[ot-color/png] sbix runtime memory check

This commit is contained in:
Ebrahim Byagowi 2018-10-27 10:50:53 +03:30
parent 265ad408ca
commit 6a38fd68a8
3 changed files with 21 additions and 17 deletions

View File

@ -504,15 +504,13 @@ struct CBDT
}
}
inline hb_blob_t* reference_blob_for_glyph (hb_codepoint_t glyph_id,
unsigned int requested_x_ppem,
unsigned int requested_y_ppem,
unsigned int *strike_x_ppem,
unsigned int *strike_y_ppem) const
inline hb_blob_t* reference_blob_for_glyph (hb_codepoint_t glyph_id HB_UNUSED,
unsigned int requested_x_ppem HB_UNUSED,
unsigned int requested_y_ppem HB_UNUSED,
unsigned int *strike_x_ppem HB_UNUSED,
unsigned int *strike_y_ppem HB_UNUSED) const
{
// if (unlikely (cbdt_len == 0))
return hb_blob_get_empty ();
// return svg->get_glyph_entry (glyph_id).reference_blob (svg_blob, svg->svgDocEntries);
}
inline bool has_data () const

View File

@ -82,6 +82,7 @@ struct SBIXStrike
inline hb_blob_t *get_glyph_blob (unsigned int glyph_id,
hb_blob_t *sbix_blob,
unsigned int sbix_len,
unsigned int strike_offset,
unsigned int *x_offset,
unsigned int *y_offset,
@ -91,6 +92,9 @@ struct SBIXStrike
if (imageOffsetsZ[glyph_id + 1] - imageOffsetsZ[glyph_id] == 0)
return hb_blob_get_empty ();
if (strike_offset + (unsigned int) imageOffsetsZ[glyph_id] + SBIXGlyph::min_size > sbix_len)
return hb_blob_get_empty ();
const SBIXGlyph *glyph = &(this+imageOffsetsZ[glyph_id]);
if (unlikely (glyph->graphicType == HB_TAG ('d','u','p','e') &&
blob_size (glyph_id) >= 2))
@ -100,6 +104,8 @@ struct SBIXStrike
{
glyph = &(this+imageOffsetsZ[new_glyph_id]);
glyph_id = new_glyph_id;
if (strike_offset + (unsigned int) imageOffsetsZ[glyph_id] + SBIXGlyph::min_size > sbix_len)
return hb_blob_get_empty ();
}
}
if (unlikely (requested_file_type != glyph->graphicType))
@ -155,18 +161,18 @@ struct sbix
const SBIXStrike &strike = sbix_table+sbix_table->strikes[group];
for (unsigned int glyph_id = 0; glyph_id < num_glyphs; glyph_id++)
{
unsigned int x_offset, y_offset;
hb_tag_t tag;
hb_blob_t *blob;
blob = strike.get_glyph_blob (glyph_id, sbix_blob, sbix_table->strikes[group],
&x_offset, &x_offset,
blob = strike.get_glyph_blob (glyph_id, sbix_blob, sbix_len,
sbix_table->strikes[group],
nullptr, nullptr,
HB_TAG('p','n','g',' '), num_glyphs);
if (hb_blob_get_length (blob)) callback (blob, group, glyph_id);
}
}
}
inline hb_blob_t* reference_blob_for_glyph (hb_codepoint_t glyph_id,
inline hb_blob_t *reference_blob_for_glyph (hb_codepoint_t glyph_id,
unsigned int ptem HB_UNUSED,
unsigned int requested_ppem,
unsigned int requested_file_type,
@ -187,7 +193,8 @@ struct sbix
const SBIXStrike &strike = sbix_table+sbix_table->strikes[group];
if (available_x_ppem) *available_x_ppem = strike.get_ppem ();
if (available_y_ppem) *available_y_ppem = strike.get_ppem ();
return strike.get_glyph_blob (glyph_id, sbix_blob, sbix_table->strikes[group],
return strike.get_glyph_blob (glyph_id, sbix_blob, sbix_len,
sbix_table->strikes[group],
nullptr, nullptr, requested_file_type, num_glyphs);
}
@ -200,7 +207,6 @@ struct sbix
unsigned int sbix_len;
unsigned int num_glyphs;
hb_vector_t<hb_vector_t<unsigned int> > data_offsets;
};
protected:

View File

@ -50,7 +50,7 @@ struct SVGDocumentIndexEntry
return b->cmp (*a);
}
inline hb_blob_t* reference_blob (hb_blob_t *svg_blob, unsigned int index_offset) const
inline hb_blob_t *reference_blob (hb_blob_t *svg_blob, unsigned int index_offset) const
{
if (svgDocLength == 0) return hb_blob_get_empty ();
return hb_blob_create_sub_blob (svg_blob, (unsigned int) svgDoc + index_offset,
@ -95,7 +95,7 @@ struct SVG
hb_blob_destroy (svg_blob);
}
inline hb_blob_t* reference_blob_for_glyph (hb_codepoint_t glyph_id) const
inline hb_blob_t *reference_blob_for_glyph (hb_codepoint_t glyph_id) const
{
if (unlikely (svg_len == 0))
return hb_blob_get_empty ();