3d1a097180f9fb62154
author: suzuki toshiya <[email protected]>
date: Thu Nov 4 17:53:11 EDT 2010
[UVS] Stabilizes UVS supporting functions against non-UVS fonts. UVS supporting functions assume the variation handler functions are valid. When a font without cmap format 14 is given, these function pointers are left as NULL, so calling these functions causes NULL pointer dereference. * src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer FT_CMap_Class->char_var_index before calling it. (FT_Face_GetCharVariantIsDefault): Check the pointer FT_CMap_Class->char_var_default before calling it. (FT_Face_GetVariantSelectors): Check the pointer FT_CMap_Class->variant_list before calling it. (FT_Face_GetVariantsOfChar): Check the pointer FT_CMap_Class->charvariant_list before calling it. (FT_Face_GetCharsOfVariant): Check the pointer FT_CMap_Class->variantchar_list before calling it.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2010-11-04 suzuki toshiya <[email protected]>
+
+ [UVS] Stabilizes UVS supporting functions against non-UVS fonts.
+
+ UVS supporting functions assume the variation handler functions
+ are valid. When fonts without cmap format 14 is given, these
+ function pointers are left as NULL, so calling these functions
+ causes NULL pointer dereference.
+
+ * src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer
+ FT_CMap_Class->char_var_index before calling it.
+ (FT_Face_GetCharVariantIsDefault): Check the pointer
+ FT_CMap_Class->char_var_default before calling it.
+ (FT_Face_GetVariantSelectors): Check the pointer
+ FT_CMap_Class->variant_list before calling it.
+ (FT_Face_GetVariantsOfChar): Check the pointer
+ FT_CMap_Class->charvariant_list before calling it.
+ (FT_Face_GetCharsOfVariant): Check the pointer
+ FT_CMap_Class->variantchar_list before calling it.
+
2010-11-01 Alexei Podtelezhnikov <[email protected]>
[ftsmooth] Improve rendering.
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -3291,6 +3291,10 @@
FT_CMap vcmap = FT_CMAP( charmap );
+ /* font without TT cmap format 14 has no char_var_index() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_index ) )
+ return result;
+
if ( charcode > 0xFFFFFFFFUL )
{FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@@ -3332,6 +3336,10 @@
FT_CMap vcmap = FT_CMAP( charmap );
+ /* font without TT cmap format 14 has no char_var_index() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_default ) )
+ return result;
+
if ( charcode > 0xFFFFFFFFUL )
{FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@@ -3372,6 +3380,10 @@
FT_Memory memory = FT_FACE_MEMORY( face );
+ /* font without TT cmap format 14 has no variant_list() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->variant_list ) )
+ return result;
+
result = vcmap->clazz->variant_list( vcmap, memory );
}
}
@@ -3400,6 +3412,10 @@
FT_Memory memory = FT_FACE_MEMORY( face );
+ /* font without TT cmap format 14 has no charvariant_list() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->charvariant_list ) )
+ return result;
+
if ( charcode > 0xFFFFFFFFUL )
{FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@@ -3433,6 +3449,10 @@
FT_CMap vcmap = FT_CMAP( charmap );
FT_Memory memory = FT_FACE_MEMORY( face );
+
+ /* font without TT cmap format 14 has no variantchar_list() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->variantchar_list ) )
+ return result;
if ( variantSelector > 0xFFFFFFFFUL )
{