I pushed a fix for the overflow issue. I'll handle the caching part separately.
behdad On 08/16/10 10:30, Jonathan Kew wrote: > Hi Behdad, > > I think there's an issue with how the 'head' table is handled in harfbuzz-ng > at the moment. > > hb_face_create_for_tables() loads the 'head' table and calls > Sanitizer<head>::sanitize() on it. However, if sanitize() fails, the table > gets replaced by the empty blob, which means that face->head_table does not > point to a valid 'head' structure, and in particular, when GPOS code tries to > use the unitsPerEm value to scale coordinates, it is accessing "random" > memory. > > So it seems to me that hb_face_create_for_tables() needs to check that the > 'head' table was successfully loaded, *and* has a usable (non-zero, at least) > unitsPerEm value. But as that's the only field we care about, we could let > hb_face_create_for_tables() store the unitsPerEm value directly into the face > (checking that it is within the valid range), and then release the table; > there's no need to hold on to the blob after initial creation of the face. > > Suggested patch attached. > > JK > > > > > > _______________________________________________ HarfBuzz mailing list HarfBuzz@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/harfbuzz