summaryrefslogtreecommitdiffstats
path: root/modules/freetype2/src/cff/cffparse.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/freetype2/src/cff/cffparse.c')
-rw-r--r--modules/freetype2/src/cff/cffparse.c99
1 files changed, 86 insertions, 13 deletions
diff --git a/modules/freetype2/src/cff/cffparse.c b/modules/freetype2/src/cff/cffparse.c
index ee538c360..b9611cf54 100644
--- a/modules/freetype2/src/cff/cffparse.c
+++ b/modules/freetype2/src/cff/cffparse.c
@@ -4,7 +4,7 @@
/* */
/* CFF token stream parser (body) */
/* */
-/* Copyright 1996-2016 by */
+/* Copyright 1996-2018 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -20,10 +20,11 @@
#include "cffparse.h"
#include FT_INTERNAL_STREAM_H
#include FT_INTERNAL_DEBUG_H
+#include FT_INTERNAL_CALC_H
+#include FT_INTERNAL_POSTSCRIPT_AUX_H
#include "cfferrs.h"
#include "cffpic.h"
-#include "cffgload.h"
#include "cffload.h"
@@ -156,6 +157,22 @@
1000000000L
};
+ /* maximum values allowed for multiplying */
+ /* with the corresponding `power_tens' element */
+ static const FT_Long power_ten_limits[] =
+ {
+ FT_LONG_MAX / 1L,
+ FT_LONG_MAX / 10L,
+ FT_LONG_MAX / 100L,
+ FT_LONG_MAX / 1000L,
+ FT_LONG_MAX / 10000L,
+ FT_LONG_MAX / 100000L,
+ FT_LONG_MAX / 1000000L,
+ FT_LONG_MAX / 10000000L,
+ FT_LONG_MAX / 100000000L,
+ FT_LONG_MAX / 1000000000L,
+ };
+
/* read a real */
static FT_Fixed
@@ -448,9 +465,21 @@
/* 16.16 fixed point is used internally for CFF2 blend results. */
/* Since these are trusted values, a limit check is not needed. */
- /* After the 255, 4 bytes are in host order. */
- /* Blend result is rounded to integer. */
- return (FT_Long)( *( (FT_UInt32 *) ( d[0] + 1 ) ) + 0x8000U ) >> 16;
+ /* After the 255, 4 bytes give the number. */
+ /* The blend value is converted to integer, with rounding; */
+ /* due to the right-shift we don't need the lowest byte. */
+#if 0
+ return (FT_Short)(
+ ( ( ( (FT_UInt32)*( d[0] + 1 ) << 24 ) |
+ ( (FT_UInt32)*( d[0] + 2 ) << 16 ) |
+ ( (FT_UInt32)*( d[0] + 3 ) << 8 ) |
+ (FT_UInt32)*( d[0] + 4 ) ) + 0x8000U ) >> 16 );
+#else
+ return (FT_Short)(
+ ( ( ( (FT_UInt32)*( d[0] + 1 ) << 16 ) |
+ ( (FT_UInt32)*( d[0] + 2 ) << 8 ) |
+ (FT_UInt32)*( d[0] + 3 ) ) + 0x80U ) >> 8 );
+#endif
}
else
@@ -472,7 +501,15 @@
if ( scaling )
+ {
+ if ( FT_ABS( val ) > power_ten_limits[scaling] )
+ {
+ val = val > 0 ? 0x7FFFFFFFL : -0x7FFFFFFFL;
+ goto Overflow;
+ }
+
val *= power_tens[scaling];
+ }
if ( val > 0x7FFF )
{
@@ -882,8 +919,6 @@
FT_Error error;
- error = FT_ERR( Stack_Underflow );
-
if ( !priv || !priv->subfont )
{
error = FT_THROW( Invalid_File_Format );
@@ -914,7 +949,9 @@
goto Exit;
}
- FT_TRACE4(( " %d values blended\n", numBlends ));
+ FT_TRACE4(( " %d value%s blended\n",
+ numBlends,
+ numBlends == 1 ? "" : "s" ));
error = cff_blend_doBlend( subFont, parser, numBlends );
@@ -1113,6 +1150,8 @@
#define CFF_FIELD_DELTA( code, name, max, id ) i++;
#undef CFF_FIELD_CALLBACK
#define CFF_FIELD_CALLBACK( code, name, id ) i++;
+#undef CFF_FIELD_BLEND
+#define CFF_FIELD_BLEND( code, id ) i++;
#include "cfftoken.h"
@@ -1160,6 +1199,17 @@
clazz[i].count_offset = FT_FIELD_OFFSET( num_ ## name_ ); \
i++;
+#undef CFF_FIELD_BLEND
+#define CFF_FIELD_BLEND( code_, id_ ) \
+ clazz[i].kind = cff_kind_blend; \
+ clazz[i].code = code_ | CFFCODE; \
+ clazz[i].offset = 0; \
+ clazz[i].size = 0; \
+ clazz[i].reader = cff_parse_blend; \
+ clazz[i].array_max = 0; \
+ clazz[i].count_offset = 0; \
+ i++;
+
#include "cfftoken.h"
clazz[i].kind = 0;
@@ -1210,6 +1260,18 @@
clazz[i].id = id_; \
i++;
+#undef CFF_FIELD_BLEND
+#define CFF_FIELD_BLEND( code_, id_ ) \
+ clazz[i].kind = cff_kind_blend; \
+ clazz[i].code = code_ | CFFCODE; \
+ clazz[i].offset = 0; \
+ clazz[i].size = 0; \
+ clazz[i].reader = cff_parse_blend; \
+ clazz[i].array_max = 0; \
+ clazz[i].count_offset = 0; \
+ clazz[i].id = id_; \
+ i++;
+
#include "cfftoken.h"
clazz[i].kind = 0;
@@ -1239,9 +1301,14 @@
FT_Byte* start,
FT_Byte* limit )
{
+#ifdef CFF_CONFIG_OPTION_OLD_ENGINE
+ PSAux_Service psaux;
+#endif
+
FT_Byte* p = start;
FT_Error error = FT_Err_Ok;
FT_Library library = parser->library;
+
FT_UNUSED( library );
@@ -1328,10 +1395,16 @@
cff_rec.top_font.font_dict.num_axes = parser->num_axes;
decoder.cff = &cff_rec;
- error = cff_decoder_parse_charstrings( &decoder,
- charstring_base,
- charstring_len,
- 1 );
+ psaux = (PSAux_Service)FT_Get_Module_Interface( library, "psaux" );
+ if ( !psaux )
+ {
+ FT_ERROR(( "cff_parser_run: cannot access `psaux' module\n" ));
+ error = FT_THROW( Missing_Module );
+ goto Exit;
+ }
+
+ error = psaux->cff_decoder_funcs->parse_charstrings_old(
+ &decoder, charstring_base, charstring_len, 1 );
/* Now copy the stack data in the temporary decoder object, */
/* converting it back to charstring number representations */
@@ -1550,7 +1623,7 @@
val = 0;
while ( num_args > 0 )
{
- val += cff_parse_num( parser, data++ );
+ val = ADD_LONG( val, cff_parse_num( parser, data++ ) );
switch ( field->size )
{
case (8 / FT_CHAR_BIT):
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 13:57:04 +0000