Commit e891e4d6f130408d171724723673472a4e0359f9
2010-11-04T21:53:11
[UVS] Stabilizes UVS supporting functions against non-UVS fonts. UVS supporting functions assume the variation handler functions are valid. When a font without cmap format 14 is given, these function pointers are left as NULL, so calling these functions causes NULL pointer dereference. * src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer FT_CMap_Class->char_var_index before calling it. (FT_Face_GetCharVariantIsDefault): Check the pointer FT_CMap_Class->char_var_default before calling it. (FT_Face_GetVariantSelectors): Check the pointer FT_CMap_Class->variant_list before calling it. (FT_Face_GetVariantsOfChar): Check the pointer FT_CMap_Class->charvariant_list before calling it. (FT_Face_GetCharsOfVariant): Check the pointer FT_CMap_Class->variantchar_list before calling it.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
diff --git a/ChangeLog b/ChangeLog
index 6e896b6..72e2d3b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2010-11-04 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
+
+ [UVS] Stabilizes UVS supporting functions against non-UVS fonts.
+
+ UVS supporting functions assume the variation handler functions
+ are valid. When fonts without cmap format 14 is given, these
+ function pointers are left as NULL, so calling these functions
+ causes NULL pointer dereference.
+
+ * src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer
+ FT_CMap_Class->char_var_index before calling it.
+ (FT_Face_GetCharVariantIsDefault): Check the pointer
+ FT_CMap_Class->char_var_default before calling it.
+ (FT_Face_GetVariantSelectors): Check the pointer
+ FT_CMap_Class->variant_list before calling it.
+ (FT_Face_GetVariantsOfChar): Check the pointer
+ FT_CMap_Class->charvariant_list before calling it.
+ (FT_Face_GetCharsOfVariant): Check the pointer
+ FT_CMap_Class->variantchar_list before calling it.
+
2010-11-01 Alexei Podtelezhnikov <apodtele@gmail.com>
[ftsmooth] Improve rendering.
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index d12a71b..31af7b6 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -3291,6 +3291,10 @@
FT_CMap vcmap = FT_CMAP( charmap );
+ /* font without TT cmap format 14 has no char_var_index() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_index ) )
+ return result;
+
if ( charcode > 0xFFFFFFFFUL )
{
FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@@ -3332,6 +3336,10 @@
FT_CMap vcmap = FT_CMAP( charmap );
+ /* font without TT cmap format 14 has no char_var_index() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_default ) )
+ return result;
+
if ( charcode > 0xFFFFFFFFUL )
{
FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@@ -3372,6 +3380,10 @@
FT_Memory memory = FT_FACE_MEMORY( face );
+ /* font without TT cmap format 14 has no variant_list() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->variant_list ) )
+ return result;
+
result = vcmap->clazz->variant_list( vcmap, memory );
}
}
@@ -3400,6 +3412,10 @@
FT_Memory memory = FT_FACE_MEMORY( face );
+ /* font without TT cmap format 14 has no charvariant_list() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->charvariant_list ) )
+ return result;
+
if ( charcode > 0xFFFFFFFFUL )
{
FT_TRACE1(( "FT_Get_Char_Index: too large charcode" ));
@@ -3434,6 +3450,10 @@
FT_Memory memory = FT_FACE_MEMORY( face );
+ /* font without TT cmap format 14 has no variantchar_list() */
+ if ( !( vcmap->clazz ) || !( vcmap->clazz->variantchar_list ) )
+ return result;
+
if ( variantSelector > 0xFFFFFFFFUL )
{
FT_TRACE1(( "FT_Get_Char_Index: too large variantSelector" ));