From e891e4d6f130408d171724723673472a4e0359f9 Mon Sep 17 00:00:00 2001 From: suzuki toshiya Date: Thu, 4 Nov 2010 21:53:11 +0900 Subject: [PATCH] [UVS] Stabilizes UVS supporting functions against non-UVS fonts. UVS supporting functions assume the variation handler functions are valid. When a font without cmap format 14 is given, these function pointers are left as NULL, so calling these functions causes NULL pointer dereference. * src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer FT_CMap_Class->char_var_index before calling it. (FT_Face_GetCharVariantIsDefault): Check the pointer FT_CMap_Class->char_var_default before calling it. (FT_Face_GetVariantSelectors): Check the pointer FT_CMap_Class->variant_list before calling it. (FT_Face_GetVariantsOfChar): Check the pointer FT_CMap_Class->charvariant_list before calling it. (FT_Face_GetCharsOfVariant): Check the pointer FT_CMap_Class->variantchar_list before calling it. --- ChangeLog | 20 ++++++++++++++++++++ src/base/ftobjs.c | 20 ++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6e896b6fd..72e2d3b0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,23 @@ +2010-11-04 suzuki toshiya + + [UVS] Stabilizes UVS supporting functions against non-UVS fonts. + + UVS supporting functions assume the variation handler functions + are valid. When fonts without cmap format 14 is given, these + function pointers are left as NULL, so calling these functions + causes NULL pointer dereference. + + * src/base/ftobjs.c (FT_Face_GetCharVariantIndex): Check the pointer + FT_CMap_Class->char_var_index before calling it. + (FT_Face_GetCharVariantIsDefault): Check the pointer + FT_CMap_Class->char_var_default before calling it. + (FT_Face_GetVariantSelectors): Check the pointer + FT_CMap_Class->variant_list before calling it. + (FT_Face_GetVariantsOfChar): Check the pointer + FT_CMap_Class->charvariant_list before calling it. + (FT_Face_GetCharsOfVariant): Check the pointer + FT_CMap_Class->variantchar_list before calling it. + 2010-11-01 Alexei Podtelezhnikov [ftsmooth] Improve rendering. diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index d12a71bb6..31af7b6e2 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -3291,6 +3291,10 @@ FT_CMap vcmap = FT_CMAP( charmap ); + /* font without TT cmap format 14 has no char_var_index() */ + if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_index ) ) + return result; + if ( charcode > 0xFFFFFFFFUL ) { FT_TRACE1(( "FT_Get_Char_Index: too large charcode" )); @@ -3332,6 +3336,10 @@ FT_CMap vcmap = FT_CMAP( charmap ); + /* font without TT cmap format 14 has no char_var_index() */ + if ( !( vcmap->clazz ) || !( vcmap->clazz->char_var_default ) ) + return result; + if ( charcode > 0xFFFFFFFFUL ) { FT_TRACE1(( "FT_Get_Char_Index: too large charcode" )); @@ -3372,6 +3380,10 @@ FT_Memory memory = FT_FACE_MEMORY( face ); + /* font without TT cmap format 14 has no variant_list() */ + if ( !( vcmap->clazz ) || !( vcmap->clazz->variant_list ) ) + return result; + result = vcmap->clazz->variant_list( vcmap, memory ); } } @@ -3400,6 +3412,10 @@ FT_Memory memory = FT_FACE_MEMORY( face ); + /* font without TT cmap format 14 has no charvariant_list() */ + if ( !( vcmap->clazz ) || !( vcmap->clazz->charvariant_list ) ) + return result; + if ( charcode > 0xFFFFFFFFUL ) { FT_TRACE1(( "FT_Get_Char_Index: too large charcode" )); @@ -3434,6 +3450,10 @@ FT_Memory memory = FT_FACE_MEMORY( face ); + /* font without TT cmap format 14 has no variantchar_list() */ + if ( !( vcmap->clazz ) || !( vcmap->clazz->variantchar_list ) ) + return result; + if ( variantSelector > 0xFFFFFFFFUL ) { FT_TRACE1(( "FT_Get_Char_Index: too large variantSelector" ));