kc3-lang/freetype

Browse

Commit dcfc4d9c2184bd36dacf73c1a9f331e98aa8ed1d

Werner Lemberg 2015-10-18T16:47:06

[truetype] Better protection against malformed `fpgm' (#46223). * src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a malformed `fpgm' table more than once. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

diff --git a/ChangeLog b/ChangeLog
index 09ba4b2..369bef4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-10-18  Werner Lemberg  <wl@gnu.org>
+
+	[truetype] Better protection against malformed `fpgm' (#46223).
+
+	* src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a
+	malformed `fpgm' table more than once.
+
 2015-10-17  Werner Lemberg  <wl@gnu.org>
 
 	* src/cid/cidgload.c (cid_load_glyph): Fix memory leak.
diff --git a/src/truetype/ttobjs.c b/src/truetype/ttobjs.c
index 6060d6f..b0d9f28 100644
--- a/src/truetype/ttobjs.c
+++ b/src/truetype/ttobjs.c
@@ -1078,7 +1078,15 @@
     }
 
     /* Fine, now run the font program! */
+
+    /* In case of an error while executing `fpgm', we intentionally don't */
+    /* clean up immediately – bugs in the `fpgm' are so fundamental that  */
+    /* all following hinting calls should fail.  Additionally, `fpgm' is  */
+    /* to be executed just once; calling it again is completely useless   */
+    /* and might even lead to extremely slow behaviour if it is malformed */
+    /* (containing an infinite loop, for example).                        */
     error = tt_size_run_fpgm( size, pedantic );
+    return error;
 
   Exit:
     if ( error )
kmx.io     mail     discord kmxgit v0.4.0