diff --git a/ChangeLog b/ChangeLog index 72abfac96..f5bf6cecf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2010-06-25 Werner Lemberg + + Add some memory checks (mainly for debugging). + + * src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error + if the frame size is larger than the stream size. + + * src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if + seeking a position larger than the stream size. + 2010-06-25 Werner Lemberg Fix Savannah bug #30261. diff --git a/include/freetype/ftsystem.h b/include/freetype/ftsystem.h index d8aa44fb4..e07460c55 100644 --- a/include/freetype/ftsystem.h +++ b/include/freetype/ftsystem.h @@ -4,7 +4,7 @@ /* */ /* FreeType low-level system interface definition (specification). */ /* */ -/* Copyright 1996-2001, 2002, 2005 by */ +/* Copyright 1996-2001, 2002, 2005, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -240,7 +240,8 @@ FT_BEGIN_HEADER * * @note: * This function might be called to perform a seek or skip operation - * with a `count' of~0. + * with a `count' of~0. A non-zero return value then indicates an + * error. * */ typedef unsigned long diff --git a/src/base/ftstream.c b/src/base/ftstream.c index b638599db..9b087ac4d 100644 --- a/src/base/ftstream.c +++ b/src/base/ftstream.c @@ -4,7 +4,7 @@ /* */ /* I/O stream support (body). */ /* */ -/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009 by */ +/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -246,6 +246,18 @@ /* allocate the frame in memory */ FT_Memory memory = stream->memory; + + /* simple sanity check */ + if ( count > stream->size ) + { + FT_ERROR(( "FT_Stream_EnterFrame:" + " frame size (%lu) larger than stream size (%lu)\n", + count, stream->size )); + + error = FT_Err_Invalid_Stream_Operation; + goto Exit; + } + #ifdef FT_DEBUG_MEMORY /* assume _ft_debug_file and _ft_debug_lineno are already set */ stream->base = (unsigned char*)ft_mem_qalloc( memory, count, &error ); diff --git a/src/base/ftsystem.c b/src/base/ftsystem.c index 4d06d6db5..ba86005c5 100644 --- a/src/base/ftsystem.c +++ b/src/base/ftsystem.c @@ -4,7 +4,7 @@ /* */ /* ANSI-specific FreeType low-level system interface (body). */ /* */ -/* Copyright 1996-2001, 2002, 2006, 2008, 2009 by */ +/* Copyright 1996-2001, 2002, 2006, 2008, 2009, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -192,7 +192,9 @@ /* count :: The number of bytes to read from the stream. */ /* */ /* */ - /* The number of bytes actually read. */ + /* The number of bytes actually read. If `count' is zero (this is, */ + /* the function is used for seeking), a non-zero return value */ + /* indicates an error. */ /* */ FT_CALLBACK_DEF( unsigned long ) ft_ansi_stream_io( FT_Stream stream, @@ -203,6 +205,9 @@ FT_FILE* file; + if ( !count && offset > stream->size ) + return 1; + file = STREAM_FILE( stream ); if ( stream->pos != offset )