From cec3f6878e37fcd1c6c15e0e2ab011931d55549e Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Thu, 5 Nov 2015 16:00:40 -0800 Subject: Merge to XFA: Update bundled freetype to 2.6.1 Also adds a README.pdfium and 0000-include.patch that details the local modifications made. Also rolls testing/corpus to 45f88c6914fcac26ad930bb0ebbfa468c21db0a5 which includes regenerated corpus expectations. R=thestig@chromium.org Review URL: https://codereview.chromium.org/1413673003 . (cherry picked from commit 87ee069d05ca06f60d6cfacd9e426739d8f2053d) Review URL: https://codereview.chromium.org/1416993005 . --- third_party/freetype/src/base/ftrfork.c | 67 ++++++++++++++++++++------------- 1 file changed, 40 insertions(+), 27 deletions(-) (limited to 'third_party/freetype/src/base/ftrfork.c') diff --git a/third_party/freetype/src/base/ftrfork.c b/third_party/freetype/src/base/ftrfork.c index 5352970389..c30c76678e 100644 --- a/third_party/freetype/src/base/ftrfork.c +++ b/third_party/freetype/src/base/ftrfork.c @@ -4,7 +4,7 @@ /* */ /* Embedded resource forks accessor (body). */ /* */ -/* Copyright 2004-2010, 2013, 2014 by */ +/* Copyright 2004-2015 by */ /* Masatake YAMATO and Redhat K.K. */ /* */ /* FT_Raccess_Get_HeaderInfo() and raccess_guess_darwin_hfsplus() are */ @@ -63,7 +63,7 @@ FT_UNUSED( library ); - error = FT_Stream_Seek( stream, rfork_offset ); + error = FT_Stream_Seek( stream, (FT_ULong)rfork_offset ); if ( error ) return error; @@ -71,25 +71,36 @@ if ( error ) return error; - *rdata_pos = rfork_offset + ( ( head[0] << 24 ) | - ( head[1] << 16 ) | - ( head[2] << 8 ) | - head[3] ); - map_pos = rfork_offset + ( ( head[4] << 24 ) | - ( head[5] << 16 ) | - ( head[6] << 8 ) | - head[7] ); - rdata_len = ( head[ 8] << 24 ) | - ( head[ 9] << 16 ) | - ( head[10] << 8 ) | - head[11]; + /* ensure positive values */ + if ( head[0] >= 0x80 || head[4] >= 0x80 || head[8] >= 0x80 ) + return FT_THROW( Unknown_File_Format ); + + *rdata_pos = ( head[ 0] << 24 ) | + ( head[ 1] << 16 ) | + ( head[ 2] << 8 ) | + head[ 3]; + map_pos = ( head[ 4] << 24 ) | + ( head[ 5] << 16 ) | + ( head[ 6] << 8 ) | + head[ 7]; + rdata_len = ( head[ 8] << 24 ) | + ( head[ 9] << 16 ) | + ( head[10] << 8 ) | + head[11]; /* map_len = head[12] .. head[15] */ - if ( *rdata_pos + rdata_len != map_pos || map_pos == rfork_offset ) + if ( *rdata_pos != map_pos - rdata_len || map_pos == 0 ) return FT_THROW( Unknown_File_Format ); - error = FT_Stream_Seek( stream, map_pos ); + if ( FT_LONG_MAX - rfork_offset < *rdata_pos || + FT_LONG_MAX - rfork_offset < map_pos ) + return FT_THROW( Unknown_File_Format ); + + *rdata_pos += rfork_offset; + map_pos += rfork_offset; + + error = FT_Stream_Seek( stream, (FT_ULong)map_pos ); if ( error ) return error; @@ -124,7 +135,7 @@ if ( type_list == -1 ) return FT_THROW( Unknown_File_Format ); - error = FT_Stream_Seek( stream, map_pos + type_list ); + error = FT_Stream_Seek( stream, (FT_ULong)( map_pos + type_list ) ); if ( error ) return error; @@ -166,7 +177,7 @@ FT_TRACE3(( "\n" )); - error = FT_Stream_Seek( stream, map_offset ); + error = FT_Stream_Seek( stream, (FT_ULong)map_offset ); if ( error ) return error; @@ -182,10 +193,10 @@ return error; FT_TRACE2(( "Resource tags: %c%c%c%c\n", - (char)( 0xff & ( tag_internal >> 24 ) ), - (char)( 0xff & ( tag_internal >> 16 ) ), - (char)( 0xff & ( tag_internal >> 8 ) ), - (char)( 0xff & ( tag_internal >> 0 ) ) )); + (char)( 0xFF & ( tag_internal >> 24 ) ), + (char)( 0xFF & ( tag_internal >> 16 ) ), + (char)( 0xFF & ( tag_internal >> 8 ) ), + (char)( 0xFF & ( tag_internal >> 0 ) ) )); FT_TRACE3(( " : subcount=%d, suboffset=0x%04x\n", subcnt, rpos )); @@ -194,7 +205,7 @@ *count = subcnt + 1; rpos += map_offset; - error = FT_Stream_Seek( stream, rpos ); + error = FT_Stream_Seek( stream, (FT_ULong)rpos ); if ( error ) return error; @@ -220,7 +231,7 @@ if (sort_by_res_id) { - ft_qsort( ref, *count, sizeof ( FT_RFork_Ref ), + ft_qsort( ref, (size_t)*count, sizeof ( FT_RFork_Ref ), ( int(*)(const void*, const void*) ) ft_raccess_sort_ref_by_id ); @@ -713,9 +724,9 @@ FT_UShort n_of_entries; int i; - FT_UInt32 entry_id, entry_offset, entry_length = 0; + FT_Int32 entry_id, entry_offset, entry_length = 0; - const FT_UInt32 resource_fork_entry_id = 0x2; + const FT_Int32 resource_fork_entry_id = 0x2; FT_UNUSED( library ); FT_UNUSED( base_file_name ); @@ -813,7 +824,9 @@ tmp = ft_strrchr( original_name, '/' ); if ( tmp ) { - ft_strncpy( new_name, original_name, tmp - original_name + 1 ); + ft_strncpy( new_name, + original_name, + (size_t)( tmp - original_name + 1 ) ); new_name[tmp - original_name + 1] = '\0'; slash = tmp + 1; } -- cgit v1.2.3