summaryrefslogtreecommitdiffstats
path: root/src/3rdparty/freetype/src/base/ftrfork.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/3rdparty/freetype/src/base/ftrfork.c')
-rw-r--r--src/3rdparty/freetype/src/base/ftrfork.c59
1 files changed, 36 insertions, 23 deletions
diff --git a/src/3rdparty/freetype/src/base/ftrfork.c b/src/3rdparty/freetype/src/base/ftrfork.c
index efe24d6eee..c30c76678e 100644
--- a/src/3rdparty/freetype/src/base/ftrfork.c
+++ b/src/3rdparty/freetype/src/base/ftrfork.c
@@ -4,7 +4,7 @@
/* */
/* Embedded resource forks accessor (body). */
/* */
-/* Copyright 2004-2010, 2013, 2014 by */
+/* Copyright 2004-2015 by */
/* Masatake YAMATO and Redhat K.K. */
/* */
/* FT_Raccess_Get_HeaderInfo() and raccess_guess_darwin_hfsplus() are */
@@ -63,7 +63,7 @@
FT_UNUSED( library );
- error = FT_Stream_Seek( stream, rfork_offset );
+ error = FT_Stream_Seek( stream, (FT_ULong)rfork_offset );
if ( error )
return error;
@@ -71,25 +71,36 @@
if ( error )
return error;
- *rdata_pos = rfork_offset + ( ( head[0] << 24 ) |
- ( head[1] << 16 ) |
- ( head[2] << 8 ) |
- head[3] );
- map_pos = rfork_offset + ( ( head[4] << 24 ) |
- ( head[5] << 16 ) |
- ( head[6] << 8 ) |
- head[7] );
- rdata_len = ( head[ 8] << 24 ) |
- ( head[ 9] << 16 ) |
- ( head[10] << 8 ) |
- head[11];
+ /* ensure positive values */
+ if ( head[0] >= 0x80 || head[4] >= 0x80 || head[8] >= 0x80 )
+ return FT_THROW( Unknown_File_Format );
+
+ *rdata_pos = ( head[ 0] << 24 ) |
+ ( head[ 1] << 16 ) |
+ ( head[ 2] << 8 ) |
+ head[ 3];
+ map_pos = ( head[ 4] << 24 ) |
+ ( head[ 5] << 16 ) |
+ ( head[ 6] << 8 ) |
+ head[ 7];
+ rdata_len = ( head[ 8] << 24 ) |
+ ( head[ 9] << 16 ) |
+ ( head[10] << 8 ) |
+ head[11];
/* map_len = head[12] .. head[15] */
- if ( *rdata_pos + rdata_len != map_pos || map_pos == rfork_offset )
+ if ( *rdata_pos != map_pos - rdata_len || map_pos == 0 )
return FT_THROW( Unknown_File_Format );
- error = FT_Stream_Seek( stream, map_pos );
+ if ( FT_LONG_MAX - rfork_offset < *rdata_pos ||
+ FT_LONG_MAX - rfork_offset < map_pos )
+ return FT_THROW( Unknown_File_Format );
+
+ *rdata_pos += rfork_offset;
+ map_pos += rfork_offset;
+
+ error = FT_Stream_Seek( stream, (FT_ULong)map_pos );
if ( error )
return error;
@@ -124,7 +135,7 @@
if ( type_list == -1 )
return FT_THROW( Unknown_File_Format );
- error = FT_Stream_Seek( stream, map_pos + type_list );
+ error = FT_Stream_Seek( stream, (FT_ULong)( map_pos + type_list ) );
if ( error )
return error;
@@ -166,7 +177,7 @@
FT_TRACE3(( "\n" ));
- error = FT_Stream_Seek( stream, map_offset );
+ error = FT_Stream_Seek( stream, (FT_ULong)map_offset );
if ( error )
return error;
@@ -194,7 +205,7 @@
*count = subcnt + 1;
rpos += map_offset;
- error = FT_Stream_Seek( stream, rpos );
+ error = FT_Stream_Seek( stream, (FT_ULong)rpos );
if ( error )
return error;
@@ -220,7 +231,7 @@
if (sort_by_res_id)
{
- ft_qsort( ref, *count, sizeof ( FT_RFork_Ref ),
+ ft_qsort( ref, (size_t)*count, sizeof ( FT_RFork_Ref ),
( int(*)(const void*, const void*) )
ft_raccess_sort_ref_by_id );
@@ -713,9 +724,9 @@
FT_UShort n_of_entries;
int i;
- FT_UInt32 entry_id, entry_offset, entry_length = 0;
+ FT_Int32 entry_id, entry_offset, entry_length = 0;
- const FT_UInt32 resource_fork_entry_id = 0x2;
+ const FT_Int32 resource_fork_entry_id = 0x2;
FT_UNUSED( library );
FT_UNUSED( base_file_name );
@@ -813,7 +824,9 @@
tmp = ft_strrchr( original_name, '/' );
if ( tmp )
{
- ft_strncpy( new_name, original_name, tmp - original_name + 1 );
+ ft_strncpy( new_name,
+ original_name,
+ (size_t)( tmp - original_name + 1 ) );
new_name[tmp - original_name + 1] = '\0';
slash = tmp + 1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-18 03:31:54 +0000