Commit 96f0456483143353800d5ece36b0edc4b853ad32
2011-01-31T10:24:32
[truetype] Improve handling of stack underflow. * src/truetype/ttinterp.c (TT_RunIns, Ins_FLIPPT, Ins_DELTAP, Ins_DELTAC): Exit with error only if `pedantic_hinting' is set. Otherwise, try to do something sane.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132
diff --git a/ChangeLog b/ChangeLog
index 54a6ac9..8154abb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2011-01-31 Werner Lemberg <wl@gnu.org>
+
+ [truetype] Improve handling of stack underflow.
+
+ * src/truetype/ttinterp.c (TT_RunIns, Ins_FLIPPT, Ins_DELTAP,
+ Ins_DELTAC): Exit with error only if `pedantic_hinting' is set.
+ Otherwise, try to do something sane.
+
2011-01-30 Werner Lemberg <wl@gnu.org>
* src/sfnt/ttmtx.c (tt_face_load_hmtx): Fix tracing message.
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 2dd6051..f124c02 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -5464,8 +5464,12 @@
if ( CUR.top < CUR.GS.loop )
{
- CUR.error = TT_Err_Too_Few_Arguments;
- return;
+ if ( CUR.pedantic_hinting )
+ {
+ CUR.error = TT_Err_Too_Few_Arguments;
+ return;
+ }
+ CUR.GS.loop = CUR.top;
}
while ( CUR.GS.loop > 0 )
@@ -6859,8 +6863,9 @@
if ( CUR.args < n )
{
- CUR.error = TT_Err_Too_Few_Arguments;
- return;
+ if ( CUR.pedantic_hinting )
+ CUR.error = TT_Err_Too_Few_Arguments;
+ n = CUR.args;
}
CUR.args -= n;
@@ -6876,8 +6881,10 @@
{
if ( CUR.args < 2 )
{
- CUR.error = TT_Err_Too_Few_Arguments;
- return;
+ if ( CUR.pedantic_hinting )
+ CUR.error = TT_Err_Too_Few_Arguments;
+ CUR.args = 0;
+ goto Fail;
}
CUR.args -= 2;
@@ -6926,6 +6933,7 @@
CUR.error = TT_Err_Invalid_Reference;
}
+ Fail:
CUR.new_top = CUR.args;
}
@@ -6953,8 +6961,9 @@
if ( CUR.args < n )
{
- CUR.error = TT_Err_Too_Few_Arguments;
- return;
+ if ( CUR.pedantic_hinting )
+ CUR.error = TT_Err_Too_Few_Arguments;
+ n = CUR.args;
}
CUR.args -= n;
@@ -6969,8 +6978,10 @@
{
if ( CUR.args < 2 )
{
- CUR.error = TT_Err_Too_Few_Arguments;
- return;
+ if ( CUR.pedantic_hinting )
+ CUR.error = TT_Err_Too_Few_Arguments;
+ CUR.args = 0;
+ goto Fail;
}
CUR.args -= 2;
@@ -7018,6 +7029,7 @@
}
}
+ Fail:
CUR.new_top = CUR.args;
}
@@ -7479,8 +7491,19 @@
/* One can also interpret it as the index of the last argument. */
if ( CUR.args < 0 )
{
- CUR.error = TT_Err_Too_Few_Arguments;
- goto LErrorLabel_;
+ FT_UShort i;
+
+
+ if ( CUR.pedantic_hinting )
+ {
+ CUR.error = TT_Err_Too_Few_Arguments;
+ goto LErrorLabel_;
+ }
+
+ /* push zeroes onto the stack */
+ for ( i = 0; i < Pop_Push_Count[CUR.opcode] >> 4; i++ )
+ CUR.stack[i] = 0;
+ CUR.args = 0;
}
CUR.new_top = CUR.args + ( Pop_Push_Count[CUR.opcode] & 15 );
@@ -7517,7 +7540,7 @@
case 0x04: /* SFvTCA y */
case 0x05: /* SFvTCA x */
{
- FT_Short AA, BB;
+ FT_Short AA, BB;
AA = (FT_Short)( ( opcode & 1 ) << 14 );