kc3-lang/freetype

Browse

Commit be183ebb5dada06b8be9948f03081e72ce0da1f5

Werner Lemberg 2007-06-17T11:27:17

* src/winfonts/winfnt.c (fnt_face_get_dll_font): Exit in case of invalid font. (FNT_Load_Glyph): Protect against invalid bitmap width. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

diff --git a/ChangeLog b/ChangeLog
index 50ef6a7..2167395 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@
 	(main): Handle new option `--size' to set `font_size'.
 	(Usage): Updated.
 
+	* src/winfonts/winfnt.c (fnt_face_get_dll_font): Exit in case of
+	invalid font.
+	(FNT_Load_Glyph): Protect against invalid bitmap width.
+
 2006-06-16  David Turner  <david@freetype.org>
 
 	* src/smooth/ftgrays.c (gray_find_cell, gray_set_cell, gray_hline):
diff --git a/src/winfonts/winfnt.c b/src/winfonts/winfnt.c
index ff24584..259b3ac 100644
--- a/src/winfonts/winfnt.c
+++ b/src/winfonts/winfnt.c
@@ -536,8 +536,11 @@
 
                   error = fnt_font_load( face->font, stream );
                   if ( error )
+                  {
                     FT_TRACE2(( "font #%lu load error %d\n",
                                 dir_entry2.name, error ));
+                    goto Fail;
+                  }
                   else
                     FT_TRACE2(( "font #%lu successfully loaded\n",
                                 dir_entry2.name ));
@@ -968,6 +971,13 @@
       bitmap->rows       = font->header.pixel_height;
       bitmap->pixel_mode = FT_PIXEL_MODE_MONO;
 
+      if ( offset + pitch * bitmap->rows >= font->header.file_size )
+      {
+        FT_TRACE2(( "invalid bitmap width\n" ));
+        error = FNT_Err_Invalid_File_Format;
+        goto Exit;
+      }
+
       /* note: since glyphs are stored in columns and not in rows we */
       /*       can't use ft_glyphslot_set_bitmap                     */
       if ( FT_ALLOC_MULT( bitmap->buffer, pitch, bitmap->rows ) )
kmx.io     mail     discord kmxgit v0.4.0