Commit f502092bcd6f86c24e119aee76622ba3849e25e8
2017-01-23T11:47:40
[truetype] Minor updates for OpenType 1.8.1. * src/truetype/ttgxvar.h (GX_MVarTable): `axisCount' has been removed frem the specification; it is now reserved. * src/truetype/ttgxvar.c (ft_var_load_mvar): Updated. (GX_FVar_Head): Remove `countSizePairs'; the corresponding data field in the `MVAR' table is now reserved. (fvar_fields): Updated.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
diff --git a/ChangeLog b/ChangeLog
index 7409fb8..4a41490 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
2017-01-23 Werner Lemberg <wl@gnu.org>
+ [truetype] Minor updates for OpenType 1.8.1.
+
+ * src/truetype/ttgxvar.h (GX_MVarTable): `axisCount' has been
+ removed frem the specification; it is now reserved.
+
+ * src/truetype/ttgxvar.c (ft_var_load_mvar): Updated.
+ (GX_FVar_Head): Remove `countSizePairs'; the corresponding data
+ field in the `MVAR' table is now reserved.
+ (fvar_fields): Updated.
+
+2017-01-23 Werner Lemberg <wl@gnu.org>
+
[truetype] Avoid segfault for invalid variation data.
* src/truetype/ttgxvar.c (ft_var_load_item_variation_store): Assure
diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 8004206..084c65c 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -22,10 +22,6 @@
/* */
/* https://developer.apple.com/fonts/TrueType-Reference-Manual/RM06/Chap6[fgca]var.html */
/* */
- /* The documentation for `fvar' is inconsistent. At one point it says */
- /* that `countSizePairs' should be 3, at another point 2. It should */
- /* be 2. */
- /* */
/* The documentation for `gvar' is not intelligible; `cvar' refers you */
/* to `gvar' and is thus also incomprehensible. */
/* */
@@ -1119,9 +1115,8 @@
if ( FT_NEW( blend->mvar_table ) )
return;
- /* skip value record size */
- if ( FT_READ_USHORT( blend->mvar_table->axisCount ) ||
- FT_STREAM_SKIP( 2 ) ||
+ /* skip reserved entry and value record size */
+ if ( FT_STREAM_SKIP( 4 ) ||
FT_READ_USHORT( blend->mvar_table->valueCount ) ||
FT_READ_USHORT( store_offset ) )
return;
@@ -1613,7 +1608,6 @@
{
FT_Long version;
FT_UShort offsetToData;
- FT_UShort countSizePairs;
FT_UShort axisCount;
FT_UShort axisSize;
FT_UShort instanceCount;
@@ -1680,13 +1674,13 @@
#define FT_STRUCTURE GX_FVar_Head
FT_FRAME_START( 16 ),
- FT_FRAME_LONG ( version ),
- FT_FRAME_USHORT( offsetToData ),
- FT_FRAME_USHORT( countSizePairs ),
- FT_FRAME_USHORT( axisCount ),
- FT_FRAME_USHORT( axisSize ),
- FT_FRAME_USHORT( instanceCount ),
- FT_FRAME_USHORT( instanceSize ),
+ FT_FRAME_LONG ( version ),
+ FT_FRAME_USHORT ( offsetToData ),
+ FT_FRAME_SKIP_SHORT,
+ FT_FRAME_USHORT ( axisCount ),
+ FT_FRAME_USHORT ( axisSize ),
+ FT_FRAME_USHORT ( instanceCount ),
+ FT_FRAME_USHORT ( instanceSize ),
FT_FRAME_END
};
diff --git a/src/truetype/ttgxvar.h b/src/truetype/ttgxvar.h
index bbe240f..1d908cd 100644
--- a/src/truetype/ttgxvar.h
+++ b/src/truetype/ttgxvar.h
@@ -194,7 +194,6 @@ FT_BEGIN_HEADER
/* */
typedef struct GX_MVarTableRec_
{
- FT_UShort axisCount;
FT_UShort valueCount;
GX_ItemVarStoreRec itemStore; /* Item Variation Store */