Henri Verbeet : usp10: Validate substition record sequence indices in GSUB_apply_ContextSubst().
Alexandre Julliard
julliard at winehq.org
Fri Apr 21 15:18:16 CDT 2017
Module: wine
Branch: master
Commit: 30e8768d00fb3a93f2c4cb5ca5773f2ab78bb396
URL: http://source.winehq.org/git/wine.git/?a=commit;h=30e8768d00fb3a93f2c4cb5ca5773f2ab78bb396
Author: Henri Verbeet <hverbeet at codeweavers.com>
Date: Fri Apr 21 00:57:14 2017 +0200
usp10: Validate substition record sequence indices in GSUB_apply_ContextSubst().
Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
Signed-off-by: Aric Stewart <aric at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/usp10/opentype.c | 32 ++++++++++++++++++++++++--------
1 file changed, 24 insertions(+), 8 deletions(-)
diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
index 307b6a9..0351f4f 100644
--- a/dlls/usp10/opentype.c
+++ b/dlls/usp10/opentype.c
@@ -1125,11 +1125,19 @@ static INT GSUB_apply_ContextSubst(const OT_LookupList* lookup, const OT_LookupT
for (l = 0; l < GET_BE_WORD(sr->SubstCount); l++)
{
- int lookupIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
- int SequenceIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex) * write_dir;
+ unsigned int lookup_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
+ unsigned int sequence_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex);
- TRACE(" SUBST: %i -> %i %i\n",l, SequenceIndex, lookupIndex);
- newIndex = GSUB_apply_lookup(lookup, lookupIndex, glyphs, glyph_index + SequenceIndex, write_dir, glyph_count);
+ g = glyph_index + write_dir * sequence_index;
+ if (g >= *glyph_count)
+ {
+ WARN("Invalid sequence index %u (glyph index %u, write dir %d).\n",
+ sequence_index, glyph_index, write_dir);
+ continue;
+ }
+
+ TRACE(" SUBST: %u -> %u %u.\n", l, sequence_index, lookup_index);
+ newIndex = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count);
if (newIndex == GSUB_E_NOGLYPH)
{
ERR(" Chain failed to generate a glyph\n");
@@ -1204,11 +1212,19 @@ static INT GSUB_apply_ContextSubst(const OT_LookupList* lookup, const OT_LookupT
for (l = 0; l < GET_BE_WORD(sr->SubstCount); l++)
{
- int lookupIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
- int SequenceIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex) * write_dir;
+ unsigned int lookup_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
+ unsigned int sequence_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex);
+
+ g = glyph_index + write_dir * sequence_index;
+ if (g >= *glyph_count)
+ {
+ WARN("Invalid sequence index %u (glyph index %u, write dir %d).\n",
+ sequence_index, glyph_index, write_dir);
+ continue;
+ }
- TRACE(" SUBST: %i -> %i %i\n",l, SequenceIndex, lookupIndex);
- newIndex = GSUB_apply_lookup(lookup, lookupIndex, glyphs, glyph_index + SequenceIndex, write_dir, glyph_count);
+ TRACE(" SUBST: %u -> %u %u.\n", l, sequence_index, lookup_index);
+ newIndex = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count);
if (newIndex == GSUB_E_NOGLYPH)
{
ERR(" Chain failed to generate a glyph\n");
More information about the wine-cvs
mailing list