diff options
Diffstat (limited to 'src/3rdparty/freetype/src/pfr/pfrload.c')
-rw-r--r-- | src/3rdparty/freetype/src/pfr/pfrload.c | 190 |
1 files changed, 149 insertions, 41 deletions
diff --git a/src/3rdparty/freetype/src/pfr/pfrload.c b/src/3rdparty/freetype/src/pfr/pfrload.c index ec7311df56..2776da462a 100644 --- a/src/3rdparty/freetype/src/pfr/pfrload.c +++ b/src/3rdparty/freetype/src/pfr/pfrload.c @@ -4,7 +4,7 @@ /* */ /* FreeType PFR loader (body). */ /* */ -/* Copyright 2002-2015 by */ +/* Copyright 2002-2018 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -26,6 +26,93 @@ #define FT_COMPONENT trace_pfr + /* + * The overall structure of a PFR file is as follows. + * + * PFR header + * 58 bytes (contains nPhysFonts) + * + * Logical font directory (size at most 2^16 bytes) + * 2 bytes (nLogFonts) + * + nLogFonts * 5 bytes + * + * ==> nLogFonts <= 13106 + * + * Logical font section (size at most 2^24 bytes) + * nLogFonts * logFontRecord + * + * logFontRecord (size at most 2^16 bytes) + * 12 bytes (fontMatrix) + * + 1 byte (flags) + * + 0-5 bytes (depending on `flags') + * + 0-(1+255*(2+255)) = 0-65536 (depending on `flags') + * + 5 bytes (physical font info) + * + 0-1 bytes (depending on PFR header) + * + * ==> minimum size 18 bytes + * + * Physical font section (size at most 2^24 bytes) + * nPhysFonts * (physFontRecord + * + nBitmapSizes * nBmapChars * bmapCharRecord) + * + * physFontRecord (size at most 2^24 bytes) + * 14 bytes (font info) + * + 1 byte (flags) + * + 0-2 (depending on `flags') + * + 0-? (structure too complicated to be shown here; depending on + * `flags'; contains `nBitmapSizes' and `nBmapChars') + * + 3 bytes (nAuxBytes) + * + nAuxBytes + * + 1 byte (nBlueValues) + * + 2 * nBlueValues + * + 6 bytes (hinting data) + * + 2 bytes (nCharacters) + * + nCharacters * (4-10 bytes) (depending on `flags') + * + * ==> minimum size 27 bytes + * + * bmapCharRecord + * 4-7 bytes + * + * Glyph program strings (three possible types: simpleGps, compoundGps, + * and bitmapGps; size at most 2^24 bytes) + * simpleGps (size at most 2^16 bytes) + * 1 byte (flags) + * 1-2 bytes (n[XY]orus, depending on `flags') + * 0-(64+512*2) = 0-1088 bytes (depending on `n[XY]orus') + * 0-? (structure too complicated to be shown here; depending on + * `flags') + * 1-? glyph data (faintly resembling PS Type 1 charstrings) + * + * ==> minimum size 3 bytes + * + * compoundGps (size at most 2^16 bytes) + * 1 byte (nElements <= 63, flags) + * + 0-(1+255*(2+255)) = 0-65536 (depending on `flags') + * + nElements * (6-14 bytes) + * + * bitmapGps (size at most 2^16 bytes) + * 1 byte (flags) + * 3-13 bytes (position info, depending on `flags') + * 0-? bitmap data + * + * ==> minimum size 4 bytes + * + * PFR trailer + * 8 bytes + * + * + * ==> minimum size of a valid PFR: + * 58 (header) + * + 2 (nLogFonts) + * + 27 (1 physFontRecord) + * + 8 (trailer) + * ----- + * 95 bytes + * + */ + + /*************************************************************************/ /*************************************************************************/ /***** *****/ @@ -75,7 +162,8 @@ if ( extra->type == item_type ) { error = extra->parser( p, p + item_size, item_data ); - if ( error ) goto Exit; + if ( error ) + goto Exit; break; } @@ -183,7 +271,8 @@ { result = 0; } - return result; + + return result; } @@ -206,8 +295,25 @@ FT_UInt result = 0; - if ( FT_STREAM_SEEK( section_offset ) || FT_READ_USHORT( count ) ) + if ( FT_STREAM_SEEK( section_offset ) || + FT_READ_USHORT( count ) ) + goto Exit; + + /* check maximum value and a rough minimum size: */ + /* - no more than 13106 log fonts */ + /* - we need 5 bytes for a log header record */ + /* - we need at least 18 bytes for a log font record */ + /* - the overall size is at least 95 bytes plus the */ + /* log header and log font records */ + if ( count > ( ( 1 << 16 ) - 2 ) / 5 || + 2 + count * 5 >= stream->size - section_offset || + 95 + count * ( 5 + 18 ) >= stream->size ) + { + FT_ERROR(( "pfr_log_font_count:" + " invalid number of logical fonts\n" )); + error = FT_THROW( Invalid_Table ); goto Exit; + } result = count; @@ -254,13 +360,14 @@ FT_UInt local; - if ( FT_STREAM_SEEK( offset ) || FT_FRAME_ENTER( size ) ) + if ( FT_STREAM_SEEK( offset ) || + FT_FRAME_ENTER( size ) ) goto Exit; p = stream->cursor; limit = p + size; - PFR_CHECK(13); + PFR_CHECK( 13 ); log_font->matrix[0] = PFR_NEXT_LONG( p ); log_font->matrix[1] = PFR_NEXT_LONG( p ); @@ -276,7 +383,7 @@ if ( flags & PFR_LOG_2BYTE_STROKE ) local++; - if ( (flags & PFR_LINE_JOIN_MASK) == PFR_LINE_JOIN_MITER ) + if ( ( flags & PFR_LINE_JOIN_MASK ) == PFR_LINE_JOIN_MITER ) local += 3; } if ( flags & PFR_LOG_BOLD ) @@ -308,10 +415,11 @@ if ( flags & PFR_LOG_EXTRA_ITEMS ) { error = pfr_extra_items_skip( &p, limit ); - if (error) goto Fail; + if ( error ) + goto Fail; } - PFR_CHECK(5); + PFR_CHECK( 5 ); log_font->phys_size = PFR_NEXT_USHORT( p ); log_font->phys_offset = PFR_NEXT_ULONG( p ); if ( size_increment ) @@ -358,7 +466,7 @@ PFR_CHECK( 5 ); - p += 3; /* skip bctSize */ + p += 3; /* skip bctSize */ flags0 = PFR_NEXT_BYTE( p ); count = PFR_NEXT_BYTE( p ); @@ -434,12 +542,12 @@ } - /* Load font ID. This is a so-called "unique" name that is rather - * long and descriptive (like "Tiresias ScreenFont v7.51"). + /* Load font ID. This is a so-called `unique' name that is rather + * long and descriptive (like `Tiresias ScreenFont v7.51'). * * Note that a PFR font's family name is contained in an *undocumented* - * string of the "auxiliary data" portion of a physical font record. This - * may also contain the "real" style name! + * string of the `auxiliary data' portion of a physical font record. This + * may also contain the `real' style name! * * If no family name is present, the font ID is used instead for the * family. @@ -454,7 +562,7 @@ FT_UInt len = (FT_UInt)( limit - p ); - if ( phy_font->font_id != NULL ) + if ( phy_font->font_id ) goto Exit; if ( FT_ALLOC( phy_font->font_id, len + 1 ) ) @@ -481,7 +589,7 @@ FT_Memory memory = phy_font->memory; - if ( phy_font->vertical.stem_snaps != NULL ) + if ( phy_font->vertical.stem_snaps ) goto Exit; PFR_CHECK( 1 ); @@ -507,7 +615,7 @@ Too_Short: error = FT_THROW( Invalid_Table ); - FT_ERROR(( "pfr_exta_item_load_stem_snaps:" + FT_ERROR(( "pfr_extra_item_load_stem_snaps:" " invalid stem snaps table\n" )); goto Exit; } @@ -525,8 +633,6 @@ FT_Memory memory = phy_font->memory; - FT_TRACE2(( "pfr_extra_item_load_kerning_pairs()\n" )); - if ( FT_NEW( item ) ) goto Exit; @@ -612,7 +718,6 @@ } - static const PFR_ExtraItemRec pfr_phy_font_extra_items[] = { { 1, (PFR_ExtraItem_ParseFunc)pfr_extra_item_load_bitmap_info }, @@ -623,7 +728,8 @@ }; - /* Loads a name from the auxiliary data. Since this extracts undocumented + /* + * Load a name from the auxiliary data. Since this extracts undocumented * strings from the font file, we need to be careful here. */ static FT_Error @@ -637,12 +743,14 @@ FT_UInt n, ok; + if ( *astring ) + FT_FREE( *astring ); + if ( len > 0 && p[len - 1] == 0 ) len--; - /* check that each character is ASCII for making sure not to - load garbage - */ + /* check that each character is ASCII */ + /* for making sure not to load garbage */ ok = ( len > 0 ); for ( n = 0; n < len; n++ ) if ( p[n] < 32 || p[n] > 127 ) @@ -659,6 +767,7 @@ FT_MEM_COPY( result, p, len ); result[len] = 0; } + Exit: *astring = result; return error; @@ -729,7 +838,8 @@ phy_font->kern_items = NULL; phy_font->kern_items_tail = &phy_font->kern_items; - if ( FT_STREAM_SEEK( offset ) || FT_FRAME_ENTER( size ) ) + if ( FT_STREAM_SEEK( offset ) || + FT_FRAME_ENTER( size ) ) goto Exit; phy_font->cursor = stream->cursor; @@ -757,16 +867,16 @@ /* load the extra items when present */ if ( flags & PFR_PHY_EXTRA_ITEMS ) { - error = pfr_extra_items_parse( &p, limit, - pfr_phy_font_extra_items, phy_font ); + error = pfr_extra_items_parse( &p, limit, + pfr_phy_font_extra_items, phy_font ); if ( error ) goto Fail; } - /* In certain fonts, the auxiliary bytes contain interesting */ - /* information. These are not in the specification but can be */ - /* guessed by looking at the content of a few PFR0 fonts. */ + /* In certain fonts, the auxiliary bytes contain interesting */ + /* information. These are not in the specification but can be */ + /* guessed by looking at the content of a few PFR0 fonts. */ PFR_CHECK( 3 ); num_aux = PFR_NEXT_ULONG( p ); @@ -776,7 +886,7 @@ FT_Byte* q2; - PFR_CHECK( num_aux ); + PFR_CHECK_SIZE( num_aux ); p += num_aux; while ( num_aux > 0 ) @@ -797,9 +907,8 @@ switch ( type ) { case 1: - /* this seems to correspond to the font's family name, - * padded to 16-bits with one zero when necessary - */ + /* this seems to correspond to the font's family name, padded to */ + /* an even number of bytes with a zero byte appended if needed */ error = pfr_aux_name_load( q, length - 4U, memory, &phy_font->family_name ); if ( error ) @@ -817,9 +926,8 @@ break; case 3: - /* this seems to correspond to the font's style name, - * padded to 16-bits with one zero when necessary - */ + /* this seems to correspond to the font's style name, padded to */ + /* an even number of bytes with a zero byte appended if needed */ error = pfr_aux_name_load( q, length - 4U, memory, &phy_font->style_name ); if ( error ) @@ -867,9 +975,6 @@ phy_font->num_chars = count = PFR_NEXT_USHORT( p ); phy_font->chars_offset = offset + (FT_Offset)( p - stream->cursor ); - if ( FT_NEW_ARRAY( phy_font->chars, count ) ) - goto Fail; - Size = 1 + 1 + 2; if ( flags & PFR_PHY_2BYTE_CHARCODE ) Size += 1; @@ -886,7 +991,10 @@ if ( flags & PFR_PHY_3BYTE_GPS_OFFSET ) Size += 1; - PFR_CHECK( count * Size ); + PFR_CHECK_SIZE( count * Size ); + + if ( FT_NEW_ARRAY( phy_font->chars, count ) ) + goto Fail; for ( n = 0; n < count; n++ ) { |