[PATCH 1/5] usp10: Validate positioning record sequence indices in GPOS_apply_ChainContextPos().
Henri Verbeet
hverbeet at codeweavers.com
Mon Apr 17 13:26:56 CDT 2017
The issue is somewhat theoretical, since in reasonbale fonts the indices
should always be valid, and in fact are fairly likely to be 0. On the other
hand, web fonts exist.
Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
---
dlls/usp10/opentype.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
index a3346ef..f0417f1 100644
--- a/dlls/usp10/opentype.c
+++ b/dlls/usp10/opentype.c
@@ -2301,12 +2301,20 @@ static unsigned int GPOS_apply_ChainContextPos(const ScriptCache *script_cache,
for (k = 0; k < positioning_count; ++k)
{
- WORD lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
- WORD sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex) * write_dir;
+ unsigned int lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
+ unsigned int sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex);
+ unsigned int g = glyph_index + write_dir * sequence_index;
+
+ if (g >= glyph_count)
+ {
+ WARN("Skipping invalid sequence index %u (glyph index %u, write dir %d).\n",
+ sequence_index, glyph_index, write_dir);
+ continue;
+ }
TRACE("Position: %u -> %u %u.\n", k, sequence_index, lookup_index);
GPOS_apply_lookup(script_cache, otm, logfont, analysis, advance, lookup, lookup_index,
- glyphs, glyph_index + sequence_index, glyph_count, goffset);
+ glyphs, g, glyph_count, goffset);
}
return input_count + lookahead_count;
}
--
2.1.4
More information about the wine-patches
mailing list