diff options
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | ChangeLog.pre-1-10 | 12 | ||||
| -rw-r--r-- | pango/opentype/ftxgdef.c | 60 | ||||
| -rw-r--r-- | pango/opentype/ftxopen.c | 15 |
4 files changed, 75 insertions, 24 deletions
@@ -1,3 +1,15 @@ +2005-03-03 Owen Taylor <otaylor@redhat.com> + + * pango/opentype/ftxopen.c (Coverage_Index1, Coverage_Index2, + Get_Class2): For all binary searches, handle the case where + the number of items is 0. (#162977, Nick Lamb) + + * pango/opentype/ftxgdef.c (TT_GDEF_Build_ClassDefinition): + Handle the case where glyph_count == 0 properly. Fix a problem + with cleanups on memory allocation failure. + (Get_New_Count, Add_Glyph_Property): Avoid reading off the + end of the ClassRangeRecord array. + 2005-03-02 Owen Taylor <otaylor@redhat.com> * pango/fonts.c (pango_font_description_from_string_: For diff --git a/ChangeLog.pre-1-10 b/ChangeLog.pre-1-10 index ccbc06b2..d3bd5b4d 100644 --- a/ChangeLog.pre-1-10 +++ b/ChangeLog.pre-1-10 @@ -1,3 +1,15 @@ +2005-03-03 Owen Taylor <otaylor@redhat.com> + + * pango/opentype/ftxopen.c (Coverage_Index1, Coverage_Index2, + Get_Class2): For all binary searches, handle the case where + the number of items is 0. (#162977, Nick Lamb) + + * pango/opentype/ftxgdef.c (TT_GDEF_Build_ClassDefinition): + Handle the case where glyph_count == 0 properly. Fix a problem + with cleanups on memory allocation failure. + (Get_New_Count, Add_Glyph_Property): Avoid reading off the + end of the ClassRangeRecord array. + 2005-03-02 Owen Taylor <otaylor@redhat.com> * pango/fonts.c (pango_font_description_from_string_: For diff --git a/pango/opentype/ftxgdef.c b/pango/opentype/ftxgdef.c index 60ad5816..7367be72 100644 --- a/pango/opentype/ftxgdef.c +++ b/pango/opentype/ftxgdef.c @@ -746,7 +746,7 @@ FT_UShort glyphID, FT_UShort index ) { - FT_UShort glyph_index, array_index; + FT_UShort glyph_index, array_index, count; FT_UShort byte, bits; TTO_ClassRangeRecord* gcrr; @@ -756,10 +756,11 @@ if ( glyphID >= gdef->LastGlyph ) return 0; + count = gdef->GlyphClassDef.cd.cd2.ClassRangeCount; gcrr = gdef->GlyphClassDef.cd.cd2.ClassRangeRecord; ngc = gdef->NewGlyphClasses; - if ( glyphID < gcrr[index].Start ) + if ( index < count && glyphID < gcrr[index].Start ) { array_index = index; if ( index == 0 ) @@ -999,7 +1000,7 @@ if ( ALLOC_ARRAY( gdef->NewGlyphClasses, gcd->cd.cd2.ClassRangeCount + 1, FT_UShort* ) ) - goto Fail2; + goto Fail3; count = gcd->cd.cd2.ClassRangeCount; gcrr = gcd->cd.cd2.ClassRangeRecord; @@ -1008,29 +1009,39 @@ /* We allocate arrays for all glyphs not covered by the class range records. Each element holds four class values. */ - if ( gcrr[0].Start ) + if ( count > 0 ) { - if ( ALLOC_ARRAY( ngc[0], ( gcrr[0].Start + 3 ) / 4, FT_UShort ) ) - goto Fail1; + if ( gcrr[0].Start ) + { + if ( ALLOC_ARRAY( ngc[0], ( gcrr[0].Start + 3 ) / 4, FT_UShort ) ) + goto Fail2; + } + + for ( n = 1; n < count; n++ ) + { + if ( gcrr[n].Start - gcrr[n - 1].End > 1 ) + if ( ALLOC_ARRAY( ngc[n], + ( gcrr[n].Start - gcrr[n - 1].End + 2 ) / 4, + FT_UShort ) ) + goto Fail1; + } + + if ( gcrr[count - 1].End != num_glyphs - 1 ) + { + if ( ALLOC_ARRAY( ngc[count], + ( num_glyphs - gcrr[count - 1].End + 2 ) / 4, + FT_UShort ) ) + goto Fail1; + } } - - for ( n = 1; n < count; n++ ) + else if ( num_glyphs > 0 ) { - if ( gcrr[n].Start - gcrr[n - 1].End > 1 ) - if ( ALLOC_ARRAY( ngc[n], - ( gcrr[n].Start - gcrr[n - 1].End + 2 ) / 4, - FT_UShort ) ) - goto Fail1; + if ( ALLOC_ARRAY( ngc[count], + ( num_glyphs + 3 ) / 4, + FT_UShort ) ) + goto Fail2; } - - if ( gcrr[count - 1].End != num_glyphs - 1 ) - { - if ( ALLOC_ARRAY( ngc[count], - ( num_glyphs - gcrr[count - 1].End + 2 ) / 4, - FT_UShort ) ) - goto Fail1; - } - + gdef->LastGlyph = num_glyphs - 1; gdef->MarkAttachClassDef_offset = 0L; @@ -1083,7 +1094,7 @@ FT_Error error; FT_UShort class, new_class, index; FT_UShort byte, bits, mask; - FT_UShort array_index, glyph_index; + FT_UShort array_index, glyph_index, count; TTO_ClassRangeRecord* gcrr; FT_UShort** ngc; @@ -1124,10 +1135,11 @@ return TT_Err_Invalid_Argument; } + count = gdef->GlyphClassDef.cd.cd2.ClassRangeCount; gcrr = gdef->GlyphClassDef.cd.cd2.ClassRangeRecord; ngc = gdef->NewGlyphClasses; - if ( glyphID < gcrr[index].Start ) + if ( index < count && glyphID < gcrr[index].Start ) { array_index = index; if ( index == 0 ) diff --git a/pango/opentype/ftxopen.c b/pango/opentype/ftxopen.c index f2ebf87a..ea38216d 100644 --- a/pango/opentype/ftxopen.c +++ b/pango/opentype/ftxopen.c @@ -940,6 +940,9 @@ /* binary search */ + if ( cf1->GlyphCount == 0 ) + return TTO_Err_Not_Covered; + new_min = 0; new_max = cf1->GlyphCount - 1; @@ -987,6 +990,9 @@ /* binary search */ + if ( cf2->RangeCount == 0 ) + return TTO_Err_Not_Covered; + new_min = 0; new_max = cf2->RangeCount - 1; @@ -1326,6 +1332,15 @@ /* binary search */ + if ( cdf2->ClassRangeCount == 0 ) + { + *class = 0; + if ( index ) + *index = 0; + + return TTO_Err_Not_Covered; + } + new_min = 0; new_max = cdf2->ClassRangeCount - 1; |