Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(72)

Unified Diff: third_party/freetype/src/type1/t1parse.c

Issue 1416993005: Merge to XFA: Update bundled freetype to 2.6.1 (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@xfa
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/freetype/src/type1/t1parse.h ('k') | third_party/freetype/src/type1/t1tokens.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/freetype/src/type1/t1parse.c
diff --git a/third_party/freetype/src/type1/t1parse.c b/third_party/freetype/src/type1/t1parse.c
index ccf9f4cc560e58368956d0dea6c54ea016a39270..0b685026067910bcf7fb45e4bfe3d13c9fe36be8 100644
--- a/third_party/freetype/src/type1/t1parse.c
+++ b/third_party/freetype/src/type1/t1parse.c
@@ -4,7 +4,7 @@
/* */
/* Type 1 parser (body). */
/* */
-/* Copyright 1996-2005, 2008, 2009, 2012-2014 by */
+/* Copyright 1996-2015 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -143,13 +143,13 @@
FT_ULong size;
- psaux->ps_parser_funcs->init( &parser->root, 0, 0, memory );
+ psaux->ps_parser_funcs->init( &parser->root, NULL, NULL, memory );
parser->stream = stream;
parser->base_len = 0;
- parser->base_dict = 0;
+ parser->base_dict = NULL;
parser->private_len = 0;
- parser->private_dict = 0;
+ parser->private_dict = NULL;
parser->in_pfb = 0;
parser->in_memory = 0;
parser->single_block = 0;
@@ -273,7 +273,7 @@
/* made of several segments. We thus first read the number of */
/* segments to compute the total size of the private dictionary */
/* then re-read them into memory. */
- FT_Long start_pos = FT_STREAM_POS();
+ FT_ULong start_pos = FT_STREAM_POS();
FT_UShort tag;
@@ -334,7 +334,6 @@
/* first of all, look at the `eexec' keyword */
FT_Byte* cur = parser->base_dict;
FT_Byte* limit = cur + parser->base_len;
- FT_Byte c;
FT_Pointer pos_lf;
FT_Bool test_cr;
@@ -342,9 +341,9 @@
Again:
for (;;)
{
- c = cur[0];
- if ( c == 'e' && cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */
- /* whitespace + 4 chars */
+ if ( cur[0] == 'e' &&
+ cur + 9 < limit ) /* 9 = 5 letters for `eexec' + */
+ /* whitespace + 4 chars */
{
if ( cur[1] == 'e' &&
cur[2] == 'x' &&
@@ -374,8 +373,15 @@
while ( cur < limit )
{
- if ( *cur == 'e' && ft_strncmp( (char*)cur, "eexec", 5 ) == 0 )
- goto Found;
+ if ( cur[0] == 'e' &&
+ cur + 5 < limit )
+ {
+ if ( cur[1] == 'e' &&
+ cur[2] == 'x' &&
+ cur[3] == 'e' &&
+ cur[4] == 'c' )
+ goto Found;
+ }
T1_Skip_PS_Token( parser );
if ( parser->root.error )
@@ -389,6 +395,15 @@
cur = limit;
limit = parser->base_dict + parser->base_len;
+
+ if ( cur >= limit )
+ {
+ FT_ERROR(( "T1_Get_Private_Dict:"
+ " premature end in private dictionary\n" ));
+ error = FT_THROW( Invalid_File_Format );
+ goto Exit;
+ }
+
goto Again;
/* now determine where to write the _encrypted_ binary private */
@@ -411,9 +426,11 @@
/* fine that are violating this limitation, so we add a heuristic */
/* test to stop at \r only if it is not used for EOL. */
- pos_lf = ft_memchr( cur, '\n', limit - cur );
- test_cr = FT_BOOL( !pos_lf ||
- pos_lf > ft_memchr( cur, '\r', limit - cur ) );
+ pos_lf = ft_memchr( cur, '\n', (size_t)( limit - cur ) );
+ test_cr = FT_BOOL( !pos_lf ||
+ pos_lf > ft_memchr( cur,
+ '\r',
+ (size_t)( limit - cur ) ) );
while ( cur < limit &&
( *cur == ' ' ||
@@ -429,7 +446,7 @@
goto Exit;
}
- size = (FT_ULong)( parser->base_len - ( cur - parser->base_dict ) );
+ size = parser->base_len - (FT_ULong)( cur - parser->base_dict );
if ( parser->in_memory )
{
@@ -443,7 +460,7 @@
parser->single_block = 1;
parser->private_dict = parser->base_dict;
parser->private_len = size;
- parser->base_dict = 0;
+ parser->base_dict = NULL;
parser->base_len = 0;
}
@@ -459,7 +476,7 @@
ft_isxdigit( cur[2] ) && ft_isxdigit( cur[3] ) )
{
/* ASCII hexadecimal encoding */
- FT_Long len;
+ FT_ULong len;
parser->root.cursor = cur;
« no previous file with comments | « third_party/freetype/src/type1/t1parse.h ('k') | third_party/freetype/src/type1/t1tokens.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698