diff options
Diffstat (limited to 'src/cff/cffparse.c')
| -rw-r--r-- | src/cff/cffparse.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/src/cff/cffparse.c b/src/cff/cffparse.c index e1511bdbd..6d617e26e 100644 --- a/src/cff/cffparse.c +++ b/src/cff/cffparse.c @@ -20,6 +20,7 @@ #include "cffparse.h" #include FT_INTERNAL_STREAM_H #include FT_INTERNAL_DEBUG_H +#include FT_INTERNAL_CALC_H #include "cfferrs.h" #include "cffpic.h" @@ -156,6 +157,22 @@ 1000000000L }; + /* maximum values allowed for multiplying */ + /* with the corresponding `power_tens' element */ + static const FT_Long power_ten_limits[] = + { + FT_LONG_MAX / 1L, + FT_LONG_MAX / 10L, + FT_LONG_MAX / 100L, + FT_LONG_MAX / 1000L, + FT_LONG_MAX / 10000L, + FT_LONG_MAX / 100000L, + FT_LONG_MAX / 1000000L, + FT_LONG_MAX / 10000000L, + FT_LONG_MAX / 100000000L, + FT_LONG_MAX / 1000000000L, + }; + /* read a real */ static FT_Fixed @@ -484,7 +501,15 @@ if ( scaling ) + { + if ( FT_ABS( val ) > power_ten_limits[scaling] ) + { + val = val > 0 ? 0x7FFFFFFFL : -0x7FFFFFFFFL; + goto Overflow; + } + val *= power_tens[scaling]; + } if ( val > 0x7FFF ) { @@ -1585,7 +1610,8 @@ val = 0; while ( num_args > 0 ) { - val += cff_parse_num( parser, data++ ); + val = OVERFLOW_ADD_LONG( val, + cff_parse_num( parser, data++ ) ); switch ( field->size ) { case (8 / FT_CHAR_BIT): |