OLD | NEW |
1 /***************************************************************************/ | 1 /***************************************************************************/ |
2 /* */ | 2 /* */ |
3 /* psconv.c */ | 3 /* psconv.c */ |
4 /* */ | 4 /* */ |
5 /* Some convenience conversions (body). */ | 5 /* Some convenience conversions (body). */ |
6 /* */ | 6 /* */ |
7 /* Copyright 2006, 2008, 2009, 2012-2013 by */ | 7 /* Copyright 2006, 2008, 2009, 2012-2013 by */ |
8 /* David Turner, Robert Wilhelm, and Werner Lemberg. */ | 8 /* David Turner, Robert Wilhelm, and Werner Lemberg. */ |
9 /* */ | 9 /* */ |
10 /* This file is part of the FreeType project, and may only be used, */ | 10 /* This file is part of the FreeType project, and may only be used, */ |
11 /* modified, and distributed under the terms of the FreeType project */ | 11 /* modified, and distributed under the terms of the FreeType project */ |
12 /* license, LICENSE.TXT. By continuing to use, modify, or distribute */ | 12 /* license, LICENSE.TXT. By continuing to use, modify, or distribute */ |
13 /* this file you indicate that you have read the license and */ | 13 /* this file you indicate that you have read the license and */ |
14 /* understand and accept it fully. */ | 14 /* understand and accept it fully. */ |
15 /* */ | 15 /* */ |
16 /***************************************************************************/ | 16 /***************************************************************************/ |
17 | 17 |
18 | 18 |
19 #include "../../include/ft2build.h" | 19 #include <ft2build.h> |
20 #include "../../include/freetype/internal/psaux.h" | 20 #include FT_INTERNAL_POSTSCRIPT_AUX_H |
21 #include "../../include/freetype/internal/ftdebug.h" | 21 #include FT_INTERNAL_DEBUG_H |
22 | 22 |
23 #include "psconv.h" | 23 #include "psconv.h" |
24 #include "psauxerr.h" | 24 #include "psauxerr.h" |
25 | 25 |
26 | 26 |
27 /*************************************************************************/ | 27 /*************************************************************************/ |
28 /* */ | 28 /* */ |
29 /* The macro FT_COMPONENT is used in trace mode. It is an implicit */ | 29 /* The macro FT_COMPONENT is used in trace mode. It is an implicit */ |
30 /* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log */ | 30 /* parameter of the FT_TRACE() and FT_ERROR() macros, used to print/log */ |
31 /* messages during execution. */ | 31 /* messages during execution. */ |
(...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
188 } | 188 } |
189 | 189 |
190 | 190 |
191 FT_LOCAL_DEF( FT_Fixed ) | 191 FT_LOCAL_DEF( FT_Fixed ) |
192 PS_Conv_ToFixed( FT_Byte** cursor, | 192 PS_Conv_ToFixed( FT_Byte** cursor, |
193 FT_Byte* limit, | 193 FT_Byte* limit, |
194 FT_Long power_ten ) | 194 FT_Long power_ten ) |
195 { | 195 { |
196 FT_Byte* p = *cursor; | 196 FT_Byte* p = *cursor; |
197 FT_Byte* curp; | 197 FT_Byte* curp; |
198 // Fix the Vulnerability Report FoxIT Reader - MSVR-10-0077. | |
199 // We must use 64-bit integer to avoid overflow. If there is some 64-bit
integer support. | |
200 // Since some platform doesn't support 64-bit integer, then use integer
instead. | |
201 #if defined(FT_INT64) | |
202 FT_INT64 integral = 0; | |
203 FT_INT64 decimal = 0; | |
204 #else | |
205 FT_Long integral = 0; | |
206 FT_Long decimal = 0; | |
207 FT_Int temp0 = 65536; | |
208 FT_Int temp1 = power_ten; | |
209 #endif | |
210 FT_Long divider = 1; | |
211 | 198 |
212 » FT_Bool sign = 0; | 199 FT_Fixed integral = 0; |
| 200 FT_Long decimal = 0; |
| 201 FT_Long divider = 1; |
| 202 |
| 203 FT_Bool sign = 0; |
213 FT_Bool have_overflow = 0; | 204 FT_Bool have_overflow = 0; |
214 FT_Bool have_underflow = 0; | 205 FT_Bool have_underflow = 0; |
215 | 206 |
| 207 |
216 if ( p >= limit ) | 208 if ( p >= limit ) |
217 goto Bad; | 209 goto Bad; |
218 | 210 |
219 if ( *p == '-' || *p == '+' ) | 211 if ( *p == '-' || *p == '+' ) |
220 { | 212 { |
221 sign = FT_BOOL( *p == '-' ); | 213 sign = FT_BOOL( *p == '-' ); |
222 | 214 |
223 p++; | 215 p++; |
224 if ( p == limit ) | 216 if ( p == limit ) |
225 goto Bad; | 217 goto Bad; |
226 } | 218 } |
227 | 219 |
228 /* read the integer part */ | 220 /* read the integer part */ |
229 if ( *p != '.' ) | 221 if ( *p != '.' ) |
230 { | 222 { |
231 curp = p; | 223 curp = p; |
| 224 integral = PS_Conv_ToInt( &p, limit ); |
232 | 225 |
233 » » // Fix the Vulnerability Report FoxIT Reader - MSVR-10-0077. | 226 if ( p == curp ) |
234 » » // Limited to the fix-point mechanism, we have no choice now to
crop the value domain. | 227 return 0; |
235 » » // Do accurate overflow check if FT_INT64 supported, otherwise v
ague check. | 228 |
236 #if defined(FT_INT64) | 229 if ( integral > 0x7FFF ) |
237 » » integral = ((FT_INT64)PS_Conv_ToInt( &p, limit )) << 16; | 230 have_overflow = 1; |
238 #else | 231 else |
239 » » // We use 'power_ten' and 2^16 to compute the coefficient. | 232 integral = (FT_Fixed)( (FT_UInt32)integral << 16 ); |
240 » » //while ( temp1 > 0 ) { temp0 *= 10; temp1 --; } | |
241 » » //while ( temp1 < 0 ) { temp0 /= 10; temp1 ++; } | |
242 » » | |
243 » » integral = PS_Conv_ToInt( &p, limit ); | |
244 » » if ( p == curp ) | |
245 » » » return 0; | |
246 » » if ( integral > 0x7FFF ) | |
247 » » » have_overflow = 1; | |
248 » » else | |
249 » » » integral = integral << 16; | |
250 #endif | |
251 } | 233 } |
252 | 234 |
253 /* read the decimal part */ | 235 /* read the decimal part */ |
254 if ( p < limit && *p == '.' ) | 236 if ( p < limit && *p == '.' ) |
255 { | 237 { |
256 p++; | 238 p++; |
257 | 239 |
258 for ( ; p < limit; p++ ) | 240 for ( ; p < limit; p++ ) |
259 { | 241 { |
260 FT_Char c; | 242 FT_Char c; |
261 | 243 |
262 | 244 |
263 if ( IS_PS_SPACE( *p ) || *p OP 0x80 ) | 245 if ( IS_PS_SPACE( *p ) || *p OP 0x80 ) |
264 break; | 246 break; |
265 | 247 |
266 c = ft_char_table[*p & 0x7f]; | 248 c = ft_char_table[*p & 0x7f]; |
267 | 249 |
268 if ( c < 0 || c >= 10 ) | 250 if ( c < 0 || c >= 10 ) |
269 break; | 251 break; |
270 | 252 |
271 if ( decimal < 0xCCCCCCCL ) | 253 /* only add digit if we don't overflow */ |
| 254 if ( divider < 0xCCCCCCCL && decimal < 0xCCCCCCCL ) |
272 { | 255 { |
273 decimal = decimal * 10 + c; | 256 decimal = decimal * 10 + c; |
274 | 257 |
275 if ( !integral && power_ten > 0 ) | 258 if ( !integral && power_ten > 0 ) |
276 power_ten--; | 259 power_ten--; |
277 else | 260 else |
278 divider *= 10; | 261 divider *= 10; |
279 } | 262 } |
280 } | 263 } |
281 } | 264 } |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
338 divider *= 10; | 321 divider *= 10; |
339 else | 322 else |
340 decimal /= 10; | 323 decimal /= 10; |
341 | 324 |
342 if ( !integral && !decimal ) | 325 if ( !integral && !decimal ) |
343 goto Underflow; | 326 goto Underflow; |
344 | 327 |
345 power_ten++; | 328 power_ten++; |
346 } | 329 } |
347 | 330 |
348 // Fix the Vulnerability Report FoxIT Reader - MSVR-10-0077. | 331 if ( decimal ) |
349 » // Limited to the fix-point mechanism, we have no choice now to crop the
value domain. | 332 { |
350 » // Do accurate overflow check if FT_INT64 supported, otherwise ignore th
e check at this moment. | 333 decimal = FT_DivFix( decimal, divider ); |
351 » // Since there is also a check using divider < 10000000L. | 334 /* it's not necessary to check this addition for overflow */ |
352 #if defined(FT_INT64) | 335 /* due to the structure of the real number representation */ |
353 if ( decimal ) { | 336 integral += decimal; |
354 » » integral += FT_DivFix( (FT_Long)decimal, divider ); | 337 } |
355 » } | |
356 » if ( integral > 2147483647) integral = 2147483647; | |
357 #else | |
358 » if ( decimal ) { | |
359 » » integral += FT_DivFix( decimal, divider ); | |
360 » } | |
361 #endif | |
362 | |
363 | 338 |
364 Exit: | 339 Exit: |
365 if ( sign ) | 340 if ( sign ) |
366 integral = -integral; | 341 integral = -integral; |
367 | 342 |
368 return (FT_Long)integral; | 343 return integral; |
369 | 344 |
370 Bad: | 345 Bad: |
371 FT_TRACE4(( "!!!END OF DATA:!!!" )); | 346 FT_TRACE4(( "!!!END OF DATA:!!!" )); |
372 return 0; | 347 return 0; |
373 | 348 |
374 Overflow: | 349 Overflow: |
375 integral = 0x7FFFFFFFL; | 350 integral = 0x7FFFFFFFL; |
376 FT_TRACE4(( "!!!OVERFLOW:!!!" )); | 351 FT_TRACE4(( "!!!OVERFLOW:!!!" )); |
377 goto Exit; | 352 goto Exit; |
378 | 353 |
(...skipping 238 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
617 *buffer++ = b; | 592 *buffer++ = b; |
618 } | 593 } |
619 *cursor = p; | 594 *cursor = p; |
620 *seed = s; | 595 *seed = s; |
621 | 596 |
622 #endif /* 0 */ | 597 #endif /* 0 */ |
623 | 598 |
624 return r; | 599 return r; |
625 } | 600 } |
626 | 601 |
627 FT_LOCAL_DEF( FT_Bool ) | |
628 xyq_PS_Conv_ToInt( FT_Byte** cursor, | |
629 FT_Byte* limit, FT_Long* val ) | |
630 | |
631 { | |
632 FT_Byte first_char = **cursor; | |
633 if (first_char == '+' || first_char == '-' || (first_char >= '0' && fi
rst_char <= '9')) { | |
634 *val = PS_Conv_ToInt(cursor, limit); | |
635 return 1; | |
636 } | |
637 return 0; | |
638 } | |
639 | 602 |
640 /* END */ | 603 /* END */ |
641 | |
OLD | NEW |