kc3-lang/freetype

Browse

Commit 7e83f06804c3c4d9c740c857b913595939490e80

Alexei Podtelezhnikov 2014-10-14T23:03:56

[truetype] Limit delta shift range. The legal range for delta shift is zero through six. Negative values are illegal according to https://developer.apple.com/fonts/TrueType-Reference-Manual/RM04/Chap4.html#delta%20shift * src/truetype/ttobjs.h (delta_shift, delta_base): Make unsigned. * src/truetype/ttinterp.h (DO_SDS): Throw an error if delta_shift out of range. (Ins_DELTAP, Ins_DELTAC): Optimize for legal delta_shift. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

diff --git a/ChangeLog b/ChangeLog
index d2871e8..a71b8f0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,16 @@
+2014-10-14  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	[truetype] Limit delta shift range.
+
+	The legal range for delta shift is zero through six. Negative values
+	are illegal according to
+	  https://developer.apple.com/fonts/TrueType-Reference-Manual/RM04/Chap4.html#delta%20shift
+
+	* src/truetype/ttobjs.h (delta_shift, delta_base): Make unsigned.
+	* src/truetype/ttinterp.h (DO_SDS): Throw an error if delta_shift
+	out of range.
+	(Ins_DELTAP, Ins_DELTAC): Optimize for legal delta_shift.
+
 2014-10-14  David Weiß  <David.Weiss@ptvgroup.com>
 
 	[build] Better optimization settings for vc2010 solution file.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 7d0248b..324cbc1 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -3081,12 +3081,15 @@
     CUR.GS.auto_flip = FALSE;
 
 
-#define DO_SDB                             \
-    CUR.GS.delta_base = (FT_Short)args[0];
+#define DO_SDB                              \
+    CUR.GS.delta_base = (FT_UShort)args[0];
 
 
-#define DO_SDS                              \
-    CUR.GS.delta_shift = (FT_Short)args[0];
+#define DO_SDS                                 \
+    if ( (FT_ULong)args[0] > 6UL )             \
+      CUR.error = FT_THROW( Bad_Argument );    \
+    else                                       \
+      CUR.GS.delta_shift = (FT_UShort)args[0];
 
 
 #define DO_MD  /* nothing */
@@ -7577,7 +7580,7 @@
           B = ( (FT_ULong)B & 0xF ) - 8;
           if ( B >= 0 )
             B++;
-          B = B * 64 / ( 1L << CUR.GS.delta_shift );
+          B *= 1L << ( 6 - CUR.GS.delta_shift );
 
 #ifdef TT_CONFIG_OPTION_SUBPIXEL_HINTING
 
@@ -7747,7 +7750,7 @@
           B = ( (FT_ULong)B & 0xF ) - 8;
           if ( B >= 0 )
             B++;
-          B = B * 64 / ( 1L << CUR.GS.delta_shift );
+          B *= 1L << ( 6 - CUR.GS.delta_shift );
 
           CUR_Func_move_cvt( A, B );
         }
diff --git a/src/truetype/ttobjs.h b/src/truetype/ttobjs.h
index 47d50d9..859164f 100644
--- a/src/truetype/ttobjs.h
+++ b/src/truetype/ttobjs.h
@@ -95,8 +95,8 @@ FT_BEGIN_HEADER
     FT_F26Dot6     control_value_cutin;
     FT_F26Dot6     single_width_cutin;
     FT_F26Dot6     single_width_value;
-    FT_Short       delta_base;
-    FT_Short       delta_shift;
+    FT_UShort      delta_base;
+    FT_UShort      delta_shift;
 
     FT_Byte        instruct_control;
     /* According to Greg Hitchcock from Microsoft, the `scan_control'     */
kmx.io     mail     discord kmxgit v0.4.0