Argh, my question was meant to be "can you give me some hints how to add those" :-).
I added the 64k limit myself - that was b52/b53 - line 3715 and 4010, after the "case 0x2D" lines: ( http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/truetype/ttinterp.c ) insert something like if ( (def->end - def->start) > 65535 ) warning(); BTW, I think line 4010 is missing a "def->end = exc->IP;" line. "def->end" is not used except for bound checking, (though precisely because it is used for that, I did put it in my diagnostic patch set) so it is probably not important, but you might still want to add that line, to match how it looks around line 3715. It annoys me slightly that I cannot put the "end without if" check in easily - I have a test file for it, actually. But I understand there is no reason for Freetype to even notice such a thing - an "end without if" is just a no-op, and does not see to get special attention. I'll figure out something, one day. Hin-Tak -------------------------------------------- On Thu, 21/7/16, Werner LEMBERG <[email protected]> wrote: > I don't think Freetype checks and cares about 'EIF found without IF' > (no reason to, unlike the opposite, an IP or ELSE that goes on and > on)? Correct. > likewise 'ELSE found without EIF' - an ELSE that goes on and goes, > is already captured, but Freetype does not check an 'ELSE found > without IF' - i.e. an ELSE without something leading up to it? Correct. > Or the 64k limit for individual FDEF/IDEF? Freetype seems to allow > large ones without complaints? Correct. It should be fairly easy to add some code that catches those issues. I don't think, however, that this needs to be added without FT_DIAGNOSTICS. Werner _______________________________________________ Freetype-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/freetype-devel
