| 1 |
polynomial-c 13/12/06 14:12:05 |
| 2 |
|
| 3 |
Added: freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch |
| 4 |
Removed: freetype-1.4_pre20080316-LDLFAGS.patch |
| 5 |
freetype-1.4_pre20080316-CVE-2008-1808.patch |
| 6 |
freetype-1.4_pre20080316-kpathsea_version.patch |
| 7 |
freetype-1.4-glibc-2.10.patch |
| 8 |
freetype-1.4_pre-ttf2tfm-segfault.patch |
| 9 |
freetype-1.4_pre20080316-CVE-2006-1861.patch |
| 10 |
freetype-1.4_pre-silence-strict-aliasing.patch |
| 11 |
freetype-1.4_pre-contrib-destdir.patch |
| 12 |
freetype-1.4_pre20080316-CVE-2007-2754.patch |
| 13 |
freetype-1.4_pre-malloc.patch |
| 14 |
freetype-1.4_pre-ttf2pk-tetex-3.patch |
| 15 |
Log: |
| 16 |
Version bump. Cleaned up FILESDIR. Fixed inifinality patchfile source URI |
| 17 |
|
| 18 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC) |
| 19 |
|
| 20 |
Revision Changes Path |
| 21 |
1.1 media-libs/freetype/files/freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch |
| 22 |
|
| 23 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/freetype/files/freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch?rev=1.1&view=markup |
| 24 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/freetype/files/freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch?rev=1.1&content-type=text/plain |
| 25 |
|
| 26 |
Index: freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch |
| 27 |
=================================================================== |
| 28 |
From 64872a50165d842d72c520f5f7e19124dbf7822d Mon Sep 17 00:00:00 2001 |
| 29 |
From: Werner Lemberg <wl@×××.org> |
| 30 |
Date: Mon, 02 Dec 2013 06:51:17 +0000 |
| 31 |
Subject: [truetype] Fix change from 2013-11-20. |
| 32 |
|
| 33 |
Problem reported by Akira Kakuto <kakuto@×××××××××××××.jp>. |
| 34 |
|
| 35 |
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Protect call to |
| 36 |
`Update_Max' with both a TT_USE_BYTECODE_INTERPRETER guard and a |
| 37 |
`IS_HINTED' clause. |
| 38 |
Also remove redundant check using `maxSizeOfInstructions' – in |
| 39 |
simple glyphs, the bytecode data comes before the outline data, and |
| 40 |
a validity test for this is already present. |
| 41 |
--- |
| 42 |
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c |
| 43 |
index cc62f93..d459ec1 100644 |
| 44 |
--- a/src/truetype/ttgload.c |
| 45 |
+++ b/src/truetype/ttgload.c |
| 46 |
@@ -348,8 +348,7 @@ |
| 47 |
FT_GlyphLoader gloader = load->gloader; |
| 48 |
FT_Int n_contours = load->n_contours; |
| 49 |
FT_Outline* outline; |
| 50 |
- TT_Face face = (TT_Face)load->face; |
| 51 |
- FT_UShort n_ins, max_ins; |
| 52 |
+ FT_UShort n_ins; |
| 53 |
FT_Int n_points; |
| 54 |
FT_ULong tmp; |
| 55 |
|
| 56 |
@@ -418,30 +417,6 @@ |
| 57 |
FT_TRACE5(( " Instructions size: %u\n", n_ins )); |
| 58 |
|
| 59 |
/* check it */ |
| 60 |
- max_ins = face->max_profile.maxSizeOfInstructions; |
| 61 |
- if ( n_ins > max_ins ) |
| 62 |
- { |
| 63 |
- /* don't trust `maxSizeOfInstructions'; */ |
| 64 |
- /* only do a rough safety check */ |
| 65 |
- if ( (FT_Int)n_ins > load->byte_len ) |
| 66 |
- { |
| 67 |
- FT_TRACE1(( "TT_Load_Simple_Glyph:" |
| 68 |
- " too many instructions (%d) for glyph with length %d\n", |
| 69 |
- n_ins, load->byte_len )); |
| 70 |
- return FT_THROW( Too_Many_Hints ); |
| 71 |
- } |
| 72 |
- |
| 73 |
- tmp = load->exec->glyphSize; |
| 74 |
- error = Update_Max( load->exec->memory, |
| 75 |
- &tmp, |
| 76 |
- sizeof ( FT_Byte ), |
| 77 |
- (void*)&load->exec->glyphIns, |
| 78 |
- n_ins ); |
| 79 |
- load->exec->glyphSize = (FT_UShort)tmp; |
| 80 |
- if ( error ) |
| 81 |
- return error; |
| 82 |
- } |
| 83 |
- |
| 84 |
if ( ( limit - p ) < n_ins ) |
| 85 |
{ |
| 86 |
FT_TRACE0(( "TT_Load_Simple_Glyph: instruction count mismatch\n" )); |
| 87 |
@@ -453,6 +428,20 @@ |
| 88 |
|
| 89 |
if ( IS_HINTED( load->load_flags ) ) |
| 90 |
{ |
| 91 |
+ /* we don't trust `maxSizeOfInstructions' in the `maxp' table */ |
| 92 |
+ /* and thus update the bytecode array size by ourselves */ |
| 93 |
+ |
| 94 |
+ tmp = load->exec->glyphSize; |
| 95 |
+ error = Update_Max( load->exec->memory, |
| 96 |
+ &tmp, |
| 97 |
+ sizeof ( FT_Byte ), |
| 98 |
+ (void*)&load->exec->glyphIns, |
| 99 |
+ n_ins ); |
| 100 |
+ |
| 101 |
+ load->exec->glyphSize = (FT_UShort)tmp; |
| 102 |
+ if ( error ) |
| 103 |
+ return error; |
| 104 |
+ |
| 105 |
load->glyph->control_len = n_ins; |
| 106 |
load->glyph->control_data = load->exec->glyphIns; |
| 107 |
|
| 108 |
@@ -1244,12 +1233,13 @@ |
| 109 |
return FT_THROW( Too_Many_Hints ); |
| 110 |
} |
| 111 |
|
| 112 |
- tmp = loader->exec->glyphSize; |
| 113 |
+ tmp = loader->exec->glyphSize; |
| 114 |
error = Update_Max( loader->exec->memory, |
| 115 |
&tmp, |
| 116 |
sizeof ( FT_Byte ), |
| 117 |
(void*)&loader->exec->glyphIns, |
| 118 |
n_ins ); |
| 119 |
+ |
| 120 |
loader->exec->glyphSize = (FT_UShort)tmp; |
| 121 |
if ( error ) |
| 122 |
return error; |
| 123 |
-- |
| 124 |
cgit v0.9.0.2 |
Archives