[pcf] Fix handling of very large fonts (#47708). * src/pcf/pcfread.c (pcf_get_encodings): Make `encodingOffset' an unsigned short. Only reject `0xFFFF' as an invalid encoding offset.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
diff --git a/ChangeLog b/ChangeLog
index 0063881..57efb24 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,12 @@
-2016-04-24 Werner Lemberg <wl@gnu.org>
+2016-06-26 Alexei Podtelezhnikov <apodtele@gmail.com>
+
+ [pcf] Fix handling of very large fonts (#47708).
+
+ * src/pcf/pcfread.c (pcf_get_encodings): Make `encodingOffset' an
+ unsigned short.
+ Only reject `0xFFFF' as an invalid encoding offset.
+
+2016-06-25 Werner Lemberg <wl@gnu.org>
[truetype] Really fix deallocation in case of error (#47726).
diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c
index dec05db..a86b45d 100644
--- a/src/pcf/pcfread.c
+++ b/src/pcf/pcfread.c
@@ -849,7 +849,7 @@ THE SOFTWARE.
int firstCol, lastCol;
int firstRow, lastRow;
FT_ULong nencoding;
- int encodingOffset;
+ FT_UShort encodingOffset;
int i, j;
FT_ULong k;
PCF_Encoding encoding = NULL;
@@ -921,15 +921,19 @@ THE SOFTWARE.
{
for ( j = firstCol; j <= lastCol; j++ )
{
+ /* X11's reference implementation uses the equivalent to */
+ /* `FT_GET_SHORT', however PCF fonts with more than 32768 */
+ /* characters (e.g. `unifont.pcf') clearly show that an */
+ /* unsigned value is needed. */
if ( PCF_BYTE_ORDER( format ) == MSBFirst )
- encodingOffset = FT_GET_SHORT();
+ encodingOffset = FT_GET_USHORT();
else
- encodingOffset = FT_GET_SHORT_LE();
+ encodingOffset = FT_GET_USHORT_LE();
- if ( encodingOffset > -1 )
+ if ( encodingOffset != 0xFFFFU )
{
encoding[k].enc = i * 256 + j;
- encoding[k].glyph = (FT_UShort)encodingOffset;
+ encoding[k].glyph = encodingOffset;
FT_TRACE5(( " code %d (0x%04X): idx %d\n",
encoding[k].enc, encoding[k].enc, encoding[k].glyph ));