Commit 90c7efc8f233100557514b01f37d50531afbfa46
2009-08-01T00:30:13
otvalid: Prevent an overflow by GPOS/GSUB 32b-bit offset.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
diff --git a/ChangeLog b/ChangeLog
index 3a45c7e..b6b59f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2009-07-31 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
+ otvalid: Prevent an overflow by GPOS/GSUB 32b-bit offset.
+
+ * src/otvalid/otvgpos.c (otv_ExtensionPos_validate):
+ Extend ExtensionOffset from FT_UInt to FT_ULong, to
+ cover 32-bit offset on 16-bit platform.
+
+ * src/otvalid/otvgsub.c (otv_ExtensionSubst_validate):
+ Ditto.
+
+2009-07-31 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
+
ftobjs.c: Prevent an overflow in glyph index handling.
* src/base/ftobjs.c (FT_Face_GetCharsOfVariant):
diff --git a/src/otvalid/otvgpos.c b/src/otvalid/otvgpos.c
index 53025ec..c8b4221 100644
--- a/src/otvalid/otvgpos.c
+++ b/src/otvalid/otvgpos.c
@@ -911,7 +911,8 @@
{
case 1: /* ExtensionPosFormat1 */
{
- FT_UInt ExtensionLookupType, ExtensionOffset;
+ FT_UInt ExtensionLookupType;
+ FT_ULong ExtensionOffset;
OTV_Validate_Func validate;
diff --git a/src/otvalid/otvgsub.c b/src/otvalid/otvgsub.c
index f01fca1..ed499d1 100644
--- a/src/otvalid/otvgsub.c
+++ b/src/otvalid/otvgsub.c
@@ -415,7 +415,8 @@
{
case 1: /* ExtensionSubstFormat1 */
{
- FT_UInt ExtensionLookupType, ExtensionOffset;
+ FT_UInt ExtensionLookupType;
+ FT_ULong ExtensionOffset;
OTV_Validate_Func validate;