[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug
From: |
chessman_at_263 . net |
Subject: |
bug |
Date: |
Thu, 3 Aug 2000 10:34:28 +0800 (CST) |
I found some bug in freetype2-beta8.
in freetype2-beta8/src/cff/t2parse.c, in function T2_Parser_Run()
the following code
/* now, skip it */
if ( v == 30 )
{
/* skip real number */
for (;;)
{
if ( p >= limit )
goto Syntax_Error;
v = p[0] >> 4;
if ( v == 15 )
break;
v = p[0] & 0xF;
if ( v == 15 )
break;
p++;
}
p++;
}
should be
/* now, skip it */
if ( v == 30 )
{
/* skip real number */
for (;;)
{
if ( p >= limit )
goto Syntax_Error;
v = p[0] >> 4;
if ( v == 15 )
break;
v = p[0] & 0xF;
if ( v == 15 )
break;
p++;
}
}
the founction parse_t2_real() should be
static
FT_Fixed parse_t2_real( FT_Byte* start,
FT_Byte* limit,
FT_Int power_ten )
{
FT_Byte* p = start;
FT_Long num, divider, result, exp;
FT_Int sign = 0, exp_sign = 0;
FT_Byte nib;
FT_Byte phase;
result = 0;
num = 0;
divider = 1;
/* first of all, read the integer part */
phase = 4;
p--;
for (;;)
{
/* read one nibble at a time */
if ( phase && ++p >= limit )
goto Bad;
nib = ( p[0] >> phase ) & 0xF;
phase = 4 - phase;
if ( nib == 0xE )
sign = 1;
else if ( nib > 9 )
break;
else
result = result * 10 + nib;
}
/* read decimal part, if any */
if ( nib == 0xa )
for (;;)
{
/* read one nibble at a time */
if ( !phase && ++p >= limit )
goto Bad;
nib = ( p[0] >> phase ) & 0xF;
phase = 4 - phase;
if ( nib >= 10 )
break;
if (divider < 10000000L)
{
num = num * 10 + nib;
divider *= 10;
}
}
/* read exponent, if any */
if ( nib == 12 )
{
exp_sign = 1;
nib = 11;
}
if ( nib == 11 )
{
exp = 0;
for (;;)
{
/* read one nibble at a time */
if ( !phase && ++p >= limit )
goto Bad;
nib = ( p[0] >> phase ) & 0xF;
phase = 4 - phase;
if ( nib >= 10 )
break;
exp = exp * 10 + nib;
}
if ( exp_sign )
exp = -exp;
power_ten += exp;
}
/* raise to power of ten if needed */
while ( power_ten > 0 )
{
result = result * 10;
num = num * 10;
power_ten--;
}
while ( power_ten < 0 )
{
result = result / 10;
divider = divider * 10;
power_ten++;
}
if ( num )
result += FT_DivFix( num, divider );
if ( sign )
result = -result;
Exit:
return result;
Bad:
result = 0;
goto Exit;
}
- bug,
chessman_at_263 . net <=
- Re: bug, Just van Rossum, 2000/08/03
- bug, chessman_at_263 . net, 2000/08/03