[truetype] Improve the recursive reference detector.

The previous fix for #46372 misunderstood a composite glyph referring
same component twice as a recursive reference.  See the discussion

http://lists.gnu.org/archive/html/freetype/2016-05/msg00000.html

Thanks to Khaled Hosny for finding this issue.

* src/truetype/ttgload.c (ft_list_get_node_at): A function to get
the i-th node from FT_List.  (load_truetype_glyph): In the traversal
scan of the reference tree in the composite glyph, we clear the
nodes filled by previous sibling chain.
This commit is contained in:
suzuki toshiya 2016-05-16 21:54:32 +09:00
parent cdc8f4d933
commit a7d8bdbcfe
2 changed files with 51 additions and 3 deletions

@ -1,3 +1,19 @@
2016-05-16 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
[truetype] Improve the recursive reference detector.
The previous fix for #46372 misunderstood a composite glyph referring
same component twice as a recursive reference. See the discussion
http://lists.gnu.org/archive/html/freetype/2016-05/msg00000.html
Thanks to Khaled Hosny for finding this issue.
* src/truetype/ttgload.c (ft_list_get_node_at): A function to get
the i-th node from FT_List. (load_truetype_glyph): In the traversal
scan of the reference tree in the composite glyph, we clear the
nodes filled by previous sibling chain.
2016-05-07 Werner Lemberg <wl@gnu.org>
[cache] Allow value 0 for face ID.

@ -1369,6 +1369,29 @@
#endif /* !TT_CONFIG_OPTION_SUBPIXEL_HINTING */
/* a utility function to retrieve i-th node from given FT_List */
static FT_ListNode
ft_list_get_node_at( FT_List list,
FT_UInt index )
{
FT_ListNode cur;
if ( !list )
return NULL;
for ( cur = list->head; cur; cur = cur->next )
{
if ( !index )
return cur;
index --;
}
return NULL;
}
/*************************************************************************/
/* */
/* <Function> */
@ -1640,6 +1663,7 @@
FT_UInt start_point;
FT_UInt start_contour;
FT_ULong ins_pos; /* position of composite instructions, if any */
FT_ListNode node, node2;
/*
@ -1649,6 +1673,13 @@
* pointers with a width of at least 32 bits.
*/
/* clear the nodes filled by sibling chains */
node = ft_list_get_node_at( &loader->composites, recurse_count );
for ( node2 = node ; node2 ; node2 = node2->next )
node2->data = (void*)ULONG_MAX;
/* check whether we already have a composite glyph with this index */
if ( FT_List_Find( &loader->composites,
(void*)(unsigned long)glyph_index ) )
@ -1658,11 +1689,12 @@
error = FT_THROW( Invalid_Composite );
goto Exit;
}
else if ( node )
{
node->data = (void*)(unsigned long)glyph_index;
}
else
{
FT_ListNode node = NULL;
if ( FT_NEW( node ) )
goto Exit;
node->data = (void*)(unsigned long)glyph_index;