From 0c349a032e5a52a9d0dcc8204f761b7cb28bfa6b Mon Sep 17 00:00:00 2001 From: Owen Taylor Date: Thu, 3 Mar 2005 19:38:02 +0000 Subject: [PATCH] For all binary searches, handle the case where the number of items is 0. 2005-03-03 Owen Taylor * pango/opentype/ftxopen.c (Coverage_Index1, Coverage_Index2, Get_Class2): For all binary searches, handle the case where the number of items is 0. (#162977, Nick Lamb) * pango/opentype/ftxgdef.c (TT_GDEF_Build_ClassDefinition): Handle the case where glyph_count == 0 properly. Fix a problem with cleanups on memory allocation failure. (Get_New_Count, Add_Glyph_Property): Avoid reading off the end of the ClassRangeRecord array. --- src/ftxgdef.c | 60 +++++++++++++++++++++++++++++++++++------------------------ src/ftxopen.c | 15 +++++++++++++++ 2 files changed, 51 insertions(+), 24 deletions(-) diff --git a/src/ftxgdef.c b/src/ftxgdef.c index 60ad581..7367be7 100644 --- a/src/ftxgdef.c +++ b/src/ftxgdef.c @@ -746,7 +746,7 @@ FT_UShort glyphID, FT_UShort index ) { - FT_UShort glyph_index, array_index; + FT_UShort glyph_index, array_index, count; FT_UShort byte, bits; TTO_ClassRangeRecord* gcrr; @@ -756,10 +756,11 @@ if ( glyphID >= gdef->LastGlyph ) return 0; + count = gdef->GlyphClassDef.cd.cd2.ClassRangeCount; gcrr = gdef->GlyphClassDef.cd.cd2.ClassRangeRecord; ngc = gdef->NewGlyphClasses; - if ( glyphID < gcrr[index].Start ) + if ( index < count && glyphID < gcrr[index].Start ) { array_index = index; if ( index == 0 ) @@ -999,7 +1000,7 @@ if ( ALLOC_ARRAY( gdef->NewGlyphClasses, gcd->cd.cd2.ClassRangeCount + 1, FT_UShort* ) ) - goto Fail2; + goto Fail3; count = gcd->cd.cd2.ClassRangeCount; gcrr = gcd->cd.cd2.ClassRangeRecord; @@ -1008,29 +1009,39 @@ /* We allocate arrays for all glyphs not covered by the class range records. Each element holds four class values. */ - if ( gcrr[0].Start ) + if ( count > 0 ) { - if ( ALLOC_ARRAY( ngc[0], ( gcrr[0].Start + 3 ) / 4, FT_UShort ) ) - goto Fail1; + if ( gcrr[0].Start ) + { + if ( ALLOC_ARRAY( ngc[0], ( gcrr[0].Start + 3 ) / 4, FT_UShort ) ) + goto Fail2; + } + + for ( n = 1; n < count; n++ ) + { + if ( gcrr[n].Start - gcrr[n - 1].End > 1 ) + if ( ALLOC_ARRAY( ngc[n], + ( gcrr[n].Start - gcrr[n - 1].End + 2 ) / 4, + FT_UShort ) ) + goto Fail1; + } + + if ( gcrr[count - 1].End != num_glyphs - 1 ) + { + if ( ALLOC_ARRAY( ngc[count], + ( num_glyphs - gcrr[count - 1].End + 2 ) / 4, + FT_UShort ) ) + goto Fail1; + } } - - for ( n = 1; n < count; n++ ) + else if ( num_glyphs > 0 ) { - if ( gcrr[n].Start - gcrr[n - 1].End > 1 ) - if ( ALLOC_ARRAY( ngc[n], - ( gcrr[n].Start - gcrr[n - 1].End + 2 ) / 4, - FT_UShort ) ) - goto Fail1; + if ( ALLOC_ARRAY( ngc[count], + ( num_glyphs + 3 ) / 4, + FT_UShort ) ) + goto Fail2; } - - if ( gcrr[count - 1].End != num_glyphs - 1 ) - { - if ( ALLOC_ARRAY( ngc[count], - ( num_glyphs - gcrr[count - 1].End + 2 ) / 4, - FT_UShort ) ) - goto Fail1; - } - + gdef->LastGlyph = num_glyphs - 1; gdef->MarkAttachClassDef_offset = 0L; @@ -1083,7 +1094,7 @@ FT_Error error; FT_UShort class, new_class, index; FT_UShort byte, bits, mask; - FT_UShort array_index, glyph_index; + FT_UShort array_index, glyph_index, count; TTO_ClassRangeRecord* gcrr; FT_UShort** ngc; @@ -1124,10 +1135,11 @@ return TT_Err_Invalid_Argument; } + count = gdef->GlyphClassDef.cd.cd2.ClassRangeCount; gcrr = gdef->GlyphClassDef.cd.cd2.ClassRangeRecord; ngc = gdef->NewGlyphClasses; - if ( glyphID < gcrr[index].Start ) + if ( index < count && glyphID < gcrr[index].Start ) { array_index = index; if ( index == 0 ) diff --git a/src/ftxopen.c b/src/ftxopen.c index f2ebf87..ea38216 100644 --- a/src/ftxopen.c +++ b/src/ftxopen.c @@ -940,6 +940,9 @@ /* binary search */ + if ( cf1->GlyphCount == 0 ) + return TTO_Err_Not_Covered; + new_min = 0; new_max = cf1->GlyphCount - 1; @@ -987,6 +990,9 @@ /* binary search */ + if ( cf2->RangeCount == 0 ) + return TTO_Err_Not_Covered; + new_min = 0; new_max = cf2->RangeCount - 1; @@ -1326,6 +1332,15 @@ /* binary search */ + if ( cdf2->ClassRangeCount == 0 ) + { + *class = 0; + if ( index ) + *index = 0; + + return TTO_Err_Not_Covered; + } + new_min = 0; new_max = cdf2->ClassRangeCount - 1; -- 2.7.4