Commit e3654532eaa012eb913377807d90c2c0cf8b4bfd

David Turner 2007-01-13T00:19:18

* src/base/ftbitmap.c: fixing memory stomping bug in the bitmap embolderner when the pitch of the source bitmap is *much* larger than its width * src/truetype/ttinterp.c: fixing aliasing-related compilation warning

diff --git a/ChangeLog b/ChangeLog
index 63f4493..cd239bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2007-01-12  Werner Lemberg  <wl@gnu.org>
 
+	* src/base/ftbitmap.c: fixing memory stomping bug in the
+	bitmap embolderner when the pitch of the source bitmap is
+	*much* larger than its width
+
+	* src/truetype/ttinterp.c: fixing aliasing-related compilation
+	warning
+
 	* builds/unix/install-sh, builds/unix/mkinstalldirs: Updated from
 	`automake' CVS module from sources.redhat.com.
 
diff --git a/src/base/ftbitmap.c b/src/base/ftbitmap.c
index d4709a4..7a7e65b 100644
--- a/src/base/ftbitmap.c
+++ b/src/base/ftbitmap.c
@@ -104,10 +104,11 @@
     int             pitch;
     int             new_pitch;
     FT_UInt         ppb;
-    FT_Int          i;
+    FT_Int          i, width;
     unsigned char*  buffer;
 
 
+    width = bitmap->width;
     pitch = bitmap->pitch;
     if ( pitch < 0 )
       pitch = -pitch;
@@ -170,15 +171,19 @@
 
     if ( bitmap->pitch > 0 )
     {
+      FT_Int   len = ( width + ppb - 1 ) / ppb;
+
       for ( i = 0; i < bitmap->rows; i++ )
         FT_MEM_COPY( buffer + new_pitch * ( ypixels + i ),
-                     bitmap->buffer + pitch * i, pitch );
+                     bitmap->buffer + pitch * i, len );
     }
     else
     {
+      FT_Int  len = ( width + ppb - 1 ) / ppb;
+
       for ( i = 0; i < bitmap->rows; i++ )
         FT_MEM_COPY( buffer + new_pitch * i,
-                     bitmap->buffer + pitch * i, pitch );
+                     bitmap->buffer + pitch * i, len );
     }
 
     FT_FREE( bitmap->buffer );
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index e4865c4..b7e105f 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -510,15 +510,16 @@
   Update_Max( FT_Memory  memory,
               FT_ULong*  size,
               FT_Long    multiplier,
-              void**     buff,
+              void*      _pbuff,
               FT_ULong   new_max )
   {
     FT_Error  error;
+    void**    pbuff = (void**)_pbuff;
 
 
     if ( *size < new_max )
     {
-      if ( FT_REALLOC( *buff, *size * multiplier, new_max * multiplier ) )
+      if ( FT_REALLOC( *pbuff, *size * multiplier, new_max * multiplier ) )
         return error;
       *size = new_max;
     }
@@ -599,7 +600,7 @@
     error = Update_Max( exec->memory,
                         &tmp,
                         sizeof ( FT_F26Dot6 ),
-                        (void**)&exec->stack,
+                        (void*)&exec->stack,
                         maxp->maxStackElements + 32 );
     exec->stackSize = (FT_UInt)tmp;
     if ( error )
@@ -609,7 +610,7 @@
     error = Update_Max( exec->memory,
                         &tmp,
                         sizeof ( FT_Byte ),
-                        (void**)&exec->glyphIns,
+                        (void*)&exec->glyphIns,
                         maxp->maxSizeOfInstructions );
     exec->glyphSize = (FT_UShort)tmp;
     if ( error )