diff options
author | Ben Wagner <bungeman@chromium.org> | 2022-01-11 11:14:32 -0500 |
---|---|---|
committer | Ben Wagner <bungeman@chromium.org> | 2022-01-11 14:58:18 -0500 |
commit | e838c37c2c1575eb12116ce6303ffacc72521ce8 (patch) | |
tree | 87b69ff6941d35aa55388f9ba037735c9ba696c1 /src/type42/t42objs.c | |
parent | 3876846e26fdd56f4434bdabfe6722ec66a40b83 (diff) | |
download | freetype2-e838c37c2c1575eb12116ce6303ffacc72521ce8.tar.gz |
[type42] Track how much type42 ttf data is available.
Currently `T42_Open_Face` eagerly allocates 12 bytes for the ttf header
data which it expects `t42_parse_sfnts` to fill out from /sfnts data.
However, there is no guarantee that `t42_parse_sfnts` will actually be
called while parsing the type42 data as the /sfnts array may be missing
or very short. This is also confusing behavior as it means
`T42_Open_Face` is tightly coupled to the implementation of the very
distant `t42_parse_sfnts` code which requires at least 12 bytes to
already be reserved in `face->ttf_data`.
`t42_parse_sfnts` itself eagerly updates `face->ttf_size` to track how
much space is reserved for ttf data instead of traking how much data has
actually been written into `face->ttf_data`. It will also act strangely
in the presense of multiple /sfnts arrays.
* src/type42/t42objs.c (T42_Open_Face): ensure `ttf_data` is initialized
to NULL. Free `ttf_data` on error.
* src/type42/t42parse.c (t42_parse_sfnts): delay setting `ttf_size` and
set it to the actual number of bytes read. Ensure `ttf_data` is freed
if there are multiple /sfnts arrays or there are any errors.
Diffstat (limited to 'src/type42/t42objs.c')
-rw-r--r-- | src/type42/t42objs.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/type42/t42objs.c b/src/type42/t42objs.c index c3e844a5b..4078777f2 100644 --- a/src/type42/t42objs.c +++ b/src/type42/t42objs.c @@ -44,15 +44,8 @@ parser = &loader.parser; - /* To handle buggy fonts we don't use `FT_QALLOC` here. */ - if ( FT_ALLOC( face->ttf_data, 12 ) ) - goto Exit; - - /* while parsing the font we always update `face->ttf_size' so that */ - /* even in case of buggy data (which might lead to premature end of */ - /* scanning without causing an error) the call to `FT_Open_Face' in */ - /* `T42_Face_Init' passes the correct size */ - face->ttf_size = 12; + face->ttf_data = NULL; + face->ttf_size = 0; error = t42_parser_init( parser, face->root.stream, @@ -153,6 +146,11 @@ Exit: t42_loader_done( &loader ); + if ( error ) + { + FT_FREE(face->ttf_data); + face->ttf_size = 0; + } return error; } |