summaryrefslogtreecommitdiff
path: root/vcl
diff options
context:
space:
mode:
authorMichael Stahl <mstahl@redhat.com>2014-08-05 12:50:05 +0200
committerAndras Timar <andras.timar@collabora.com>2014-08-21 21:24:31 +0200
commit0177eaf4ec76e9915bb3a384d07d3a1c63c7a0a6 (patch)
tree75d00d26de6f9df41f070e1d54dde51633db718b /vcl
parent80b362946e8cb07d24fa85e0ffb67997ba7d358e (diff)
fdo#81516: vcl: limit number of CFFs read from font
(cherry picked from commit 45b0b47d114437198c9e0872d427576e6e7e6cc6) Conflicts: vcl/source/fontsubset/cff.cxx Change-Id: I9928b9805169a2dbb41be669dc37617b30bc672b Reviewed-on: https://gerrit.libreoffice.org/10752 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Miklos Vajna <vmiklos@collabora.co.uk>
Diffstat (limited to 'vcl')
-rw-r--r--vcl/source/fontsubset/cff.cxx20
1 files changed, 13 insertions, 7 deletions
diff --git a/vcl/source/fontsubset/cff.cxx b/vcl/source/fontsubset/cff.cxx
index 35b66794824b..476e458af956 100644
--- a/vcl/source/fontsubset/cff.cxx
+++ b/vcl/source/fontsubset/cff.cxx
@@ -369,7 +369,7 @@ public:
explicit CffSubsetterContext( const U8* pBasePtr, int nBaseLen);
virtual ~CffSubsetterContext( void);
- void initialCffRead( void);
+ bool initialCffRead();
bool emitAsType1( class Type1Emitter&,
const long* pGlyphIDs, const U8* pEncoding,
GlyphWidth* pGlyphWidths, int nGlyphCount, FontSubsetInfo& );
@@ -1569,9 +1569,7 @@ CffGlobal::CffGlobal( void)
// TODO; maFontMatrix.clear();
}
-// --------------------------------------------------------------------
-
-void CffSubsetterContext::initialCffRead( void)
+bool CffSubsetterContext::initialCffRead()
{
// get the CFFHeader
mpReadPtr = mpBasePtr;
@@ -1629,7 +1627,11 @@ void CffSubsetterContext::initialCffRead( void)
// assert( mnFontDictBase == tellRel());
mpReadPtr = mpBasePtr + mnFontDictBase;
mnFDAryCount = (mpReadPtr[0]<<8) + mpReadPtr[1];
- assert( mnFDAryCount < (int)(sizeof(maCffLocal)/sizeof(*maCffLocal)));
+ if (static_cast<size_t>(mnFDAryCount) >= SAL_N_ELEMENTS(maCffLocal))
+ {
+ SAL_INFO("vcl.fonts", "CffSubsetterContext: too many CFF in font");
+ return false;
+ }
// read FDArray details to get access to the PRIVDICTs
for( int i = 0; i < mnFDAryCount; ++i) {
@@ -1670,6 +1672,8 @@ void CffSubsetterContext::initialCffRead( void)
}
// ignore the Notices info
+
+ return true;
}
// --------------------------------------------------------------------
@@ -2340,14 +2344,16 @@ bool CffSubsetterContext::emitAsType1( Type1Emitter& rEmitter,
bool FontSubsetInfo::CreateFontSubsetFromCff( GlyphWidth* pOutGlyphWidths )
{
CffSubsetterContext aCff( mpInFontBytes, mnInByteLength);
- aCff.initialCffRead();
+ bool bRC = aCff.initialCffRead();
+ if (!bRC)
+ return bRC;
// emit Type1 subset from the CFF input
// TODO: also support CFF->CFF subsetting (when PDF-export and PS-printing need it)
const bool bPfbSubset = (0 != (mnReqFontTypeMask & FontSubsetInfo::TYPE1_PFB));
Type1Emitter aType1Emitter( mpOutFile, bPfbSubset);
aType1Emitter.setSubsetName( mpReqFontName);
- bool bRC = aCff.emitAsType1( aType1Emitter,
+ bRC = aCff.emitAsType1( aType1Emitter,
mpReqGlyphIds, mpReqEncodedIds,
pOutGlyphWidths, mnReqGlyphCount, *this);
return bRC;