diff options
3 files changed, 83 insertions, 9 deletions
diff --git a/chromium/third_party/freetype/src/src/truetype/ttgload.c b/chromium/third_party/freetype/src/src/truetype/ttgload.c index f0f6a060275..e5d50474afc 100644 --- a/chromium/third_party/freetype/src/src/truetype/ttgload.c +++ b/chromium/third_party/freetype/src/src/truetype/ttgload.c @@ -425,7 +425,7 @@ (void*)&load->exec->glyphIns, n_ins ); - load->exec->glyphSize = (FT_UShort)tmp; + load->exec->glyphSize = (FT_UInt)tmp; if ( error ) return error; diff --git a/chromium/third_party/freetype/src/src/truetype/ttinterp.c b/chromium/third_party/freetype/src/src/truetype/ttinterp.c index da45c373a74..fb2e677101d 100644 --- a/chromium/third_party/freetype/src/src/truetype/ttinterp.c +++ b/chromium/third_party/freetype/src/src/truetype/ttinterp.c @@ -252,6 +252,14 @@ FT_FREE( exec->stack ); exec->stackSize = 0; + /* free glyf cvt working area */ + FT_FREE( exec->glyfCvt ); + exec->glyfCvtSize = 0; + + /* free glyf storage working area */ + FT_FREE( exec->glyfStorage ); + exec->glyfStoreSize = 0; + /* free call stack */ FT_FREE( exec->callStack ); exec->callSize = 0; @@ -465,13 +473,13 @@ if ( error ) return error; - tmp = exec->glyphSize; + tmp = (FT_ULong)exec->glyphSize; error = Update_Max( exec->memory, &tmp, sizeof ( FT_Byte ), (void*)&exec->glyphIns, maxp->maxSizeOfInstructions ); - exec->glyphSize = (FT_UShort)tmp; + exec->glyphSize = (FT_UInt)tmp; if ( error ) return error; @@ -1548,12 +1556,31 @@ return FT_MulFix( exc->cvt[idx], Current_Ratio( exc ) ); } + static void Modify_CVT_Check( TT_ExecContext exc ) { + /* TT_RunIns sets origCvt and restores cvt to origCvt when done. */ + if ( exc->initialRange == tt_coderange_glyph && exc->cvt == exc->origCvt ) { + exc->error = Update_Max( exc->memory, + &exc->glyfCvtSize, + sizeof ( FT_Long ), + (void*)&exc->glyfCvt, + exc->cvtSize ); + if ( exc->error ) + return; + + FT_ARRAY_COPY( exc->glyfCvt, exc->cvt, exc->glyfCvtSize ); + exc->cvt = exc->glyfCvt; + } + } FT_CALLBACK_DEF( void ) Write_CVT( TT_ExecContext exc, FT_ULong idx, FT_F26Dot6 value ) { + Modify_CVT_Check( exc ); + if ( exc->error ) + return; + exc->cvt[idx] = value; } @@ -1563,6 +1590,10 @@ FT_ULong idx, FT_F26Dot6 value ) { + Modify_CVT_Check( exc ); + if ( exc->error ) + return; + exc->cvt[idx] = FT_DivFix( value, Current_Ratio( exc ) ); } @@ -1572,6 +1603,10 @@ FT_ULong idx, FT_F26Dot6 value ) { + Modify_CVT_Check( exc ); + if ( exc->error ) + return; + exc->cvt[idx] += value; } @@ -1581,6 +1616,10 @@ FT_ULong idx, FT_F26Dot6 value ) { + Modify_CVT_Check( exc ); + if ( exc->error ) + return; + exc->cvt[idx] += FT_DivFix( value, Current_Ratio( exc ) ); } @@ -3086,7 +3125,25 @@ ARRAY_BOUND_ERROR; } else + { + /* TT_RunIns sets origStorage and restores storage to origStorage when done. */ + if ( exc->initialRange == tt_coderange_glyph && exc->storage == exc->origStorage ) { + FT_ULong tmp = (FT_ULong)exc->glyfStoreSize; + exc->error = Update_Max( exc->memory, + &tmp, + sizeof ( FT_Long ), + (void*)&exc->glyfStorage, + exc->storeSize ); + exc->glyfStoreSize = (FT_UShort)tmp; + if ( exc->error ) + return; + + FT_ARRAY_COPY( exc->glyfStorage, exc->storage, exc->glyfStoreSize ); + exc->storage = exc->glyfStorage; + } + exc->storage[I] = args[1]; + } } @@ -3664,7 +3721,7 @@ /* FDEF is only allowed in `prep' or `fpgm' */ - if ( exc->curRange == tt_coderange_glyph ) + if ( exc->initialRange == tt_coderange_glyph ) { exc->error = FT_THROW( DEF_In_Glyf_Bytecode ); return; @@ -4097,7 +4154,7 @@ /* we enable IDEF only in `prep' or `fpgm' */ - if ( exc->curRange == tt_coderange_glyph ) + if ( exc->initialRange == tt_coderange_glyph ) { exc->error = FT_THROW( DEF_In_Glyf_Bytecode ); return; @@ -7856,6 +7913,9 @@ exc->func_write_cvt = Write_CVT; exc->func_move_cvt = Move_CVT; } + exc->origCvt = exc->cvt; + exc->origStorage = exc->storage; + exc->initialRange = exc->curRange; Compute_Funcs( exc ); Compute_Round( exc, (FT_Byte)exc->GS.round_state ); @@ -8581,8 +8641,10 @@ /* increment instruction counter and check if we didn't */ /* run this program for too long (e.g. infinite loops). */ - if ( ++ins_counter > TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES ) - return FT_THROW( Execution_Too_Long ); + if ( ++ins_counter > TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES ) { + exc->error = FT_THROW( Execution_Too_Long ); + goto LErrorLabel_; + } LSuiteLabel_: if ( exc->IP >= exc->codeSize ) @@ -8601,6 +8663,9 @@ FT_TRACE4(( " %d instruction%s executed\n", ins_counter, ins_counter == 1 ? "" : "s" )); + + exc->cvt = exc->origCvt; + exc->storage = exc->origStorage; return FT_Err_Ok; LErrorCodeOverflow_: @@ -8610,6 +8675,8 @@ if ( exc->error && !exc->instruction_trap ) FT_TRACE1(( " The interpreter returned error 0x%x\n", exc->error )); + exc->cvt = exc->origCvt; + exc->storage = exc->origStorage; return exc->error; } diff --git a/chromium/third_party/freetype/src/src/truetype/ttinterp.h b/chromium/third_party/freetype/src/src/truetype/ttinterp.h index 172cdd0287d..1d149215603 100644 --- a/chromium/third_party/freetype/src/src/truetype/ttinterp.h +++ b/chromium/third_party/freetype/src/src/truetype/ttinterp.h @@ -175,6 +175,7 @@ FT_BEGIN_HEADER TT_Size_Metrics tt_metrics; /* size metrics */ TT_GraphicsState GS; /* current graphics state */ + FT_Int initialRange; /* initial code range number */ FT_Int curRange; /* current code range number */ FT_Byte* code; /* current code range */ @@ -188,6 +189,9 @@ FT_BEGIN_HEADER /* increment IP after ins. exec */ FT_ULong cvtSize; FT_Long* cvt; + FT_ULong glyfCvtSize; + FT_Long* glyfCvt; /* cvt working copy for glyph */ + FT_Long* origCvt; FT_UInt glyphSize; /* glyph instructions buffer size */ FT_Byte* glyphIns; /* glyph instructions buffer */ @@ -214,8 +218,11 @@ FT_BEGIN_HEADER TT_CodeRangeTable codeRangeTable; /* table of valid code ranges */ /* useful for the debugger */ - FT_UShort storeSize; /* size of current storage */ - FT_Long* storage; /* storage area */ + FT_UShort storeSize; /* size of current storage */ + FT_Long* storage; /* storage area */ + FT_UShort glyfStoreSize; + FT_Long* glyfStorage; /* storage working copy for glyph */ + FT_Long* origStorage; FT_F26Dot6 period; /* values used for the */ FT_F26Dot6 phase; /* `SuperRounding' */ |