| Index: third_party/freetype/src/type1/t1parse.c
|
| diff --git a/third_party/freetype/src/type1/t1parse.c b/third_party/freetype/src/type1/t1parse.c
|
| index ccf9f4cc560e58368956d0dea6c54ea016a39270..0b685026067910bcf7fb45e4bfe3d13c9fe36be8 100644
|
| --- a/third_party/freetype/src/type1/t1parse.c
|
| +++ b/third_party/freetype/src/type1/t1parse.c
|
| @@ -4,7 +4,7 @@
|
| /* */
|
| /* Type 1 parser (body). */
|
| /* */
|
| -/* Copyright 1996-2005, 2008, 2009, 2012-2014 by */
|
| +/* Copyright 1996-2015 by */
|
| /* David Turner, Robert Wilhelm, and Werner Lemberg. */
|
| /* */
|
| /* This file is part of the FreeType project, and may only be used, */
|
| @@ -143,13 +143,13 @@
|
| FT_ULong size;
|
|
|
|
|
| - psaux->ps_parser_funcs->init( &parser->root, 0, 0, memory );
|
| + psaux->ps_parser_funcs->init( &parser->root, NULL, NULL, memory );
|
|
|
| parser->stream = stream;
|
| parser->base_len = 0;
|
| - parser->base_dict = 0;
|
| + parser->base_dict = NULL;
|
| parser->private_len = 0;
|
| - parser->private_dict = 0;
|
| + parser->private_dict = NULL;
|
| parser->in_pfb = 0;
|
| parser->in_memory = 0;
|
| parser->single_block = 0;
|
| @@ -273,7 +273,7 @@
|
| /* made of several segments. We thus first read the number of */
|
| /* segments to compute the total size of the private dictionary */
|
| /* then re-read them into memory. */
|
| - FT_Long start_pos = FT_STREAM_POS();
|
| + FT_ULong start_pos = FT_STREAM_POS();
|
| FT_UShort tag;
|
|
|
|
|
| @@ -334,7 +334,6 @@
|
| /* first of all, look at the `eexec' keyword */
|
| FT_Byte* cur = parser->base_dict;
|
| FT_Byte* limit = cur + parser->base_len;
|
| - FT_Byte c;
|
| FT_Pointer pos_lf;
|
| FT_Bool test_cr;
|
|
|
| @@ -342,9 +341,9 @@
|
| Again:
|
| for (;;)
|
| {
|
| - c = cur[0];
|
| - if ( c == 'e' && cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */
|
| - /* whitespace + 4 chars */
|
| + if ( cur[0] == 'e' &&
|
| + cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */
|
| + /* whitespace + 4 chars */
|
| {
|
| if ( cur[1] == 'e' &&
|
| cur[2] == 'x' &&
|
| @@ -374,8 +373,15 @@
|
|
|
| while ( cur < limit )
|
| {
|
| - if ( *cur == 'e' && ft_strncmp( (char*)cur, "eexec", 5 ) == 0 )
|
| - goto Found;
|
| + if ( cur[0] == 'e' &&
|
| + cur + 5 < limit )
|
| + {
|
| + if ( cur[1] == 'e' &&
|
| + cur[2] == 'x' &&
|
| + cur[3] == 'e' &&
|
| + cur[4] == 'c' )
|
| + goto Found;
|
| + }
|
|
|
| T1_Skip_PS_Token( parser );
|
| if ( parser->root.error )
|
| @@ -389,6 +395,15 @@
|
|
|
| cur = limit;
|
| limit = parser->base_dict + parser->base_len;
|
| +
|
| + if ( cur >= limit )
|
| + {
|
| + FT_ERROR(( "T1_Get_Private_Dict:"
|
| + " premature end in private dictionary\n" ));
|
| + error = FT_THROW( Invalid_File_Format );
|
| + goto Exit;
|
| + }
|
| +
|
| goto Again;
|
|
|
| /* now determine where to write the _encrypted_ binary private */
|
| @@ -411,9 +426,11 @@
|
| /* fine that are violating this limitation, so we add a heuristic */
|
| /* test to stop at \r only if it is not used for EOL. */
|
|
|
| - pos_lf = ft_memchr( cur, '\n', limit - cur );
|
| - test_cr = FT_BOOL( !pos_lf ||
|
| - pos_lf > ft_memchr( cur, '\r', limit - cur ) );
|
| + pos_lf = ft_memchr( cur, '\n', (size_t)( limit - cur ) );
|
| + test_cr = FT_BOOL( !pos_lf ||
|
| + pos_lf > ft_memchr( cur,
|
| + '\r',
|
| + (size_t)( limit - cur ) ) );
|
|
|
| while ( cur < limit &&
|
| ( *cur == ' ' ||
|
| @@ -429,7 +446,7 @@
|
| goto Exit;
|
| }
|
|
|
| - size = (FT_ULong)( parser->base_len - ( cur - parser->base_dict ) );
|
| + size = parser->base_len - (FT_ULong)( cur - parser->base_dict );
|
|
|
| if ( parser->in_memory )
|
| {
|
| @@ -443,7 +460,7 @@
|
| parser->single_block = 1;
|
| parser->private_dict = parser->base_dict;
|
| parser->private_len = size;
|
| - parser->base_dict = 0;
|
| + parser->base_dict = NULL;
|
| parser->base_len = 0;
|
| }
|
|
|
| @@ -459,7 +476,7 @@
|
| ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) )
|
| {
|
| /* ASCII hexadecimal encoding */
|
| - FT_Long len;
|
| + FT_ULong len;
|
|
|
|
|
| parser->root.cursor = cur;
|
|
|
Chromium Code Reviews
Issue 1413673003:
Update bundled freetype to 2.6.1 (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master