diff options
author | Liang Qi <liang.qi@theqtcompany.com> | 2015-03-24 07:37:43 +0100 |
---|---|---|
committer | Liang Qi <liang.qi@theqtcompany.com> | 2015-03-24 07:38:02 +0100 |
commit | 135ebe4f3d268121047fdbfee49f2dd52006165e (patch) | |
tree | 6b303103f36e69e29cfa860b8b7afc584c55d6f3 /src/3rdparty/freetype/src/lzw/ftzopen.c | |
parent | e7feb956280105113b3e58f12e5f32f54199a95a (diff) | |
parent | 1e8f50a8d069c97ea6a4f00d664c12e594884f54 (diff) |
Merge remote-tracking branch 'origin/5.5' into dev
Change-Id: If5d2e621c2fa5476c3ab687a3f4620c54fc3b32e
Diffstat (limited to 'src/3rdparty/freetype/src/lzw/ftzopen.c')
-rw-r--r-- | src/3rdparty/freetype/src/lzw/ftzopen.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/src/3rdparty/freetype/src/lzw/ftzopen.c b/src/3rdparty/freetype/src/lzw/ftzopen.c index 8bc65c8f57..d7a64576ba 100644 --- a/src/3rdparty/freetype/src/lzw/ftzopen.c +++ b/src/3rdparty/freetype/src/lzw/ftzopen.c @@ -8,7 +8,7 @@ /* be used to parse compressed PCF fonts, as found with many X11 server */ /* distributions. */ /* */ -/* Copyright 2005, 2006, 2007, 2009 by David Turner. */ +/* Copyright 2005-2007, 2009, 2011 by David Turner. */ /* */ /* This file is part of the FreeType project, and may only be used, */ /* modified, and distributed under the terms of the FreeType project */ @@ -124,6 +124,15 @@ old_size = 0; } + /* requirement of the character stack larger than 1<<LZW_MAX_BITS */ + /* implies bug in the decompression code */ + if ( new_size > ( 1 << LZW_MAX_BITS ) ) + { + new_size = 1 << LZW_MAX_BITS; + if ( new_size == old_size ) + return -1; + } + if ( FT_RENEW_ARRAY( state->stack, old_size, new_size ) ) return -1; @@ -279,7 +288,7 @@ : state->max_free + 1; c = ft_lzwstate_get_code( state ); - if ( c < 0 ) + if ( c < 0 || c > 255 ) goto Eof; old_code = old_char = (FT_UInt)c; @@ -312,11 +321,12 @@ /* why not LZW_FIRST-256 ? */ state->free_ent = ( LZW_FIRST - 1 ) - 256; state->buf_clear = 1; - c = ft_lzwstate_get_code( state ); - if ( c < 0 ) - goto Eof; - code = (FT_UInt)c; + /* not quite right, but at least more predictable */ + old_code = 0; + old_char = 0; + + goto NextCode; } in_code = code; /* save code for later */ @@ -326,6 +336,10 @@ /* special case for KwKwKwK */ if ( code - 256U >= state->free_ent ) { + /* corrupted LZW stream */ + if ( code - 256U > state->free_ent ) + goto Eof; + FTLZW_STACK_PUSH( old_char ); code = old_code; } |