kc3-lang/freetype

Browse

Commit 4dbf00aa237916df9fbfe4624dad102648096078

Werner Lemberg 2008-08-28T16:12:48

* src/type1/t1load.c (parse_encoding): Protect against infinite loop. This fixes Savannah bug #24150 (where a patch has been posted too). 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

diff --git a/ChangeLog b/ChangeLog
index a85224e..811bafe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-08-28  Werner Lemberg  <wl@gnu.org>
+
+	* src/type1/t1load.c (parse_encoding): Protect against infinite
+	loop.  This fixes Savannah bug #24150 (where a patch has been posted
+	too).
+
 2008-08-23  Werner Lemberg  <wl@gnu.org>
 
 	* src/type/t1afm.c (compare_kern_pairs), src/pxaux/afmparse.c
diff --git a/src/type1/t1load.c b/src/type1/t1load.c
index 9d7c748..624df4d 100644
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@@ -1274,6 +1274,19 @@
 
             n++;
           }
+          else if ( only_immediates )
+          {
+            /* Since the current position is not updated for           */
+            /* immediates-only mode we would get an infinite loop if   */
+            /* we don't do anything here.                              */
+            /*                                                         */
+            /* This encoding array is not valid according to the type1 */
+            /* specification (it might be an encoding for a CID type1  */
+            /* font, however), so we conclude that this font is NOT a  */
+            /* type1 font.                                             */
+            parser->root.error = FT_Err_Unknown_File_Format;
+            return;
+          }
         }
         else
         {
kmx.io     mail     discord kmxgit v0.4.0