diff options
| author | Werner Lemberg <wl@gnu.org> | 2011-01-31 10:24:32 +0100 |
|---|---|---|
| committer | Werner Lemberg <wl@gnu.org> | 2011-01-31 10:24:32 +0100 |
| commit | 96f0456483143353800d5ece36b0edc4b853ad32 (patch) | |
| tree | dcb7539fdecb9feea5169ff337fc10c089c7432e /src | |
| parent | 91a97164ca7af75d7c28731a2f2b396c55728d7e (diff) | |
[truetype] Improve handling of stack underflow.
* src/truetype/ttinterp.c (TT_RunIns, Ins_FLIPPT, Ins_DELTAP,
Ins_DELTAC): Exit with error only if `pedantic_hinting' is set.
Otherwise, try to do something sane.
Diffstat (limited to 'src')
| -rw-r--r-- | src/truetype/ttinterp.c | 49 |
1 files changed, 36 insertions, 13 deletions
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 2dd60512..f124c02d 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -5464,8 +5464,12 @@ if ( CUR.top < CUR.GS.loop ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + { + CUR.error = TT_Err_Too_Few_Arguments; + return; + } + CUR.GS.loop = CUR.top; } while ( CUR.GS.loop > 0 ) @@ -6859,8 +6863,9 @@ if ( CUR.args < n ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + n = CUR.args; } CUR.args -= n; @@ -6876,8 +6881,10 @@ { if ( CUR.args < 2 ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + CUR.args = 0; + goto Fail; } CUR.args -= 2; @@ -6926,6 +6933,7 @@ CUR.error = TT_Err_Invalid_Reference; } + Fail: CUR.new_top = CUR.args; } @@ -6953,8 +6961,9 @@ if ( CUR.args < n ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + n = CUR.args; } CUR.args -= n; @@ -6969,8 +6978,10 @@ { if ( CUR.args < 2 ) { - CUR.error = TT_Err_Too_Few_Arguments; - return; + if ( CUR.pedantic_hinting ) + CUR.error = TT_Err_Too_Few_Arguments; + CUR.args = 0; + goto Fail; } CUR.args -= 2; @@ -7018,6 +7029,7 @@ } } + Fail: CUR.new_top = CUR.args; } @@ -7479,8 +7491,19 @@ /* One can also interpret it as the index of the last argument. */ if ( CUR.args < 0 ) { - CUR.error = TT_Err_Too_Few_Arguments; - goto LErrorLabel_; + FT_UShort i; + + + if ( CUR.pedantic_hinting ) + { + CUR.error = TT_Err_Too_Few_Arguments; + goto LErrorLabel_; + } + + /* push zeroes onto the stack */ + for ( i = 0; i < Pop_Push_Count[CUR.opcode] >> 4; i++ ) + CUR.stack[i] = 0; + CUR.args = 0; } CUR.new_top = CUR.args + ( Pop_Push_Count[CUR.opcode] & 15 ); @@ -7517,7 +7540,7 @@ case 0x04: /* SFvTCA y */ case 0x05: /* SFvTCA x */ { - FT_Short AA, BB; + FT_Short AA, BB; AA = (FT_Short)( ( opcode & 1 ) << 14 ); |