[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 284956b5b: [pfr] Fortify the kerning code.
|
From: |
Werner Lemberg |
|
Subject: |
[freetype2] master 284956b5b: [pfr] Fortify the kerning code. |
|
Date: |
Tue, 26 Jul 2022 12:34:37 -0400 (EDT) |
branch: master
commit 284956b5b123125c814bb3841c6871ddfb0694a3
Author: Alexei Podtelezhnikov <apodtele@gmail.com>
Commit: Alexei Podtelezhnikov <apodtele@gmail.com>
[pfr] Fortify the kerning code.
Any array index must be strictly less then the array size. Therefore,
we must reject indexes that are equal to the array size. Alternatively,
we should move the bounds check before the index decrement but that
would be confusing.
In addition, it is ok to decrement zero (.notdef) and get UINT_MAX,
which is then automatically rejected in the bounds check.
* src/pfr/pfrobjs.c (pfr_face_get_kerning): Fix the bounds checking.
---
src/pfr/pfrobjs.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/pfr/pfrobjs.c b/src/pfr/pfrobjs.c
index 8b29fc030..1457adce3 100644
--- a/src/pfr/pfrobjs.c
+++ b/src/pfr/pfrobjs.c
@@ -486,17 +486,16 @@
kerning->x = 0;
kerning->y = 0;
- if ( glyph1 > 0 )
- glyph1--;
+ /* PFR indexing skips .notdef, which becomes UINT_MAX */
+ glyph1--;
+ glyph2--;
- if ( glyph2 > 0 )
- glyph2--;
-
- /* convert glyph indices to character codes */
- if ( glyph1 > phy_font->num_chars ||
- glyph2 > phy_font->num_chars )
+ /* check the array bounds, .notdef is automacally out */
+ if ( glyph1 >= phy_font->num_chars ||
+ glyph2 >= phy_font->num_chars )
goto Exit;
+ /* convert glyph indices to character codes */
code1 = phy_font->chars[glyph1].char_code;
code2 = phy_font->chars[glyph2].char_code;
pair = PFR_KERN_INDEX( code1, code2 );
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 284956b5b: [pfr] Fortify the kerning code.,
Werner Lemberg <=