kc3-lang/freetype

Browse

Commit 35bb214ae620400cd09a2cfaf3bacd66e179a1f6

Werner Lemberg 2012-03-03T12:29:53

[cff] One more check against malformed font matrix. * src/cff/cffparse.c (cff_parse_font_matrix): Guard against `xx' and `yy' matrix coefficients being zero. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

diff --git a/ChangeLog b/ChangeLog
index f5840ca..3f727d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2012-03-03  Werner Lemberg  <wl@gnu.org>
 
+	[cff] One more check against malformed font matrix.
+
+	* src/cff/cffparse.c (cff_parse_font_matrix): Guard against `xx' and
+	`yy' matrix coefficients being zero.
+
+2012-03-03  Werner Lemberg  <wl@gnu.org>
+
 	Fix Savannah bug #35660.
 
 	For some divisions, we use casts to 32bit entities.  Always guard
diff --git a/src/cff/cffparse.c b/src/cff/cffparse.c
index 61fa87c..0873379 100644
--- a/src/cff/cffparse.c
+++ b/src/cff/cffparse.c
@@ -474,22 +474,11 @@
 
       if ( scaling < 0 || scaling > 9 )
       {
-        /* Return default matrix in case of unlikely values. */
-
         FT_TRACE1(( "cff_parse_font_matrix:"
                     " strange scaling value for xx element (%d),\n"
                     "                      "
                     " using default matrix\n", scaling ));
-
-        matrix->xx = 0x10000L;
-        matrix->yx = 0;
-        matrix->xy = 0;
-        matrix->yy = 0x10000L;
-        offset->x  = 0;
-        offset->y  = 0;
-        *upm       = 1;
-
-        goto Exit;
+        goto Default_matrix;
       }
 
       matrix->yx = cff_parse_fixed_scaled( data++, scaling );
@@ -498,6 +487,13 @@
       offset->x  = cff_parse_fixed_scaled( data++, scaling );
       offset->y  = cff_parse_fixed_scaled( data,   scaling );
 
+      if ( matrix->xx == 0 || matrix->yy == 0 )
+      {
+        FT_TRACE1(( "cff_parse_font_matrix:"
+                    " xx or yy element is zero, using default matrix\n" ));
+        goto Default_matrix;
+      }
+
       *upm = power_tens[scaling];
 
       FT_TRACE4(( " [%f %f %f %f %f %f]\n",
@@ -509,6 +505,17 @@
                   (double)offset->y  / *upm / 65536 ));
     }
 
+    goto Exit;
+
+  Default_matrix:
+    matrix->xx = 0x10000L;
+    matrix->yx = 0;
+    matrix->xy = 0;
+    matrix->yy = 0x10000L;
+    offset->x  = 0;
+    offset->y  = 0;
+    *upm       = 1;
+
   Exit:
     return error;
   }
kmx.io     mail     discord kmxgit v0.4.0