walkero
/
harfbuzz
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[cbdt] Last of sanitization fixes 

Should be all good now..
This commit is contained in:
Behdad Esfahbod 2016-12-02 22:43:05 -08:00
parent d495fc5e38
commit c27d6fcf8d
1 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/hb-ot-font.cc
View File

@ -215,22 +215,25 @@ struct hb_ot_face_cbdt_accelerator_t
const OT::CBLC *cblc; const OT::CBLC *cblc;
const OT::CBDT *cbdt; const OT::CBDT *cbdt;
float upem = 0.0f; unsigned int cbdt_len;
float upem;
inline void init (hb_face_t *face) inline void init (hb_face_t *face)
{ {
this->cblc_blob = OT::Sanitizer<OT::CBLC>::sanitize (face->reference_table (HB_OT_TAG_CBLC)); upem = face->get_upem();
this->cbdt_blob = OT::Sanitizer<OT::CBDT>::sanitize (face->reference_table (HB_OT_TAG_CBDT));
if (hb_blob_get_length (this->cblc_blob) == 0) { cblc_blob = OT::Sanitizer<OT::CBLC>::sanitize (face->reference_table (HB_OT_TAG_CBLC));
cbdt_blob = OT::Sanitizer<OT::CBDT>::sanitize (face->reference_table (HB_OT_TAG_CBDT));
cbdt_len = hb_blob_get_length (cbdt_blob);
if (hb_blob_get_length (cblc_blob) == 0) {
cblc = NULL; cblc = NULL;
cbdt = NULL; cbdt = NULL;
return; /* Not a bitmap font. */ return; /* Not a bitmap font. */
} }
cblc = OT::Sanitizer<OT::CBLC>::lock_instance (this->cblc_blob); cblc = OT::Sanitizer<OT::CBLC>::lock_instance (cblc_blob);
cbdt = OT::Sanitizer<OT::CBDT>::lock_instance (this->cbdt_blob); cbdt = OT::Sanitizer<OT::CBDT>::lock_instance (cbdt_blob);
upem = face->get_upem();
} }
inline void fini (void) inline void fini (void)
@ -263,9 +266,15 @@ struct hb_ot_face_cbdt_accelerator_t
if (!subtable_record->get_image_data (glyph, &image_offset, &image_length, &image_format)) if (!subtable_record->get_image_data (glyph, &image_offset, &image_length, &image_format))
return false; return false;
if (unlikely (image_offset > cbdt_len || cbdt_len - image_offset < image_length))
return false;
switch (image_format) switch (image_format)
{ {
case 17: { case 17: {
if (unlikely (image_length < OT::GlyphBitmapDataFormat17::min_size))
return false;
const OT::GlyphBitmapDataFormat17& glyphFormat17 = const OT::GlyphBitmapDataFormat17& glyphFormat17 =
OT::StructAtOffset<OT::GlyphBitmapDataFormat17> (this->cbdt, image_offset); OT::StructAtOffset<OT::GlyphBitmapDataFormat17> (this->cbdt, image_offset);
glyphFormat17.glyphMetrics.get_extents (extents); glyphFormat17.glyphMetrics.get_extents (extents);