Commit 9d83d290287d6c844a7fe514050604cd75a76b3a
2009-01-09T07:58:08
Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2. * src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle `count_offset' if it is zero (i.e., unused). Otherwise, the first element of the structure which holds the data is erroneously modified. Problem reported by Chi Nguyen <chint@necsv.com>.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
diff --git a/ChangeLog b/ChangeLog
index 6ab6084..7aea1d8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2009-01-09 Werner Lemberg <wl@gnu.org>
+
+ Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2.
+
+ * src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle
+ `count_offset' if it is zero (i.e., unused). Otherwise, the first
+ element of the structure which holds the data is erroneously
+ modified. Problem reported by Chi Nguyen <chint@necsv.com>.
+
2009-01-09 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
* src/base/ftadvanc.c (_ft_face_scale_advances, FT_Get_Advance,
diff --git a/include/freetype/internal/psaux.h b/include/freetype/internal/psaux.h
index 67b7a42..832d63d 100644
--- a/include/freetype/internal/psaux.h
+++ b/include/freetype/internal/psaux.h
@@ -5,7 +5,7 @@
/* Auxiliary functions and data structures related to PostScript fonts */
/* (specification). */
/* */
-/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008 by */
+/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008, 2009 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -227,7 +227,11 @@ FT_BEGIN_HEADER
FT_UInt array_max; /* maximal number of elements for */
/* array */
FT_UInt count_offset; /* offset of element count for */
- /* arrays */
+ /* arrays; must not be zero if in */
+ /* use -- in other words, a */
+ /* `num_FOO' element must not */
+ /* start the used structure if we */
+ /* parse a `FOO' array */
FT_UInt dict; /* where we expect it */
} T1_FieldRec;
diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c
index 6812ac7..52e30a4 100644
--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@@ -4,7 +4,7 @@
/* */
/* Auxiliary functions for PostScript fonts (body). */
/* */
-/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by */
+/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -1265,8 +1265,9 @@
old_cursor = parser->cursor;
old_limit = parser->limit;
- /* we store the elements count if necessary */
- if ( field->type != T1_FIELD_TYPE_BBOX )
+ /* we store the elements count if necessary; */
+ /* we further assume that `count_offset' can't be zero */
+ if ( field->type != T1_FIELD_TYPE_BBOX && field->count_offset != 0 )
*(FT_Byte*)( (FT_Byte*)objects[0] + field->count_offset ) =
(FT_Byte)num_elements;