1
From b1fc00d5dc0e89432c58367477b6d9d63b6b0be9 Mon Sep 17 00:00:00 2001
2
From: Werner Lemberg <wl@gnu.org>
3
Date: Fri, 21 Nov 2014 11:06:40 +0000
4
Subject: * src/pcf/pcfread.c (pcf_get_metrics): Sanitize invalid metrics.
7
Index: freetype-2.5.2/src/pcf/pcfread.c
8
===================================================================
9
--- freetype-2.5.2.orig/src/pcf/pcfread.c 2015-02-24 08:28:02.140557042 -0500
10
+++ freetype-2.5.2/src/pcf/pcfread.c 2015-02-24 08:28:02.136557016 -0500
12
return FT_THROW( Out_Of_Memory );
14
metrics = face->metrics;
15
- for ( i = 0; i < nmetrics; i++ )
16
+ for ( i = 0; i < nmetrics; i++, metrics++ )
18
- error = pcf_get_metric( stream, format, metrics + i );
19
+ error = pcf_get_metric( stream, format, metrics );
21
- metrics[i].bits = 0;
24
FT_TRACE5(( " idx %d: width=%d, "
25
"lsb=%d, rsb=%d, ascent=%d, descent=%d, swidth=%d\n",
27
- ( metrics + i )->characterWidth,
28
- ( metrics + i )->leftSideBearing,
29
- ( metrics + i )->rightSideBearing,
30
- ( metrics + i )->ascent,
31
- ( metrics + i )->descent,
32
- ( metrics + i )->attributes ));
33
+ metrics->characterWidth,
34
+ metrics->leftSideBearing,
35
+ metrics->rightSideBearing,
38
+ metrics->attributes ));
43
+ /* sanity checks -- those values are used in `PCF_Glyph_Load' to */
44
+ /* compute a glyph's bitmap dimensions, thus setting them to zero in */
45
+ /* case of an error disables this particular glyph only */
46
+ if ( metrics->rightSideBearing < metrics->leftSideBearing ||
47
+ metrics->ascent + metrics->descent < 0 )
49
+ metrics->characterWidth = 0;
50
+ metrics->leftSideBearing = 0;
51
+ metrics->rightSideBearing = 0;
52
+ metrics->ascent = 0;
53
+ metrics->descent = 0;
55
+ FT_TRACE0(( "pcf_get_metrics:"
56
+ " invalid metrics for glyph %d\n", i ));