[PATCH 5/5] usp10: Validate substition record sequence indices in GSUB_apply_ContextSubst().
Aric Stewart
aric at codeweavers.com
Fri Apr 21 06:47:52 CDT 2017
Signed-off-by: Aric Stewart <aric at codeweavers.com>
On 4/20/17 5:57 PM, Henri Verbeet wrote:
> Signed-off-by: Henri Verbeet <hverbeet at codeweavers.com>
> ---
> dlls/usp10/opentype.c | 32 ++++++++++++++++++++++++--------
> 1 file changed, 24 insertions(+), 8 deletions(-)
>
> diff --git a/dlls/usp10/opentype.c b/dlls/usp10/opentype.c
> index 307b6a9..0351f4f 100644
> --- a/dlls/usp10/opentype.c
> +++ b/dlls/usp10/opentype.c
> @@ -1125,11 +1125,19 @@ static INT GSUB_apply_ContextSubst(const OT_LookupList* lookup, const OT_LookupT
>
> for (l = 0; l < GET_BE_WORD(sr->SubstCount); l++)
> {
> - int lookupIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
> - int SequenceIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex) * write_dir;
> + unsigned int lookup_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
> + unsigned int sequence_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex);
>
> - TRACE(" SUBST: %i -> %i %i\n",l, SequenceIndex, lookupIndex);
> - newIndex = GSUB_apply_lookup(lookup, lookupIndex, glyphs, glyph_index + SequenceIndex, write_dir, glyph_count);
> + g = glyph_index + write_dir * sequence_index;
> + if (g >= *glyph_count)
> + {
> + WARN("Invalid sequence index %u (glyph index %u, write dir %d).\n",
> + sequence_index, glyph_index, write_dir);
> + continue;
> + }
> +
> + TRACE(" SUBST: %u -> %u %u.\n", l, sequence_index, lookup_index);
> + newIndex = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count);
> if (newIndex == GSUB_E_NOGLYPH)
> {
> ERR(" Chain failed to generate a glyph\n");
> @@ -1204,11 +1212,19 @@ static INT GSUB_apply_ContextSubst(const OT_LookupList* lookup, const OT_LookupT
>
> for (l = 0; l < GET_BE_WORD(sr->SubstCount); l++)
> {
> - int lookupIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
> - int SequenceIndex = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex) * write_dir;
> + unsigned int lookup_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].LookupListIndex);
> + unsigned int sequence_index = GET_BE_WORD(sr_2->SubstLookupRecord[l].SequenceIndex);
> +
> + g = glyph_index + write_dir * sequence_index;
> + if (g >= *glyph_count)
> + {
> + WARN("Invalid sequence index %u (glyph index %u, write dir %d).\n",
> + sequence_index, glyph_index, write_dir);
> + continue;
> + }
>
> - TRACE(" SUBST: %i -> %i %i\n",l, SequenceIndex, lookupIndex);
> - newIndex = GSUB_apply_lookup(lookup, lookupIndex, glyphs, glyph_index + SequenceIndex, write_dir, glyph_count);
> + TRACE(" SUBST: %u -> %u %u.\n", l, sequence_index, lookup_index);
> + newIndex = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count);
> if (newIndex == GSUB_E_NOGLYPH)
> {
> ERR(" Chain failed to generate a glyph\n");
>
More information about the wine-patches
mailing list