[PATCH 1/5] usp10: Validate positioning record sequence indices in GPOS_apply_ChainContextPos().
Aric Stewart
aric at codeweavers.com
Tue Apr 18 06:59:16 CDT 2017
Signed-off-by: Aric Stewart <aric at codeweavers.com>
On 4/17/17 1:26 PM, Henri Verbeet wrote:
> The issue is somewhat theoretical, since in reasonbale fonts the indices
> should always be valid, and in fact are fairly likely to be 0. On the other
> hand, web fonts exist.
>
> Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
> ---
> dlls/usp10/opentype.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
> index a3346ef..f0417f1 100644
> --- a/dlls/usp10/opentype.c
> +++ b/dlls/usp10/opentype.c
> @@ -2301,12 +2301,20 @@ static unsigned int GPOS_apply_ChainContextPos(const ScriptCache *script_cache,
>
> for (k = 0; k < positioning_count; ++k)
> {
> - WORD lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
> - WORD sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex) * write_dir;
> + unsigned int lookup_index = GET_BE_WORD(positioning->PosLookupRecord[k].LookupListIndex);
> + unsigned int sequence_index = GET_BE_WORD(positioning->PosLookupRecord[k].SequenceIndex);
> + unsigned int g = glyph_index + write_dir * sequence_index;
> +
> + if (g >= glyph_count)
> + {
> + WARN("Skipping invalid sequence index %u (glyph index %u, write dir %d).\n",
> + sequence_index, glyph_index, write_dir);
> + continue;
> + }
>
> TRACE("Position: %u -> %u %u.\n", k, sequence_index, lookup_index);
> GPOS_apply_lookup(script_cache, otm, logfont, analysis, advance, lookup, lookup_index,
> - glyphs, glyph_index + sequence_index, glyph_count, goffset);
> + glyphs, g, glyph_count, goffset);
> }
> return input_count + lookahead_count;
> }
>
More information about the wine-patches
mailing list