Commit a08b2176c13a4b6d6e8cfa1f03f54eccf17d1331
2007-03-28T07:17:17
* src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128 gracefully. (_bdf_set_default_spacing): Increase `name' buffer size to 256 and issue an error for longer names. (_bdf_parse_glyphs): Limit allowed number of glyphs in font to the number of code points in Unicode.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102
diff --git a/ChangeLog b/ChangeLog
index 95568a3..d508f39 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,20 +1,30 @@
+2007-03-28 Werner Lemberg <wl@gnu.org>
+
+ * src/bdf/bdflib.c (setsbit, sbitset): Handle values >= 128
+ gracefully.
+ (_bdf_set_default_spacing): Increase `name' buffer size to 256 and
+ issue an error for longer names.
+ (_bdf_parse_glyphs): Limit allowed number of glyphs in font to the
+ number of code points in Unicode.
+
2007-03-26 David Turner <david@freetype.org>
- * src/truetype/ttinterp.c: last fix for the MD instruction bytecode and
- remove the FIX_BYTECODE macros from the sources. Woot, this looks good.
+ * src/truetype/ttinterp.c: Last fix for the `MD' instruction
+ bytecode and remove the FIX_BYTECODE macros from the sources.
- * src/autofit/aflatin.c (af_latin_metrics_init_blues): fix blues computations
- in order to ignore 1-point contours. These are never rasterized and in certain
- fonts correspond to mark-attach points that are very far from the glyph's
- real outline, ruining the computation.
+ * src/autofit/aflatin.c (af_latin_metrics_init_blues): Fix blues
+ computations in order to ignore 1-point contours. These are never
+ rasterized and correspond in certain fonts mark-attach points that
+ are very far from the glyph's real outline, ruining the computation.
- * src/autofit/afloader.c (af_loader_load_g): in the case of monospaced fonts,
- always set "rsb_delta" and "lsb_delta" to 0. Otherwise code that uses them
- will most certainly ruin the fixed advance property.
+ * src/autofit/afloader.c (af_loader_load_g): In the case of
+ monospaced fonts, always set `rsb_delta' and `lsb_delta' to 0.
+ Otherwise code that uses them will most certainly ruin the fixed
+ advance property.
- * docs/CHANGES, docs/VERSION, include/freetype/freetype.h,
- builds/unix/configure.raw, README, Jamfile: update documentation and bump version
- number to 2.3.3
+ * docs/CHANGES, docs/VERSION, include/freetype/freetype.h,
+ builds/unix/configure.raw, README, Jamfile: Update documentation and
+ bump version number to 2.3.3.
2007-03-26 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
index 6c931ad..93061bb 100644
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -385,8 +385,10 @@
} _bdf_parse_t;
-#define setsbit( m, cc ) ( m[(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) )
-#define sbitset( m, cc ) ( m[(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) )
+#define setsbit( m, cc ) \
+ ( m[(FT_Byte)(cc) >> 3] |= (FT_Byte)( 1 << ( (cc) & 7 ) ) )
+#define sbitset( m, cc ) \
+ ( m[(FT_Byte)(cc) >> 3] & ( 1 << ( (cc) & 7 ) ) )
static void
@@ -1130,7 +1132,7 @@
bdf_options_t* opts )
{
unsigned long len;
- char name[128];
+ char name[256];
_bdf_list_t list;
FT_Memory memory;
FT_Error error = BDF_Err_Ok;
@@ -1149,6 +1151,13 @@
font->spacing = opts->font_spacing;
len = (unsigned long)( ft_strlen( font->name ) + 1 );
+ /* Limit ourselves to 256 characters in the font name. */
+ if ( len >= 256 )
+ {
+ error = BDF_Err_Invalid_Argument;
+ goto Exit;
+ }
+
FT_MEM_COPY( name, font->name, len );
error = _bdf_list_split( &list, (char *)"-", name, len );
@@ -1467,6 +1476,14 @@
if ( p->cnt == 0 )
font->glyphs_size = 64;
+ /* Limit ourselves to 1,114,112 glyphs in the font (this is the */
+ /* number of code points available in Unicode). */
+ if ( p->cnt >= 1114112UL )
+ {
+ error = BDF_Err_Invalid_Argument;
+ goto Exit;
+ }
+
if ( FT_NEW_ARRAY( font->glyphs, font->glyphs_size ) )
goto Exit;