kc3-lang/freetype

Browse

Commit f7ecdbc70aa597b76f60d18d9d25fdab6da2d998

suzuki toshiya 2009-08-01T00:30:12

type1: Check invalid string longer than PostScript limit. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

diff --git a/ChangeLog b/ChangeLog
index a8beb71..33f4dc7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2009-07-31  suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
 
+	type1: Check invalid string longer than PostScript limit.
+
+	* src/type1/t1afm.c (t1_get_index): Check invalid string
+	which exceeds the limit of PostScript string/name objects.
+
+2009-07-31  suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
+
 	gzip: Use FT2 zcalloc() & zfree() in ftgzip.c by default.
 
 	* src/gzip/ftgzip.c (zcalloc, zcfree): Disable all
diff --git a/src/type1/t1afm.c b/src/type1/t1afm.c
index 5aea588..586bfd6 100644
--- a/src/type1/t1afm.c
+++ b/src/type1/t1afm.c
@@ -57,6 +57,10 @@
     FT_Int   n;
 
 
+    /* PS string/name length must be < 16-bit */
+    if ( ( len - 0xFFFFU ) > 0 )
+      return 0;
+
     for ( n = 0; n < type1->num_glyphs; n++ )
     {
       char*  gname = (char*)type1->glyph_names[n];
kmx.io     mail     discord kmxgit v0.4.0