Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-26 14:22:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[truetype] Improve error handling of `SHZ' bytecode instruction. r=stuart a=blocking-fennec

Browse Source 
From 0edf0986f3be570f5bf90ff245a85c1675f5c9a4 Mon Sep 17 00:00:00 2001
Date: Wed, 06 Oct 2010 09:52:27 +0000
Problem reported by Chris Evans <scarybeasts@gmail.com>.

* src/truetype/ttinterp.c (Ins_SHZ): Check `last_point'.
---
This commit is contained in:
Werner Lemberg 2010-11-18 16:36:22 -05:00
parent 9cac79f9b1
commit 69d701e60a
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/freetype2/ChangeLog
View File

@ -1,3 +1,10 @@
2010-10-06 Werner Lemberg <wl@gnu.org>
[truetype] Improve error handling of `SHZ' bytecode instruction.
Problem reported by Chris Evans <scarybeasts@gmail.com>.
* src/truetype/ttinterp.c (Ins_SHZ): Check `last_point'.
2010-10-03 Werner Lemberg <wl@gnu.org>
* Version 2.4.3 released.

9
modules/freetype2/src/truetype/ttinterp.c
View File

@ -5795,7 +5795,16 @@
if ( CUR.GS.gep2 == 0 && CUR.zp2.n_points > 0 )
last_point = (FT_UShort)( CUR.zp2.n_points - 1 );
else if ( CUR.GS.gep2 == 1 && CUR.zp2.n_contours > 0 )
{
last_point = (FT_UShort)( CUR.zp2.contours[CUR.zp2.n_contours - 1] );
if ( BOUNDS( last_point, CUR.zp2.n_points ) )
{
if ( CUR.pedantic_hinting )
CUR.error = TT_Err_Invalid_Reference;
return;
}
}
else
last_point = 0;