kc3-lang/freetype

Browse

Commit 13472b38d345843b4084ffda334a56c4a07436d4

Werner Lemberg 2003-10-02T21:36:18

* src/winfonts/winfnt.c (FT_WinFNT_HeaderRec): `color_table_offset' has four bytes, not two. Fix all users. (fnt_font_load, FNT_Load_Glyph): Add more font validity tests. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

diff --git a/ChangeLog b/ChangeLog
index 1a6e916..c97afb8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2003-10-02  Markus F.X.J. Oberhumer  <markus@oberhumer.com>
+
+	* src/winfonts/winfnt.c (FT_WinFNT_HeaderRec): `color_table_offset'
+	has four bytes, not two.
+	Fix all users.
+	(fnt_font_load, FNT_Load_Glyph): Add more font validity tests.
+
 2003-10-01  David Turner  <david@freetype.org>
 
         * src/autofit/*: adding first sources of the new multi-script
diff --git a/src/winfonts/winfnt.c b/src/winfonts/winfnt.c
index 13a5f47..37f2faa 100644
--- a/src/winfonts/winfnt.c
+++ b/src/winfonts/winfnt.c
@@ -70,7 +70,7 @@
 #undef  FT_STRUCTURE
 #define FT_STRUCTURE  FT_WinFNT_HeaderRec
 
-    FT_FRAME_START( 146 ),
+    FT_FRAME_START( 148 ),
       FT_FRAME_USHORT_LE( version ),
       FT_FRAME_ULONG_LE ( file_size ),
       FT_FRAME_BYTES    ( copyright, 60 ),
@@ -105,7 +105,7 @@
       FT_FRAME_USHORT_LE( A_space ),
       FT_FRAME_USHORT_LE( B_space ),
       FT_FRAME_USHORT_LE( C_space ),
-      FT_FRAME_USHORT_LE( color_table_offset ),
+      FT_FRAME_ULONG_LE ( color_table_offset ),
       FT_FRAME_BYTES    ( reserved1, 16 ),
     FT_FRAME_END
   };
@@ -136,6 +136,8 @@
   {
     FT_Error          error;
     FT_WinFNT_Header  header = &font->header;
+    FT_Bool           new_format;
+    FT_UInt           size;
 
 
     /* first of all, read the FNT header */
@@ -152,6 +154,16 @@
       goto Exit;
     }
 
+    new_format = FT_BOOL( font->header.version == 0x300 );
+    size       = new_format ? 148 : 118;
+
+    if ( header->file_size < size )
+    {
+      FT_TRACE2(( "[not a valid FNT file]\n" ));
+      error = FNT_Err_Unknown_File_Format;
+      goto Exit;
+    }
+
     /* Version 2 doesn't have these fields */
     if ( header->version == 0x200 )
     {
@@ -572,7 +584,7 @@
     len        = new_format ? 6 : 4;
 
     /* jump to glyph entry */
-    p = font->fnt_frame + ( new_format ? 146 : 118 ) + len * glyph_index;
+    p = font->fnt_frame + ( new_format ? 148 : 118 ) + len * glyph_index;
 
     bitmap->width = FT_NEXT_SHORT_LE( p );
 
@@ -581,6 +593,13 @@
     else
       offset = FT_NEXT_USHORT_LE( p );
 
+    if ( offset >= font->header.file_size )
+    {
+      FT_TRACE2(( "invalid FNT offset!\n" ));
+      error = FNT_Err_Invalid_File_Format;
+      goto Exit;
+    }
+
     /* jump to glyph data */
     p = font->fnt_frame + /* font->header.bits_offset */ + offset;
kmx.io     mail     discord kmxgit v0.4.0