diff options
Diffstat (limited to 'src/3rdparty/freetype/src/lzw/ftzopen.c')
| -rw-r--r-- | src/3rdparty/freetype/src/lzw/ftzopen.c | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/src/3rdparty/freetype/src/lzw/ftzopen.c b/src/3rdparty/freetype/src/lzw/ftzopen.c index 8bc65c8f57..d7a64576ba 100644 --- a/src/3rdparty/freetype/src/lzw/ftzopen.c +++ b/src/3rdparty/freetype/src/lzw/ftzopen.c @@ -8,7 +8,7 @@ /* be used to parse compressed PCF fonts, as found with many X11 server */ /* distributions. */ /* */ -/* Copyright 2005, 2006, 2007, 2009 by David Turner. */ +/* Copyright 2005-2007, 2009, 2011 by David Turner. */ /* */ /* This file is part of the FreeType project, and may only be used, */ /* modified, and distributed under the terms of the FreeType project */ @@ -124,6 +124,15 @@ old_size = 0; } + /* requirement of the character stack larger than 1<<LZW_MAX_BITS */ + /* implies bug in the decompression code */ + if ( new_size > ( 1 << LZW_MAX_BITS ) ) + { + new_size = 1 << LZW_MAX_BITS; + if ( new_size == old_size ) + return -1; + } + if ( FT_RENEW_ARRAY( state->stack, old_size, new_size ) ) return -1; @@ -279,7 +288,7 @@ : state->max_free + 1; c = ft_lzwstate_get_code( state ); - if ( c < 0 ) + if ( c < 0 || c > 255 ) goto Eof; old_code = old_char = (FT_UInt)c; @@ -312,11 +321,12 @@ /* why not LZW_FIRST-256 ? */ state->free_ent = ( LZW_FIRST - 1 ) - 256; state->buf_clear = 1; - c = ft_lzwstate_get_code( state ); - if ( c < 0 ) - goto Eof; - code = (FT_UInt)c; + /* not quite right, but at least more predictable */ + old_code = 0; + old_char = 0; + + goto NextCode; } in_code = code; /* save code for later */ @@ -326,6 +336,10 @@ /* special case for KwKwKwK */ if ( code - 256U >= state->free_ent ) { + /* corrupted LZW stream */ + if ( code - 256U > state->free_ent ) + goto Eof; + FTLZW_STACK_PUSH( old_char ); code = old_code; } |