freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master 8f633a0: [cff] Better handling of non-CFF font format

From: Werner LEMBERG
Subject: [freetype2] master 8f633a0: [cff] Better handling of non-CFF font formats.
Date: Sun, 18 Dec 2016 05:43:05 +0000 (UTC) 
branch: master
commit 8f633a08f1b7e5f64d2afd3805f6fb491f8c7086
Author: Werner Lemberg <address@hidden>
Commit: Werner Lemberg <address@hidden>

    [cff] Better handling of non-CFF font formats.
    
    * src/cff/cffload.c (cff_font_load): Pure CFFs don't have a
    signature, so return `FT_Err_Unknown_File_Format' more often.
---
 ChangeLog         |    7 +++++++
 src/cff/cffload.c |   32 +++++++++++++++++++++++++++++---
 2 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7b994d2..7011d05 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2016-12-18  Werner Lemberg  <address@hidden>
+
+       [cff] Better handling of non-CFF font formats.
+
+       * src/cff/cffload.c (cff_font_load): Pure CFFs don't have a
+       signature, so return `FT_Err_Unknown_File_Format' more often.
+
 2016-12-17  Werner Lemberg  <address@hidden>
 
        * src/cff/cffload.c (cff_build_blend_vector): Remove redundant code.
diff --git a/src/cff/cffload.c b/src/cff/cffload.c
index f8cac42..d347b0a 100644
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c
@@ -2111,8 +2111,15 @@
     }
     else
     {
+      FT_Byte  absolute_offset;
+
+
+      if ( FT_READ_BYTE( absolute_offset ) )
+        goto Exit;
+
       if ( font->version_major != 1 ||
-           font->header_size < 4    )
+           font->header_size < 4    ||
+           absolute_offset > 4      )
       {
         FT_TRACE2(( "  not a CFF font header\n" ));
         error = FT_THROW( Unknown_File_Format );
@@ -2122,7 +2129,17 @@
 
     /* skip the rest of the header */
     if ( FT_STREAM_SEEK( base_offset + font->header_size ) )
+    {
+      /* For pure CFFs we have read only four bytes so far.  Contrary to */
+      /* other formats like SFNT those bytes doesn't define a signature; */
+      /* it is thus possible that the font isn't a CFF at all.           */
+      if ( pure_cff )
+      {
+        FT_TRACE2(( "  not a CFF file\n" ));
+        error = FT_THROW( Unknown_File_Format );
+      }
       goto Exit;
+    }
 
     if ( cff2 )
     {
@@ -2150,8 +2167,17 @@
     {
       /* for CFF, read the name, top dict, string and global subrs index */
       if ( FT_SET_ERROR( cff_index_init( &font->name_index,
-                                         stream, 0, cff2 ) )                 ||
-           FT_SET_ERROR( cff_index_init( &font->font_dict_index,
+                                         stream, 0, cff2 ) ) )
+      {
+        if ( pure_cff )
+        {
+          FT_TRACE2(( "  not a CFF file\n" ));
+          error = FT_THROW( Unknown_File_Format );
+        }
+        goto Exit;
+      }
+
+      if ( FT_SET_ERROR( cff_index_init( &font->font_dict_index,
                                          stream, 0, cff2 ) )                 ||
            FT_SET_ERROR( cff_index_init( &string_index,
                                          stream, 1, cff2 ) )                 ||
reply via email to
[Prev in Thread] Current Thread [Next in Thread]