[114266] trunk/dports/print/freetype
ryandesign at macports.org
ryandesign at macports.org
Tue Dec 3 22:04:39 PST 2013
Revision: 114266
https://trac.macports.org/changeset/114266
Author: ryandesign at macports.org
Date: 2013-12-03 22:04:38 -0800 (Tue, 03 Dec 2013)
Log Message:
-----------
freetype: fix crash in TT_Load_Simple_Glyph (#41645)
Modified Paths:
--------------
trunk/dports/print/freetype/Portfile
Added Paths:
-----------
trunk/dports/print/freetype/files/patch-TT_Load_Simple_Glyph.diff
Modified: trunk/dports/print/freetype/Portfile
===================================================================
--- trunk/dports/print/freetype/Portfile 2013-12-04 05:21:49 UTC (rev 114265)
+++ trunk/dports/print/freetype/Portfile 2013-12-04 06:04:38 UTC (rev 114266)
@@ -6,6 +6,7 @@
name freetype
version 2.5.1
+revision 1
categories print graphics
maintainers ryandesign
license {FreeType GPL-2}
@@ -43,6 +44,7 @@
patchfiles \
patch-src_base_ftrfork.c.diff \
+ patch-TT_Load_Simple_Glyph.diff \
patch-modules.cfg.diff
depends_lib port:bzip2 \
Added: trunk/dports/print/freetype/files/patch-TT_Load_Simple_Glyph.diff
===================================================================
--- trunk/dports/print/freetype/files/patch-TT_Load_Simple_Glyph.diff (rev 0)
+++ trunk/dports/print/freetype/files/patch-TT_Load_Simple_Glyph.diff 2013-12-04 06:04:38 UTC (rev 114266)
@@ -0,0 +1,86 @@
+Fix crash in TT_Load_Simple_Glyph
+https://savannah.nongnu.org/bugs/?40797
+http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=64872a50165d842d72c520f5f7e19124dbf7822d
+--- ChangeLog.orig 2013-11-24 17:27:44.000000000 -0600
++++ ChangeLog 2013-12-03 23:58:38.000000000 -0600
+@@ -1,3 +1,16 @@
++2013-12-02 Werner Lemberg <wl at gnu.org>
++
++ [truetype] Fix change from 2013-11-20.
++
++ Problem reported by Akira Kakuto <kakuto at fuk.kindai.ac.jp>.
++
++ * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Protect call to
++ `Update_Max' with both a TT_USE_BYTECODE_INTERPRETER guard and a
++ `IS_HINTED' clause.
++ Also remove redundant check using `maxSizeOfInstructions' – in
++ simple glyphs, the bytecode data comes before the outline data, and
++ a validity test for this is already present.
++
+ 2013-11-25 Werner Lemberg <wl at gnu.org>
+
+ * Version 2.5.1 released.
+--- src/truetype/ttgload.c.orig 2013-11-20 14:03:17.000000000 -0600
++++ src/truetype/ttgload.c 2013-12-03 23:54:56.000000000 -0600
+@@ -348,8 +348,7 @@
+ FT_GlyphLoader gloader = load->gloader;
+ FT_Int n_contours = load->n_contours;
+ FT_Outline* outline;
+- TT_Face face = (TT_Face)load->face;
+- FT_UShort n_ins, max_ins;
++ FT_UShort n_ins;
+ FT_Int n_points;
+ FT_ULong tmp;
+
+@@ -418,30 +417,6 @@
+ FT_TRACE5(( " Instructions size: %u\n", n_ins ));
+
+ /* check it */
+- max_ins = face->max_profile.maxSizeOfInstructions;
+- if ( n_ins > max_ins )
+- {
+- /* don't trust `maxSizeOfInstructions'; */
+- /* only do a rough safety check */
+- if ( (FT_Int)n_ins > load->byte_len )
+- {
+- FT_TRACE1(( "TT_Load_Simple_Glyph:"
+- " too many instructions (%d) for glyph with length %d\n",
+- n_ins, load->byte_len ));
+- return FT_THROW( Too_Many_Hints );
+- }
+-
+- tmp = load->exec->glyphSize;
+- error = Update_Max( load->exec->memory,
+- &tmp,
+- sizeof ( FT_Byte ),
+- (void*)&load->exec->glyphIns,
+- n_ins );
+- load->exec->glyphSize = (FT_UShort)tmp;
+- if ( error )
+- return error;
+- }
+-
+ if ( ( limit - p ) < n_ins )
+ {
+ FT_TRACE0(( "TT_Load_Simple_Glyph: instruction count mismatch\n" ));
+@@ -453,6 +428,20 @@
+
+ if ( IS_HINTED( load->load_flags ) )
+ {
++ /* we don't trust `maxSizeOfInstructions' in the `maxp' table */
++ /* and thus update the bytecode array size by ourselves */
++
++ tmp = load->exec->glyphSize;
++ error = Update_Max( load->exec->memory,
++ &tmp,
++ sizeof ( FT_Byte ),
++ (void*)&load->exec->glyphIns,
++ n_ins );
++
++ load->exec->glyphSize = (FT_UShort)tmp;
++ if ( error )
++ return error;
++
+ load->glyph->control_len = n_ins;
+ load->glyph->control_data = load->exec->glyphIns;
+
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/macports-changes/attachments/20131203/c890a22e/attachment-0001.html>
More information about the macports-changes
mailing list