[Git][freetype/freetype][master] [truetype] Tweak `loca` clamping.

[Alexei Podtelezhnikov (@apodtele)]

Alexei Podtelezhnikov pushed to branch master at FreeType / FreeType

Commits:

• e942a310
  by Alexei Podtelezhnikov at 2021-09-09T22:17:46-04:00

  [truetype] Tweak `loca` clamping.
  
  Fixes #1095.
  
  * src/truetype/ttpload.c (tt_face_load_loca): Fix up clamping.
  * include/freetype/internal/tttypes.h (TT_Face): Correct docs.
  

2 changed files:

• include/freetype/internal/tttypes.h
• src/truetype/ttpload.c

Changes:

include/freetype/internal/tttypes.h

---

...	...	@@ -1372,7 +1372,7 @@ FT_BEGIN_HEADER
1372	1372	*
1373	1373	* num_locations ::
1374	1374	* The number of glyph locations in this TrueType file. This should be
1375		- * identical to the number of glyphs. Ignored for Type 2 fonts.
	1375	+ * one more than the number of glyphs. Ignored for Type 2 fonts.
1376	1376	*
1377	1377	* glyph_locations ::
1378	1378	* An array of longs. These are offsets to glyph data within the
...	...	@@ -1598,7 +1598,7 @@ FT_BEGIN_HEADER
1598	1598	FT_ULong horz_metrics_size;
1599	1599	FT_ULong vert_metrics_size;
1600	1600
1601		- FT_ULong num_locations; /* in broken TTF, gid > 0xFFFF */
	1601	+ FT_ULong num_locations; /* up to 0xFFFF + 1 */
1602	1602	FT_Byte* glyph_locations;
1603	1603
1604	1604	FT_Byte* hdmx_table;

src/truetype/ttpload.c

---

...	...	@@ -98,36 +98,23 @@
98	98	goto Exit;
99	99	}
100	100
101		- if ( face->header.Index_To_Loc_Format != 0 )
102		- {
103		- shift = 2;
	101	+ shift = face->header.Index_To_Loc_Format != 0 ? 2 : 1;
104	102
105		- if ( table_len >= 0x40000L )
106		- {
107		- FT_TRACE2(( "table too large\n" ));
108		- table_len = 0x3FFFFL;
109		- }
110		- face->num_locations = table_len >> shift;
111		- }
112		- else
	103	+ if ( table_len > 0x10000UL << shift )
113	104	{
114		- shift = 1;
115		-
116		- if ( table_len >= 0x20000L )
117		- {
118		- FT_TRACE2(( "table too large\n" ));
119		- table_len = 0x1FFFFL;
120		- }
121		- face->num_locations = table_len >> shift;
	105	+ FT_TRACE2(( "table too large\n" ));
	106	+ table_len = 0x10000UL << shift;
122	107	}
123	108
	109	+ face->num_locations = table_len >> shift;
	110	+
124	111	if ( face->num_locations != (FT_ULong)face->root.num_glyphs + 1 )
125	112	{
126	113	FT_TRACE2(( "glyph count mismatch! loca: %ld, maxp: %ld\n",
127	114	face->num_locations - 1, face->root.num_glyphs ));
128	115
129	116	/* we only handle the case where `maxp' gives a larger value */
130		- if ( face->num_locations <= (FT_ULong)face->root.num_glyphs )
	117	+ if ( face->num_locations < (FT_ULong)face->root.num_glyphs + 1 )
131	118	{
132	119	FT_ULong new_loca_len =
133	120	( (FT_ULong)face->root.num_glyphs + 1 ) << shift;

—
View it on GitLab.
You're receiving this email because of your account on gitlab.freedesktop.org. If you'd like to receive fewer emails, you can adjust your notification settings.