1 |
polynomial-c 13/12/06 14:12:05 |
2 |
|
3 |
Added: freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch |
4 |
Removed: freetype-1.4_pre20080316-LDLFAGS.patch |
5 |
freetype-1.4_pre20080316-CVE-2008-1808.patch |
6 |
freetype-1.4_pre20080316-kpathsea_version.patch |
7 |
freetype-1.4-glibc-2.10.patch |
8 |
freetype-1.4_pre-ttf2tfm-segfault.patch |
9 |
freetype-1.4_pre20080316-CVE-2006-1861.patch |
10 |
freetype-1.4_pre-silence-strict-aliasing.patch |
11 |
freetype-1.4_pre-contrib-destdir.patch |
12 |
freetype-1.4_pre20080316-CVE-2007-2754.patch |
13 |
freetype-1.4_pre-malloc.patch |
14 |
freetype-1.4_pre-ttf2pk-tetex-3.patch |
15 |
Log: |
16 |
Version bump. Cleaned up FILESDIR. Fixed inifinality patchfile source URI |
17 |
|
18 |
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 0x981CA6FC) |
19 |
|
20 |
Revision Changes Path |
21 |
1.1 media-libs/freetype/files/freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch |
22 |
|
23 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/freetype/files/freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch?rev=1.1&view=markup |
24 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/freetype/files/freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch?rev=1.1&content-type=text/plain |
25 |
|
26 |
Index: freetype-2.5.1-TT_Load_Simple_Glyph_fix.patch |
27 |
=================================================================== |
28 |
From 64872a50165d842d72c520f5f7e19124dbf7822d Mon Sep 17 00:00:00 2001 |
29 |
From: Werner Lemberg <wl@×××.org> |
30 |
Date: Mon, 02 Dec 2013 06:51:17 +0000 |
31 |
Subject: [truetype] Fix change from 2013-11-20. |
32 |
|
33 |
Problem reported by Akira Kakuto <kakuto@×××××××××××××.jp>. |
34 |
|
35 |
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Protect call to |
36 |
`Update_Max' with both a TT_USE_BYTECODE_INTERPRETER guard and a |
37 |
`IS_HINTED' clause. |
38 |
Also remove redundant check using `maxSizeOfInstructions' – in |
39 |
simple glyphs, the bytecode data comes before the outline data, and |
40 |
a validity test for this is already present. |
41 |
--- |
42 |
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c |
43 |
index cc62f93..d459ec1 100644 |
44 |
--- a/src/truetype/ttgload.c |
45 |
+++ b/src/truetype/ttgload.c |
46 |
@@ -348,8 +348,7 @@ |
47 |
FT_GlyphLoader gloader = load->gloader; |
48 |
FT_Int n_contours = load->n_contours; |
49 |
FT_Outline* outline; |
50 |
- TT_Face face = (TT_Face)load->face; |
51 |
- FT_UShort n_ins, max_ins; |
52 |
+ FT_UShort n_ins; |
53 |
FT_Int n_points; |
54 |
FT_ULong tmp; |
55 |
|
56 |
@@ -418,30 +417,6 @@ |
57 |
FT_TRACE5(( " Instructions size: %u\n", n_ins )); |
58 |
|
59 |
/* check it */ |
60 |
- max_ins = face->max_profile.maxSizeOfInstructions; |
61 |
- if ( n_ins > max_ins ) |
62 |
- { |
63 |
- /* don't trust `maxSizeOfInstructions'; */ |
64 |
- /* only do a rough safety check */ |
65 |
- if ( (FT_Int)n_ins > load->byte_len ) |
66 |
- { |
67 |
- FT_TRACE1(( "TT_Load_Simple_Glyph:" |
68 |
- " too many instructions (%d) for glyph with length %d\n", |
69 |
- n_ins, load->byte_len )); |
70 |
- return FT_THROW( Too_Many_Hints ); |
71 |
- } |
72 |
- |
73 |
- tmp = load->exec->glyphSize; |
74 |
- error = Update_Max( load->exec->memory, |
75 |
- &tmp, |
76 |
- sizeof ( FT_Byte ), |
77 |
- (void*)&load->exec->glyphIns, |
78 |
- n_ins ); |
79 |
- load->exec->glyphSize = (FT_UShort)tmp; |
80 |
- if ( error ) |
81 |
- return error; |
82 |
- } |
83 |
- |
84 |
if ( ( limit - p ) < n_ins ) |
85 |
{ |
86 |
FT_TRACE0(( "TT_Load_Simple_Glyph: instruction count mismatch\n" )); |
87 |
@@ -453,6 +428,20 @@ |
88 |
|
89 |
if ( IS_HINTED( load->load_flags ) ) |
90 |
{ |
91 |
+ /* we don't trust `maxSizeOfInstructions' in the `maxp' table */ |
92 |
+ /* and thus update the bytecode array size by ourselves */ |
93 |
+ |
94 |
+ tmp = load->exec->glyphSize; |
95 |
+ error = Update_Max( load->exec->memory, |
96 |
+ &tmp, |
97 |
+ sizeof ( FT_Byte ), |
98 |
+ (void*)&load->exec->glyphIns, |
99 |
+ n_ins ); |
100 |
+ |
101 |
+ load->exec->glyphSize = (FT_UShort)tmp; |
102 |
+ if ( error ) |
103 |
+ return error; |
104 |
+ |
105 |
load->glyph->control_len = n_ins; |
106 |
load->glyph->control_data = load->exec->glyphIns; |
107 |
|
108 |
@@ -1244,12 +1233,13 @@ |
109 |
return FT_THROW( Too_Many_Hints ); |
110 |
} |
111 |
|
112 |
- tmp = loader->exec->glyphSize; |
113 |
+ tmp = loader->exec->glyphSize; |
114 |
error = Update_Max( loader->exec->memory, |
115 |
&tmp, |
116 |
sizeof ( FT_Byte ), |
117 |
(void*)&loader->exec->glyphIns, |
118 |
n_ins ); |
119 |
+ |
120 |
loader->exec->glyphSize = (FT_UShort)tmp; |
121 |
if ( error ) |
122 |
return error; |
123 |
-- |
124 |
cgit v0.9.0.2 |