truetype: Check invalid function number in IDEF instruction.

This commit is contained in:
suzuki toshiya 2009-08-01 00:32:18 +09:00
parent d1c23082b6
commit a115142057
2 changed files with 16 additions and 2 deletions

@ -1,3 +1,10 @@
2009-07-31 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
truetype: Check invalid function number in IDEF instruction.
* src/truetype/ttinterp.c (Ins_IDEF): Check
if the operand fits to 8-bit opcode limitation.
2009-07-31 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
truetype: Check invalid function number in FDEF instruction.

@ -4561,13 +4561,20 @@
CUR.numIDefs++;
}
def->opc = args[0];
/* opcode must be unsigned 8-bit integer */
if ( 0 > args[0] || args[0] > 0x00FF )
{
CUR.error = TT_Err_Too_Many_Instruction_Defs;
return;
}
def->opc = (FT_Byte)args[0];
def->start = CUR.IP+1;
def->range = CUR.curRange;
def->active = TRUE;
if ( (FT_ULong)args[0] > CUR.maxIns )
CUR.maxIns = args[0];
CUR.maxIns = (FT_Byte)args[0];
/* Now skip the whole function definition. */
/* We don't allow nested IDEFs & FDEFs. */