From 9d83d290287d6c844a7fe514050604cd75a76b3a Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Fri, 9 Jan 2009 07:58:08 +0000 Subject: [PATCH] Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2. * src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle `count_offset' if it is zero (i.e., unused). Otherwise, the first element of the structure which holds the data is erroneously modified. Problem reported by Chi Nguyen . --- ChangeLog | 9 +++++++++ include/freetype/internal/psaux.h | 8 ++++++-- src/psaux/psobjs.c | 7 ++++--- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6ab60841d..7aea1d844 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2009-01-09 Werner Lemberg + + Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2. + + * src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle + `count_offset' if it is zero (i.e., unused). Otherwise, the first + element of the structure which holds the data is erroneously + modified. Problem reported by Chi Nguyen . + 2009-01-09 suzuki toshiya * src/base/ftadvanc.c (_ft_face_scale_advances, FT_Get_Advance, diff --git a/include/freetype/internal/psaux.h b/include/freetype/internal/psaux.h index 67b7a420c..832d63df3 100644 --- a/include/freetype/internal/psaux.h +++ b/include/freetype/internal/psaux.h @@ -5,7 +5,7 @@ /* Auxiliary functions and data structures related to PostScript fonts */ /* (specification). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008 by */ +/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -227,7 +227,11 @@ FT_BEGIN_HEADER FT_UInt array_max; /* maximal number of elements for */ /* array */ FT_UInt count_offset; /* offset of element count for */ - /* arrays */ + /* arrays; must not be zero if in */ + /* use -- in other words, a */ + /* `num_FOO' element must not */ + /* start the used structure if we */ + /* parse a `FOO' array */ FT_UInt dict; /* where we expect it */ } T1_FieldRec; diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c index 6812ac7cb..52e30a413 100644 --- a/src/psaux/psobjs.c +++ b/src/psaux/psobjs.c @@ -4,7 +4,7 @@ /* */ /* Auxiliary functions for PostScript fonts (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by */ +/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -1265,8 +1265,9 @@ old_cursor = parser->cursor; old_limit = parser->limit; - /* we store the elements count if necessary */ - if ( field->type != T1_FIELD_TYPE_BBOX ) + /* we store the elements count if necessary; */ + /* we further assume that `count_offset' can't be zero */ + if ( field->type != T1_FIELD_TYPE_BBOX && field->count_offset != 0 ) *(FT_Byte*)( (FT_Byte*)objects[0] + field->count_offset ) = (FT_Byte)num_elements;