Commit 26170df08b30c1cca4e31321746d4e48511187cc
2006-03-26T07:19:07
* src/bdf/bdflib.c (ERRMSG4): New macro. (_bdf_parse_glyphs): Handle invalid BBX values. * include/freetype/fterrdef.h (FT_Err_Bbx_Too_Big): New error macro.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78
diff --git a/ChangeLog b/ChangeLog
index 553dbe9..1b81fe0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2006-03-26 Werner Lemberg <wl@gnu.org>
+
+ * src/bdf/bdflib.c (ERRMSG4): New macro.
+ (_bdf_parse_glyphs): Handle invalid BBX values.
+
+ * include/freetype/fterrdef.h (FT_Err_Bbx_Too_Big): New error
+ macro.
+
2006-03-23 Werner Lemberg <wl@gnu.org>
* docs/CHANGES: Updated.
diff --git a/include/freetype/fterrdef.h b/include/freetype/fterrdef.h
index 2f73c08..42115d2 100644
--- a/include/freetype/fterrdef.h
+++ b/include/freetype/fterrdef.h
@@ -4,7 +4,7 @@
/* */
/* FreeType error codes (specification). */
/* */
-/* Copyright 2002, 2004 by */
+/* Copyright 2002, 2004, 2006 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -226,6 +226,8 @@
"`ENCODING' field missing" )
FT_ERRORDEF_( Missing_Bbx_Field, 0xB6, \
"`BBX' field missing" )
+ FT_ERRORDEF_( Bbx_Too_Big, 0xB7, \
+ "`BBX' too big" )
/* END */
diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
index d13df47..3c928e5 100644
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -1092,6 +1092,7 @@
#define ERRMSG1 "[line %ld] Missing \"%s\" line.\n"
#define ERRMSG2 "[line %ld] Font header corrupted or missing fields.\n"
#define ERRMSG3 "[line %ld] Font glyphs corrupted or missing fields.\n"
+#define ERRMSG4 "[line %ld] BBX too big.\n"
static FT_Error
@@ -1814,6 +1815,9 @@
/* And finally, gather up the bitmap. */
if ( ft_memcmp( line, "BITMAP", 6 ) == 0 )
{
+ unsigned long bitmap_size;
+
+
if ( !( p->flags & _BDF_BBX ) )
{
/* Missing BBX field. */
@@ -1824,7 +1828,16 @@
/* Allocate enough space for the bitmap. */
glyph->bpr = ( glyph->bbx.width * p->font->bpp + 7 ) >> 3;
- glyph->bytes = (unsigned short)( glyph->bpr * glyph->bbx.height );
+
+ bitmap_size = glyph->bpr * glyph->bbx.height;
+ if ( bitmap_size > 0xFFFFU )
+ {
+ FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG4, lineno ));
+ error = BDF_Err_Bbx_Too_Big;
+ goto Exit;
+ }
+ else
+ glyph->bytes = (unsigned short)bitmap_size;
if ( FT_NEW_ARRAY( glyph->bitmap, glyph->bytes ) )
goto Exit;