Henri Verbeet : usp10: Validate positioning record sequence indices in GPOS_apply_ChainContextPos ().

Alexandre Julliard julliard at winehq.org
Wed Apr 19 14:49:38 CDT 2017 

Module: wine
Branch: master
Commit: 34a9400a89c4d1b8a46979432f3864e8065919fc
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=34a9400a89c4d1b8a46979432f3864e8065919fc

Author: Henri Verbeet <hverbeet at codeweavers.com>
Date:   Mon Apr 17 20:26:56 2017 +0200

usp10: Validate positioning record sequence indices in GPOS_apply_ChainContextPos().

The issue is somewhat theoretical, since in reasonbale fonts the indices
should always be valid, and in fact are fairly likely to be 0. On the other
hand, web fonts exist.

Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
Signed-off-by: Aric Stewart <aric at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/usp10/opentype.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
index a3346ef..f0417f1 100644
--- a/dlls/usp10/opentype.c
+++ b/dlls/usp10/opentype.c
@@ -2301,12 +2301,20 @@ static unsigned int GPOS_apply_ChainContextPos(const ScriptCache *script_cache,
 
             for (k = 0; k < positioning_count; ++k)
             {
-                WORD lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
-                WORD sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex) * write_dir;
+                unsigned int lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
+                unsigned int sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex);
+                unsigned int g = glyph_index + write_dir * sequence_index;
+
+                if (g >= glyph_count)
+                {
+                    WARN("Skipping invalid sequence index %u (glyph index %u, write dir %d).\n",
+                            sequence_index, glyph_index, write_dir);
+                    continue;
+                }
 
                 TRACE("Position: %u -> %u %u.\n", k, sequence_index, lookup_index);
                 GPOS_apply_lookup(script_cache, otm, logfont, analysis, advance, lookup, lookup_index,
-                        glyphs, glyph_index + sequence_index, glyph_count, goffset);
+                        glyphs, g, glyph_count, goffset);
             }
             return input_count + lookahead_count;
         }

More information about the wine-cvs mailing list