ref: f1631f2db054d8f49115fda1e254a479c4cdc9fe
parent: 86fa2ebc1f2a73693b5da1076a0871439256db2b
author: Werner Lemberg <[email protected]>
date: Fri Jun 19 19:50:37 EDT 2009
[cff] Fix handling of reserved byte 0xFF. * src/cff/cffgload.c (cff_decoder_parse_charstrings): Abort if byte 0xFF is encountered.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2009-06-19 Werner Lemberg <[email protected]>
+ [cff] Fix handling of reserved byte 0xFF.
+
+ * src/cff/cffgload.c (cff_decoder_parse_charstrings): Abort if byte
+ 0xFF is encountered.
+
+2009-06-19 Werner Lemberg <[email protected]>
+
Improve debug messages for Type1 charstrings.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Emit newlines
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -938,17 +938,9 @@
goto Syntax_Error;
val = -( (FT_Long)v - 251 ) * 256 - *ip++ - 108;
}
- else
- {- if ( ip + 3 >= limit )
- goto Syntax_Error;
- val = ( (FT_Int32)ip[0] << 24 ) |
- ( (FT_Int32)ip[1] << 16 ) |
- ( (FT_Int32)ip[2] << 8 ) |
- ip[3];
- ip += 4;
- shift = 0;
- }
+ else /* 255 */
+ goto Syntax_Error;
+
if ( decoder->top - stack >= CFF_MAX_OPERANDS )
goto Stack_Overflow;