ref: f1c93439b992fa66f17e92ee13314440f13008a2
parent: 59ae73fe1658f5cf001f76b983abbdb1f1ff6dc2
author: Werner Lemberg <[email protected]>
date: Thu Oct 22 06:11:23 EDT 2015
[cff] Avoid overflow/module arithmetic. This modifies the addition of subroutine number to subroutine bias from unsigned to signed, but does not change any results. * src/cff/cf2ft.c (cf2_initGlobalRegionBuffer, cf2_initLocalRegionBuffer): Change variable names from (unsigned) `idx' to (signed) `subrNum', since it is not an index until after the bias is added. * src/cff/cf2ft.h: Updated. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>: Updated similarly.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2015-10-22 Dave Arnold <[email protected]>
+ Werner Lemberg <[email protected]>
+
+ [cff] Avoid overflow/module arithmetic.
+
+ This modifies the addition of subroutine number to subroutine bias
+ from unsigned to signed, but does not change any results.
+
+ * src/cff/cf2ft.c (cf2_initGlobalRegionBuffer,
+ cf2_initLocalRegionBuffer): Change variable names from (unsigned)
+ `idx' to (signed) `subrNum', since it is not an index until after
+ the bias is added.
+ * src/cff/cf2ft.h: Updated.
+
+ * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>:
+ Updated similarly.
+
2015-10-22 Werner Lemberg <[email protected]>
[cid] Better check of `SubrCount' dictionary entry (#46272).
--- a/src/cff/cf2ft.c
+++ b/src/cff/cf2ft.c
@@ -544,14 +544,17 @@
/* return 0 on success */
FT_LOCAL_DEF( CF2_Int )
cf2_initGlobalRegionBuffer( CFF_Decoder* decoder,
- CF2_UInt idx,
+ CF2_Int subrNum,
CF2_Buffer buf )
{+ CF2_UInt idx;
+
+
FT_ASSERT( decoder );
FT_ZERO( buf );
- idx += (CF2_UInt)decoder->globals_bias;
+ idx = (CF2_UInt)( subrNum + decoder->globals_bias );
if ( idx >= decoder->num_globals )
return TRUE; /* error */
@@ -628,14 +631,17 @@
FT_LOCAL_DEF( CF2_Int )
cf2_initLocalRegionBuffer( CFF_Decoder* decoder,
- CF2_UInt idx,
+ CF2_Int subrNum,
CF2_Buffer buf )
{+ CF2_UInt idx;
+
+
FT_ASSERT( decoder );
FT_ZERO( buf );
- idx += (CF2_UInt)decoder->locals_bias;
+ idx = (CF2_UInt)( subrNum + decoder->locals_bias );
if ( idx >= decoder->num_locals )
return TRUE; /* error */
--- a/src/cff/cf2ft.h
+++ b/src/cff/cf2ft.h
@@ -99,7 +99,7 @@
FT_LOCAL( CF2_Int )
cf2_initGlobalRegionBuffer( CFF_Decoder* decoder,
- CF2_UInt idx,
+ CF2_Int subrNum,
CF2_Buffer buf );
FT_LOCAL( FT_Error )
cf2_getSeacComponent( CFF_Decoder* decoder,
@@ -110,7 +110,7 @@
CF2_Buffer buf );
FT_LOCAL( CF2_Int )
cf2_initLocalRegionBuffer( CFF_Decoder* decoder,
- CF2_UInt idx,
+ CF2_Int subrNum,
CF2_Buffer buf );
FT_LOCAL( CF2_Fixed )
--- a/src/cff/cf2intrp.c
+++ b/src/cff/cf2intrp.c
@@ -746,7 +746,7 @@
case cf2_cmdCALLGSUBR:
case cf2_cmdCALLSUBR:
{- CF2_UInt subrIndex;
+ CF2_Int subrNum;
FT_TRACE4(( op1 == cf2_cmdCALLGSUBR ? " callgsubr"
@@ -766,17 +766,17 @@
(size_t)charstringIndex + 1 );
/* set up the new CFF region and pointer */
- subrIndex = (CF2_UInt)cf2_stack_popInt( opStack );
+ subrNum = cf2_stack_popInt( opStack );
switch ( op1 )
{case cf2_cmdCALLGSUBR:
FT_TRACE4(( " (idx %d, entering level %d)\n",
- subrIndex + (CF2_UInt)decoder->globals_bias,
+ subrNum + decoder->globals_bias,
charstringIndex + 1 ));
if ( cf2_initGlobalRegionBuffer( decoder,
- subrIndex,
+ subrNum,
charstring ) )
{lastError = FT_THROW( Invalid_Glyph_Format );
@@ -787,11 +787,11 @@
default:
/* cf2_cmdCALLSUBR */
FT_TRACE4(( " (idx %d, entering level %d)\n",
- subrIndex + (CF2_UInt)decoder->locals_bias,
+ subrNum + decoder->locals_bias,
charstringIndex + 1 ));
if ( cf2_initLocalRegionBuffer( decoder,
- subrIndex,
+ subrNum,
charstring ) )
{lastError = FT_THROW( Invalid_Glyph_Format );