bug

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug

From:	chessman_at_263 . net
Subject:	bug
Date:	Thu, 3 Aug 2000 10:34:28 +0800 (CST)

I found some bug in freetype2-beta8.
in freetype2-beta8/src/cff/t2parse.c, in function  T2_Parser_Run()
the following code
        /* now, skip it */
        if ( v == 30 )
        {
          /* skip real number */
          for (;;)
          {
            if ( p >= limit )
              goto Syntax_Error;
            v = p[0] >> 4;
            if ( v == 15 )
              break;
            v = p[0] & 0xF;
            if ( v == 15 )
              break;
            p++;
          }
          p++;
        }
should be
        /* now, skip it */
        if ( v == 30 )
        {
          /* skip real number */
          for (;;)
          {
            if ( p >= limit )
              goto Syntax_Error;
            v = p[0] >> 4;
            if ( v == 15 )
              break;
            v = p[0] & 0xF;
            if ( v == 15 )
              break;
            p++;
          }
        }

the founction parse_t2_real() should be
  static
  FT_Fixed  parse_t2_real( FT_Byte*  start,
                           FT_Byte*  limit,
                           FT_Int    power_ten )
  {
    FT_Byte*  p    = start;
    FT_Long   num, divider, result, exp;
    FT_Int    sign = 0, exp_sign = 0;
    FT_Byte   nib;
    FT_Byte   phase;


    result  = 0;
    num     = 0;
    divider = 1;

    /* first of all, read the integer part */
    phase = 4;
    p--;

    for (;;)
    {
      /* read one nibble at a time */
      if ( phase && ++p >= limit )
        goto Bad;

      nib   = ( p[0] >> phase ) & 0xF;
      phase = 4 - phase;

      if ( nib == 0xE )
        sign = 1;
      else if ( nib > 9 )
        break;
      else
        result = result * 10 + nib;
    }

    /* read decimal part, if any */
    if ( nib == 0xa )
      for (;;)
      {
        /* read one nibble at a time */
        if ( !phase && ++p >= limit )
          goto Bad;

        nib   = ( p[0] >> phase ) & 0xF;
        phase = 4 - phase;

        if ( nib >= 10 )
          break;

        if (divider < 10000000L)
        {
          num      = num * 10 + nib;
          divider *= 10;
        }
      }

    /* read exponent, if any */
    if ( nib == 12 )
    {
      exp_sign = 1;
      nib      = 11;
    }

    if ( nib == 11 )
    {
      exp = 0;

      for (;;)
      {
        /* read one nibble at a time */
        if ( !phase && ++p >= limit )
          goto Bad;

        nib   = ( p[0] >> phase ) & 0xF;
        phase = 4 - phase;

        if ( nib >= 10 )
          break;

        exp = exp * 10 + nib;
      }

      if ( exp_sign )
        exp = -exp;

      power_ten += exp;
    }

    /* raise to power of ten if needed */
    while ( power_ten > 0 )
    {
      result = result * 10;
      num    = num * 10;

      power_ten--;
    }

    while ( power_ten < 0 )
    {
      result  = result / 10;
      divider = divider * 10;

      power_ten++;
    }

    if ( num )
      result += FT_DivFix( num, divider );

    if ( sign )
      result = -result;

  Exit:
    return result;

  Bad:
    result = 0;
    goto Exit;
  }

[Prev in Thread]

Current Thread

[Next in Thread]

bug, chessman_at_263 . net <=
- Re: bug, Just van Rossum, 2000/08/03
- bug, chessman_at_263 . net, 2000/08/03

Prev by Date: Re: patch for autohinter screwing up rotated text
Next by Date: bug
Previous by thread: Code duplication
Next by thread: Re: bug
Index(es):
- Date
- Thread