diff options
| author | Werner Lemberg <wl@gnu.org> | 2009-10-19 21:09:13 +0200 |
|---|---|---|
| committer | Werner Lemberg <wl@gnu.org> | 2009-10-19 21:09:13 +0200 |
| commit | 2d15120cb58ce77bf7800c678e6393841c5358fa (patch) | |
| tree | 5228a24de7da0fbbae9f48c730ff7576e1486b85 | |
| parent | d90567b1e6f5d50c259dc554ff294f4588a617ad (diff) | |
Fix handling of `get' and `put' CFF instructions.
* src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_get,
cff_op_put>: Appendix B of Adobe Technote #5177 limits the number of
elements for the `get' and `put' operators to 32.
* src/cff/cffgload.h (CFF_MAX_TRANS_ELEMENTS): Define.
(CFF_Decoder): Use it for `buildchar' and remove `len_buildchar'.
| -rw-r--r-- | ChangeLog | 10 | ||||
| -rw-r--r-- | src/cff/cffgload.c | 4 | ||||
| -rw-r--r-- | src/cff/cffgload.h | 4 |
3 files changed, 14 insertions, 4 deletions
@@ -1,3 +1,13 @@ +2009-10-19 Ning Dong <flintning@163.com> + + Fix handling of `get' and `put' CFF instructions. + + * src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_get, + cff_op_put>: Appendix B of Adobe Technote #5177 limits the number of + elements for the `get' and `put' operators to 32. + * src/cff/cffgload.h (CFF_MAX_TRANS_ELEMENTS): Define. + (CFF_Decoder): Use it for `buildchar' and remove `len_buildchar'. + 2009-10-18 Werner Lemberg <wl@gnu.org> Fix handling of `dup' CFF instruction. diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c index d83c4064..4cabc4cc 100644 --- a/src/cff/cffgload.c +++ b/src/cff/cffgload.c @@ -2117,7 +2117,7 @@ FT_TRACE4(( " put\n" )); - if ( idx >= 0 && idx < decoder->len_buildchar ) + if ( idx >= 0 && idx < CFF_MAX_TRANS_ELEMENTS ) decoder->buildchar[idx] = val; } break; @@ -2130,7 +2130,7 @@ FT_TRACE4(( " get\n" )); - if ( idx >= 0 && idx < decoder->len_buildchar ) + if ( idx >= 0 && idx < CFF_MAX_TRANS_ELEMENTS ) val = decoder->buildchar[idx]; args[0] = val; diff --git a/src/cff/cffgload.h b/src/cff/cffgload.h index 956817a0..1342227e 100644 --- a/src/cff/cffgload.h +++ b/src/cff/cffgload.h @@ -30,6 +30,7 @@ FT_BEGIN_HEADER #define CFF_MAX_OPERANDS 48 #define CFF_MAX_SUBRS_CALLS 32 +#define CFF_MAX_TRANS_ELEMENTS 32 /*************************************************************************/ @@ -137,8 +138,7 @@ FT_BEGIN_HEADER FT_Bool read_width; FT_Bool width_only; FT_Int num_hints; - FT_Fixed* buildchar; - FT_Int len_buildchar; + FT_Fixed buildchar[CFF_MAX_TRANS_ELEMENTS]; FT_UInt num_locals; FT_UInt num_globals; |