freetype-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] [freetype2] GSoC-2019-moazin 8887048: Performs basic to s

From: Behdad Esfahbod
Subject: Re: [ft-devel] [freetype2] GSoC-2019-moazin 8887048: Performs basic to see if SVG data is valid or not.
Date: Mon, 29 Jul 2019 13:06:24 -0700
Don't.

Don't check things your code doesn't rely on.  That just bloats code and makes assumptions that just end up being wrong and make others' life harder in the future.

On Mon, Jul 29, 2019 at 1:02 PM Moazin Khatri <address@hidden> wrote:
I see similar checks in `ttcpal.c' and many other places.
Invalid data is checked for and rejected, so decided to do
the same.

On Tue, Jul 30, 2019 at 12:59 AM Behdad Esfahbod <address@hidden> wrote:
Why?

On Mon, Jul 29, 2019 at 12:41 PM Moazin Khatti <address@hidden> wrote:
branch: GSoC-2019-moazin
commit 8887048557db93857ffa6169cfe4c3190f9cb1a1
Author: Moazin Khatti <address@hidden>
Commit: Moazin Khatti <address@hidden>

    Performs basic to see if SVG data is valid or not.
---
 src/sfnt/ttsvg.c | 38 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/src/sfnt/ttsvg.c b/src/sfnt/ttsvg.c
index f4a85ca..223eb88 100644
--- a/src/sfnt/ttsvg.c
+++ b/src/sfnt/ttsvg.c
@@ -35,6 +35,24 @@

 #include "ttsvg.h"

+/* SVG table looks like:
+ * --------------------------------------
+ * Bytes:         Field                 |
+ * --------------------------------------
+ * 2              version
+ * 4              offsetToSVGDocumentList
+ * 4              reserved
+ * 2              numEntries (non-zero)
+ * 12*numEntries  documentList
+ *
+ * Since numEntries must be at least one, minimum
+ * size of SVG table is 24. Everything apart from
+ * the documentList makes 12 bytes.
+ */
+
+#define  SVG_HEADER_BASE_SIZE 12
+#define  SVG_HEADER_MIN_SIZE  24
+
   /* TODO: (OT-SVG) Decide whether to add documentation here or not */

   typedef struct Svg_
@@ -69,6 +87,9 @@
     if( error )
       goto NoSVG;

+    if ( table_size < SVG_HEADER_MIN_SIZE )
+      goto InvalidTable;
+
     if( FT_FRAME_EXTRACT( table_size, table ))
       goto NoSVG;

@@ -77,7 +98,14 @@
       goto NoSVG;

     p = table;
-    svg->version =            FT_NEXT_USHORT( p );
+    svg->version = FT_NEXT_USHORT( p );
+
+    /* At the time of writing this, only version 0 exists,
+     * and only that is supported by FreeType
+     */
+    if ( svg->version != 0 )
+      goto InvalidTable;
+
     offsetToSVGDocumentList = FT_NEXT_ULONG( p );

     if( offsetToSVGDocumentList == 0 )
@@ -88,6 +116,9 @@
     p = svg->svg_doc_list;
     svg->num_entries = FT_NEXT_USHORT( p );

+    if ( ( svg->num_entries*12 + SVG_HEADER_BASE_SIZE ) > table_size )
+      goto InvalidTable;
+
     FT_TRACE3(( "version: %d\n", svg->version ));
     FT_TRACE3(( "num entiries: %d\n", svg->num_entries ));

@@ -244,7 +275,10 @@
       *doc_length = mid_doc.length;
       *start_glyph = mid_doc.start_glyph_id;
       *end_glyph   = mid_doc.end_glyph_id;
-      error = FT_Err_Ok;
+      if ( *doc_length == 0 )
+        error = FT_THROW( Invalid_SVG_Document );
+      else
+        error = FT_Err_Ok;
     }
     return error;
   }



--
behdad
http://behdad.org/
_______________________________________________
Freetype-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/freetype-devel


--
behdad
http://behdad.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]