diff options
| author | Michael Stahl <mstahl@redhat.com> | 2014-08-05 12:50:05 +0200 |
|---|---|---|
| committer | Andras Timar <andras.timar@collabora.com> | 2014-08-21 21:24:31 +0200 |
| commit | 0177eaf4ec76e9915bb3a384d07d3a1c63c7a0a6 (patch) | |
| tree | 75d00d26de6f9df41f070e1d54dde51633db718b | |
| parent | 80b362946e8cb07d24fa85e0ffb67997ba7d358e (diff) | |
fdo#81516: vcl: limit number of CFFs read from font
(cherry picked from commit 45b0b47d114437198c9e0872d427576e6e7e6cc6)
Conflicts:
vcl/source/fontsubset/cff.cxx
Change-Id: I9928b9805169a2dbb41be669dc37617b30bc672b
Reviewed-on: https://gerrit.libreoffice.org/10752
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
| -rw-r--r-- | vcl/source/fontsubset/cff.cxx | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/vcl/source/fontsubset/cff.cxx b/vcl/source/fontsubset/cff.cxx index 35b66794824b..476e458af956 100644 --- a/vcl/source/fontsubset/cff.cxx +++ b/vcl/source/fontsubset/cff.cxx @@ -369,7 +369,7 @@ public: explicit CffSubsetterContext( const U8* pBasePtr, int nBaseLen); virtual ~CffSubsetterContext( void); - void initialCffRead( void); + bool initialCffRead(); bool emitAsType1( class Type1Emitter&, const long* pGlyphIDs, const U8* pEncoding, GlyphWidth* pGlyphWidths, int nGlyphCount, FontSubsetInfo& ); @@ -1569,9 +1569,7 @@ CffGlobal::CffGlobal( void) // TODO; maFontMatrix.clear(); } -// -------------------------------------------------------------------- - -void CffSubsetterContext::initialCffRead( void) +bool CffSubsetterContext::initialCffRead() { // get the CFFHeader mpReadPtr = mpBasePtr; @@ -1629,7 +1627,11 @@ void CffSubsetterContext::initialCffRead( void) // assert( mnFontDictBase == tellRel()); mpReadPtr = mpBasePtr + mnFontDictBase; mnFDAryCount = (mpReadPtr[0]<<8) + mpReadPtr[1]; - assert( mnFDAryCount < (int)(sizeof(maCffLocal)/sizeof(*maCffLocal))); + if (static_cast<size_t>(mnFDAryCount) >= SAL_N_ELEMENTS(maCffLocal)) + { + SAL_INFO("vcl.fonts", "CffSubsetterContext: too many CFF in font"); + return false; + } // read FDArray details to get access to the PRIVDICTs for( int i = 0; i < mnFDAryCount; ++i) { @@ -1670,6 +1672,8 @@ void CffSubsetterContext::initialCffRead( void) } // ignore the Notices info + + return true; } // -------------------------------------------------------------------- @@ -2340,14 +2344,16 @@ bool CffSubsetterContext::emitAsType1( Type1Emitter& rEmitter, bool FontSubsetInfo::CreateFontSubsetFromCff( GlyphWidth* pOutGlyphWidths ) { CffSubsetterContext aCff( mpInFontBytes, mnInByteLength); - aCff.initialCffRead(); + bool bRC = aCff.initialCffRead(); + if (!bRC) + return bRC; // emit Type1 subset from the CFF input // TODO: also support CFF->CFF subsetting (when PDF-export and PS-printing need it) const bool bPfbSubset = (0 != (mnReqFontTypeMask & FontSubsetInfo::TYPE1_PFB)); Type1Emitter aType1Emitter( mpOutFile, bPfbSubset); aType1Emitter.setSubsetName( mpReqFontName); - bool bRC = aCff.emitAsType1( aType1Emitter, + bRC = aCff.emitAsType1( aType1Emitter, mpReqGlyphIds, mpReqEncodedIds, pOutGlyphWidths, mnReqGlyphCount, *this); return bRC; |