[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ft-devel] sanity checks for ft_ansi_stream_io
|
From: |
Werner LEMBERG |
|
Subject: |
[ft-devel] sanity checks for ft_ansi_stream_io |
|
Date: |
Sat, 26 Jun 2010 09:27:31 +0200 (CEST) |
Folks,
I have added some memory checks:
Since I'm no I/O expert I wonder whether everything is OK...
Werner
======================================================================
diff --git a/ChangeLog b/ChangeLog
index 72abfac..f5bf6ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
2010-06-25 Werner Lemberg <address@hidden>
+ Add some memory checks (mainly for debugging).
+
+ * src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error
+ if the frame size is larger than the stream size.
+
+ * src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if
+ seeking a position larger than the stream size.
+
+2010-06-25 Werner Lemberg <address@hidden>
+
Fix Savannah bug #30261.
* src/pfr/pfrobjs.c (pfr_face_init): Reject fonts which contain
diff --git a/include/freetype/ftsystem.h b/include/freetype/ftsystem.h
index d8aa44f..e07460c 100644
--- a/include/freetype/ftsystem.h
+++ b/include/freetype/ftsystem.h
@@ -4,7 +4,7 @@
/* */
/* FreeType low-level system interface definition (specification). */
/* */
-/* Copyright 1996-2001, 2002, 2005 by */
+/* Copyright 1996-2001, 2002, 2005, 2010 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -240,7 +240,8 @@ FT_BEGIN_HEADER
*
* @note:
* This function might be called to perform a seek or skip operation
- * with a `count' of~0.
+ * with a `count' of~0. A non-zero return value then indicates an
+ * error.
*
*/
typedef unsigned long
diff --git a/src/base/ftstream.c b/src/base/ftstream.c
index b638599..9b087ac 100644
--- a/src/base/ftstream.c
+++ b/src/base/ftstream.c
@@ -4,7 +4,7 @@
/* */
/* I/O stream support (body). */
/* */
-/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009 by */
+/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009, 2010 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -246,6 +246,18 @@
/* allocate the frame in memory */
FT_Memory memory = stream->memory;
+
+ /* simple sanity check */
+ if ( count > stream->size )
+ {
+ FT_ERROR(( "FT_Stream_EnterFrame:"
+ " frame size (%lu) larger than stream size (%lu)\n",
+ count, stream->size ));
+
+ error = FT_Err_Invalid_Stream_Operation;
+ goto Exit;
+ }
+
#ifdef FT_DEBUG_MEMORY
/* assume _ft_debug_file and _ft_debug_lineno are already set */
stream->base = (unsigned char*)ft_mem_qalloc( memory, count, &error );
diff --git a/src/base/ftsystem.c b/src/base/ftsystem.c
index 4d06d6d..ba86005 100644
--- a/src/base/ftsystem.c
+++ b/src/base/ftsystem.c
@@ -4,7 +4,7 @@
/* */
/* ANSI-specific FreeType low-level system interface (body). */
/* */
-/* Copyright 1996-2001, 2002, 2006, 2008, 2009 by */
+/* Copyright 1996-2001, 2002, 2006, 2008, 2009, 2010 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -192,7 +192,9 @@
/* count :: The number of bytes to read from the stream. */
/* */
/* <Return> */
- /* The number of bytes actually read. */
+ /* The number of bytes actually read. If `count' is zero (this is, */
+ /* the function is used for seeking), a non-zero return value */
+ /* indicates an error. */
/* */
FT_CALLBACK_DEF( unsigned long )
ft_ansi_stream_io( FT_Stream stream,
@@ -203,6 +205,9 @@
FT_FILE* file;
+ if ( !count && offset > stream->size )
+ return 1;
+
file = STREAM_FILE( stream );
if ( stream->pos != offset )
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [ft-devel] sanity checks for ft_ansi_stream_io,
Werner LEMBERG <=