[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Devel] Bug in ttgload
|
From: |
Smith Charles |
|
Subject: |
[Devel] Bug in ttgload |
|
Date: |
Fri, 26 Dec 2003 14:16:10 +0100 |
Hi everybody,
The function TT_Load_Simple_Glyph (in ttgload.c) will break if it meets a
TrueType font file containing a Repeat flag in a contour. In this function
s source code we can read these lines :
/* reading the point tags */
{
FT_Byte* flag = (FT_Byte*)outline->tags;
FT_Byte* limit = flag + n_points; //<--1-- SmC: this limit assumes
one flags set per point
FT_Byte c, count;
while ( flag < limit )
{
if ( --byte_len < 0 )
goto Invalid_Outline;
*flag++ = c = FT_GET_BYTE(); //<--2-- SmC: this reads bytes up to
limit
if ( c & 8 )
{
if ( --byte_len < 0 )
goto Invalid_Outline;
count = FT_GET_BYTE(); //<--3-- SmC: this reads an additional byte
which is not a flags set
if ( flag + count > limit )
goto Invalid_Outline;
for ( ; count > 0; count-- )
*flag++ = c;
}
}
This code does not adhere to TrueType specification, which says that the
number of flags may be fewer than the number of points in the glyph (that's
the case with fonts like Arial and Times New Roman under the Windows XP I'm
running).
Note that I'm not saying that implementations cannot expand the repeated
flags. I'm talking about READING the exact number of bytes that where stored
for flags, so that we can cleanly locate the first byte of the first
xCoordinate.
The attached file ttgload_smc.c contains a fix (or I hope so). I've marked
all my modifications with the SmC tag so that you can easily track them.
Regards,
S. Charles
ttgload_smc.c
Description: Binary data
- [Devel] Bug in ttgload,
Smith Charles <=