Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2.

* src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle `count_offset' if it is zero (i.e., unused). Otherwise, the first element of the structure which holds the data is erroneously modified. Problem reported by Chi Nguyen <chint@necsv.com>.
2009-01-09 07:58:08 +00:00 · 2009-01-09 07:58:08 +00:00 · 9d83d29028
parent a7c00b79e0
commit 9d83d29028
3 changed files with 19 additions and 5 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+2009-01-09  Werner Lemberg  <wl@gnu.org>
+
+	Fix problem with T1_FIELD_{NUM,FIXED}_TABLE2.
+
+	* src/psaux/psobjs.c (ps_parser_load_field_table): Don't handle
+	`count_offset' if it is zero (i.e., unused).  Otherwise, the first
+	element of the structure which holds the data is erroneously
+	modified.  Problem reported by Chi Nguyen <chint@necsv.com>.
+
 2009-01-09  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>

 	* src/base/ftadvanc.c (_ft_face_scale_advances, FT_Get_Advance,
--- a/include/freetype/internal/psaux.h
+++ b/include/freetype/internal/psaux.h
@ -5,7 +5,7 @@
 /*    Auxiliary functions and data structures related to PostScript fonts  */
 /*    (specification).                                                     */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008 by                   */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008, 2009 by             */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@ -227,7 +227,11 @@ FT_BEGIN_HEADER
    FT_UInt             array_max;    /* maximal number of elements for */
                                      /* array                          */
    FT_UInt             count_offset; /* offset of element count for    */
-                                      /* arrays                         */
+                                      /* arrays; must not be zero if in */
+                                      /* use -- in other words, a       */
+                                      /* `num_FOO' element must not     */
+                                      /* start the used structure if we */
+                                      /* parse a `FOO' array            */
    FT_UInt             dict;         /* where we expect it             */
  } T1_FieldRec;

--- a/src/psaux/psobjs.c
+++ b/src/psaux/psobjs.c
@ -4,7 +4,7 @@
 /*                                                                         */
 /*    Auxiliary functions for PostScript fonts (body).                     */
 /*                                                                         */
-/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by       */
+/*  Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */
 /*  David Turner, Robert Wilhelm, and Werner Lemberg.                      */
 /*                                                                         */
 /*  This file is part of the FreeType project, and may only be used,       */
@ -1265,8 +1265,9 @@
    old_cursor = parser->cursor;
    old_limit  = parser->limit;

-    /* we store the elements count if necessary */
-    if ( field->type != T1_FIELD_TYPE_BBOX )
+    /* we store the elements count if necessary;           */
+    /* we further assume that `count_offset' can't be zero */
+    if ( field->type != T1_FIELD_TYPE_BBOX && field->count_offset != 0 )
      *(FT_Byte*)( (FT_Byte*)objects[0] + field->count_offset ) =
        (FT_Byte)num_elements;