vcl/source/fontsubset/sft.cxx | 38 ++++++++++++++++++++++------ vcl/unx/generic/fontmanager/fontmanager.cxx | 33 ------------------------ 2 files changed, 31 insertions(+), 40 deletions(-)
New commits: commit 03f58d6af52bab05545833980cca835a3df0949a Author: Caolán McNamara <caol...@redhat.com> AuthorDate: Sun Feb 26 16:03:37 2023 +0000 Commit: Caolán McNamara <caol...@redhat.com> CommitDate: Sun Feb 26 23:29:17 2023 +0000 cid#1521198 Untrusted loop bound move sanity check inside CountTTCFonts so it applies to the fd smuggle in via filename mechanism Change-Id: Id2fee5801d71720747a8736859681e7c9a324bc3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147740 Tested-by: Jenkins Reviewed-by: Caolán McNamara <caol...@redhat.com> diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index 6644946699a4..549507121962 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -1073,8 +1073,6 @@ static void GetNames(AbstractTrueTypeFont *t) int CountTTCFonts(const char* fname) { - int nFonts = 0; - sal_uInt8 buffer[12]; FILE* fd; #ifdef LINUX int nFD; @@ -1088,13 +1086,39 @@ int CountTTCFonts(const char* fname) else #endif fd = fopen(fname, "rb"); - if( fd ) { - if (fread(buffer, 1, 12, fd) == 12) { - if(GetUInt32(buffer, 0) == T_ttcf ) - nFonts = GetUInt32(buffer, 8); + + if (!fd) + return 0; + + int nFonts = 0; + sal_uInt8 buffer[12]; + if (fread(buffer, 1, 12, fd) == 12) { + if(GetUInt32(buffer, 0) == T_ttcf ) + nFonts = GetUInt32(buffer, 8); + } + + if (nFonts > 0) + { + fseek(fd, 0, SEEK_END); + sal_uInt64 fileSize = ftell(fd); + + //Feel free to calc the exact max possible number of fonts a file + //could contain given its physical size. But this will clamp it to + //a sane starting point + //http://processingjs.nihongoresources.com/the_smallest_font/ + //https://github.com/grzegorzrolek/null-ttf + const int nMaxFontsPossible = fileSize / 528; + if (nFonts > nMaxFontsPossible) + { + SAL_WARN("vcl.fonts", "font file " << fname <<" claims to have " + << nFonts << " fonts, but only " + << nMaxFontsPossible << " are possible"); + nFonts = nMaxFontsPossible; } - fclose(fd); } + + fclose(fd); + return nFonts; } diff --git a/vcl/unx/generic/fontmanager/fontmanager.cxx b/vcl/unx/generic/fontmanager/fontmanager.cxx index 0d48a692e97e..e9e2907091f9 100644 --- a/vcl/unx/generic/fontmanager/fontmanager.cxx +++ b/vcl/unx/generic/fontmanager/fontmanager.cxx @@ -179,14 +179,12 @@ std::vector<PrintFontManager::PrintFont> PrintFontManager::analyzeFontFile( int OString aFullPath = aDir + "/" + rFontFile; bool bSupported; - bool bHack = false; int nFD; int n; if (sscanf(aFullPath.getStr(), "/:FD:/%d%n", &nFD, &n) == 1 && aFullPath.getStr()[n] == '\0') { // Hack, pathname that actually means we will use a pre-opened file descriptor bSupported = true; - bHack = true; } else { @@ -220,37 +218,6 @@ std::vector<PrintFontManager::PrintFont> PrintFontManager::analyzeFontFile( int { SAL_INFO("vcl.fonts", "ttc: " << aFullPath << " contains " << nLength << " fonts"); - if (!bHack) - { - sal_uInt64 fileSize = 0; - - OUString aURL; - if (osl::File::getFileURLFromSystemPath(OStringToOUString(aFullPath, osl_getThreadTextEncoding()), - aURL) == osl::File::E_None) - { - osl::File aFile(aURL); - if (aFile.open(osl_File_OpenFlag_Read | osl_File_OpenFlag_NoLock) == osl::File::E_None) - { - osl::DirectoryItem aItem; - if (osl::DirectoryItem::get(aURL, aItem) == osl::File::E_None) - { - osl::FileStatus aFileStatus( osl_FileStatus_Mask_FileSize ); - if (aItem.getFileStatus(aFileStatus) == osl::File::E_None) - fileSize = aFileStatus.getFileSize(); - } - } - } - - //Feel free to calc the exact max possible number of fonts a file - //could contain given its physical size. But this will clamp it to - //a sane starting point - //http://processingjs.nihongoresources.com/the_smallest_font/ - //https://github.com/grzegorzrolek/null-ttf - const int nMaxFontsPossible = fileSize / 528; - if (nLength > nMaxFontsPossible) - nLength = nMaxFontsPossible; - } - for( int i = 0; i < nLength; i++ ) { PrintFont aFont;