-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
improve robustness #833
Merged
Merged
improve robustness #833
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In order for var_freeavar to see a valid avar record under any error situation, modified var_loadavar so that axisCount is set in avar record after a successful allocation and initialization of segmentMaps, and also makes sure to initialize all valueMaps arrays in all segment maps before an attempt to allocate each valueMaps array.
* Added CHKUFLOW() macro call to each of the following T2 operators: tx_rmoveto, tx_hmoveto, tx_vmoveto * Added IS_CFF2 flag check for all deprecated two-byte T2 opcodes. If they are seen in CFF2 then treat them as invalid. * Added negative test against numBlends + numDeltaBlends to handleBlend. * Added memset BCA with zeros before executing a charstring.
Added an overflow check to readTTCDirectory.
Fixed multiplication overflow check in dnaGrow.
* Added a new internal function cfwSindexInvalidString for consistent testing against a null or empty string for use by both cfwSindexAddString and cfwEndFont. * Added a FDArray bounds check to writeCharStringsINDEX. * Added a range check to cfwSindexGetString. An empty string is returned for an out of range string index.
* Modified readEncoding so that gid from the Encoding table does not exceed the preallocated the size (cnt) of h->glyphs.array for both format 0 and format 1. If the check fails, it calls fatal with "invalid Encoding format". * Modified readFDSelect so that gid from the FDSelect table format 3 does not exceed the preallocated the size (cnt) of h->glyphs.array. * Added range checks to readFDArray and readFDSelect. * Modified readCharset so that gid from the Charset table format 2 does not exceed the preallocated the size (cnt) of h->glyphs.array. * Added a sanity check to readINDEX so that an INDEX table read from a font has its end >= begin. * Modified readINDEX to reset offset & offSize in INDEX struct when count=0. * Added array bounds checks to post2GetName. * Added a call to buildGIDNames to the error case in postRead so that three parallel arrays are properly filled. * Added a check for no glyphs in buildGIDNames. * Added negative test against numBlends + numDeltaBlends to handleBlend. * Modified a loop in readCharStringsINDEX to use h->glyphs.cnt (signed) as the loop count instead of index.count (unsigned) for consistency. * Modified addID to check gid before accessing glyphs array. * Added a new cffread flag CFR_CFF2_ONLY assumed with the existing flag CFR_FLATTEN_VF to disable reading CFF while flattening a CFF2 variable font. * Additional fixes of N-size/offSize checks in ReadN() and ReadSubrIndex()
* use vsnprintf instead of vsprintf in vmessage * return NULL if sti is undefined in getString * throw a fatal error if getString returns NULL in mmInit * memset t1rCtx structure to zero in t1rNew * ensure that cnt is at least 1 in initFDArray * throw a fatal error if h->stm.str is NULL in srcSeek * throw a fatal error if h->chars.index.cnt is 0 in readCIDMap
* improved bounds checking in do_store * improved bounds checking and added null pointer check in do_load
* return an error if h->plain.cnt is 0 in eexec_refill * changed read1 from macro to a function to facilitate debugging * added recursion depth checking to skipDictionary and skipAngle * added checks for error code from read1 to skipDictionary and skipAngle
* check sfntVersion versus presence of `glyf`, `CFF`, or `CFF2` table * changed sfrErrBadSfnt message from "unrecognized sfnt version" to "bad sfnt version"
* reduced scope of null_str in cfwSindexGetString per feedback from Codacy
readroberts
approved these changes
Jul 10, 2019
blueshade7
approved these changes
Jul 10, 2019
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a collection of general improvements in the overall robustness of the C code.