Fix Savannah bug #30262.

* src/sfnt/ttload.c (tt_face_load_maxp): Limit `maxComponentDepth'
arbitrarily to 100 to avoid stack exhaustion.
This commit is contained in:
Werner Lemberg 2010-06-26 09:29:51 +02:00
parent 75787c19ea
commit 7d91173643
2 changed files with 19 additions and 2 deletions

@ -1,4 +1,11 @@
2010-06-25 Werner Lemberg <wl@gnu.org>
2010-06-26 Werner Lemberg <wl@gnu.org>
Fix Savannah bug #30262.
* src/sfnt/ttload.c (tt_face_load_maxp): Limit `maxComponentDepth'
arbitrarily to 100 to avoid stack exhaustion.
2010-06-26 Werner Lemberg <wl@gnu.org>
Add some memory checks (mainly for debugging).

@ -5,7 +5,8 @@
/* Load the basic TrueType tables, i.e., tables that can be either in */
/* TTF or OTF fonts (body). */
/* */
/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */
/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, */
/* 2010 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@ -694,6 +695,15 @@
maxProfile->maxTwilightPoints = 0xFFFFU - 4;
}
/* we arbitrarily limit recursion to avoid stack exhaustion */
if ( maxProfile->maxComponentDepth > 100 )
{
FT_TRACE0(( "tt_face_load_maxp:"
" abnormally large component depth (%d) set to 100\n",
maxProfile->maxComponentDepth ));
maxProfile->maxComponentDepth = 100;
}
}
FT_TRACE3(( "numGlyphs: %u\n", maxProfile->numGlyphs ));