| Index: third_party/freetype/src/psaux/psconv.c
|
| diff --git a/core/src/fxge/fx_freetype/fxft2.5.01/src/psaux/psconv.c b/third_party/freetype/src/psaux/psconv.c
|
| similarity index 84%
|
| rename from core/src/fxge/fx_freetype/fxft2.5.01/src/psaux/psconv.c
|
| rename to third_party/freetype/src/psaux/psconv.c
|
| index c13d41b6a894e1538d40a0497d705c9feb2e7767..7792a62947b67a6b62aec3bb53181f3436681905 100644
|
| --- a/core/src/fxge/fx_freetype/fxft2.5.01/src/psaux/psconv.c
|
| +++ b/third_party/freetype/src/psaux/psconv.c
|
| @@ -16,9 +16,9 @@
|
| /***************************************************************************/
|
|
|
|
|
| -#include "../../include/ft2build.h"
|
| -#include "../../include/freetype/internal/psaux.h"
|
| -#include "../../include/freetype/internal/ftdebug.h"
|
| +#include <ft2build.h>
|
| +#include FT_INTERNAL_POSTSCRIPT_AUX_H
|
| +#include FT_INTERNAL_DEBUG_H
|
|
|
| #include "psconv.h"
|
| #include "psauxerr.h"
|
| @@ -195,24 +195,16 @@
|
| {
|
| FT_Byte* p = *cursor;
|
| FT_Byte* curp;
|
| - // Fix the Vulnerability Report FoxIT Reader - MSVR-10-0077.
|
| - // We must use 64-bit integer to avoid overflow. If there is some 64-bit integer support.
|
| - // Since some platform doesn't support 64-bit integer, then use integer instead.
|
| -#if defined(FT_INT64)
|
| - FT_INT64 integral = 0;
|
| - FT_INT64 decimal = 0;
|
| -#else
|
| - FT_Long integral = 0;
|
| - FT_Long decimal = 0;
|
| - FT_Int temp0 = 65536;
|
| - FT_Int temp1 = power_ten;
|
| -#endif
|
| - FT_Long divider = 1;
|
| -
|
| - FT_Bool sign = 0;
|
| +
|
| + FT_Fixed integral = 0;
|
| + FT_Long decimal = 0;
|
| + FT_Long divider = 1;
|
| +
|
| + FT_Bool sign = 0;
|
| FT_Bool have_overflow = 0;
|
| FT_Bool have_underflow = 0;
|
|
|
| +
|
| if ( p >= limit )
|
| goto Bad;
|
|
|
| @@ -229,25 +221,15 @@
|
| if ( *p != '.' )
|
| {
|
| curp = p;
|
| + integral = PS_Conv_ToInt( &p, limit );
|
|
|
| - // Fix the Vulnerability Report FoxIT Reader - MSVR-10-0077.
|
| - // Limited to the fix-point mechanism, we have no choice now to crop the value domain.
|
| - // Do accurate overflow check if FT_INT64 supported, otherwise vague check.
|
| -#if defined(FT_INT64)
|
| - integral = ((FT_INT64)PS_Conv_ToInt( &p, limit )) << 16;
|
| -#else
|
| - // We use 'power_ten' and 2^16 to compute the coefficient.
|
| - //while ( temp1 > 0 ) { temp0 *= 10; temp1 --; }
|
| - //while ( temp1 < 0 ) { temp0 /= 10; temp1 ++; }
|
| -
|
| - integral = PS_Conv_ToInt( &p, limit );
|
| - if ( p == curp )
|
| - return 0;
|
| - if ( integral > 0x7FFF )
|
| - have_overflow = 1;
|
| - else
|
| - integral = integral << 16;
|
| -#endif
|
| + if ( p == curp )
|
| + return 0;
|
| +
|
| + if ( integral > 0x7FFF )
|
| + have_overflow = 1;
|
| + else
|
| + integral = (FT_Fixed)( (FT_UInt32)integral << 16 );
|
| }
|
|
|
| /* read the decimal part */
|
| @@ -268,7 +250,8 @@
|
| if ( c < 0 || c >= 10 )
|
| break;
|
|
|
| - if ( decimal < 0xCCCCCCCL )
|
| + /* only add digit if we don't overflow */
|
| + if ( divider < 0xCCCCCCCL && decimal < 0xCCCCCCCL )
|
| {
|
| decimal = decimal * 10 + c;
|
|
|
| @@ -345,27 +328,19 @@
|
| power_ten++;
|
| }
|
|
|
| -// Fix the Vulnerability Report FoxIT Reader - MSVR-10-0077.
|
| - // Limited to the fix-point mechanism, we have no choice now to crop the value domain.
|
| - // Do accurate overflow check if FT_INT64 supported, otherwise ignore the check at this moment.
|
| - // Since there is also a check using divider < 10000000L.
|
| -#if defined(FT_INT64)
|
| - if ( decimal ) {
|
| - integral += FT_DivFix( (FT_Long)decimal, divider );
|
| - }
|
| - if ( integral > 2147483647) integral = 2147483647;
|
| -#else
|
| - if ( decimal ) {
|
| - integral += FT_DivFix( decimal, divider );
|
| - }
|
| -#endif
|
| -
|
| + if ( decimal )
|
| + {
|
| + decimal = FT_DivFix( decimal, divider );
|
| + /* it's not necessary to check this addition for overflow */
|
| + /* due to the structure of the real number representation */
|
| + integral += decimal;
|
| + }
|
|
|
| Exit:
|
| if ( sign )
|
| integral = -integral;
|
|
|
| - return (FT_Long)integral;
|
| + return integral;
|
|
|
| Bad:
|
| FT_TRACE4(( "!!!END OF DATA:!!!" ));
|
| @@ -624,18 +599,5 @@
|
| return r;
|
| }
|
|
|
| -FT_LOCAL_DEF( FT_Bool )
|
| - xyq_PS_Conv_ToInt( FT_Byte** cursor,
|
| - FT_Byte* limit, FT_Long* val )
|
| -
|
| - {
|
| - FT_Byte first_char = **cursor;
|
| - if (first_char == '+' || first_char == '-' || (first_char >= '0' && first_char <= '9')) {
|
| - *val = PS_Conv_ToInt(cursor, limit);
|
| - return 1;
|
| - }
|
| - return 0;
|
| - }
|
|
|
| /* END */
|
| -
|
|
|
Chromium Code Reviews
Issue 815103002:
Update freetype to 2.5.4. (Closed)
Base URL: https://pdfium.googlesource.com/pdfium.git@master