vcl/source/fontsubset/sft.cxx | 38 ++++++++++++++++++++++------
vcl/unx/generic/fontmanager/fontmanager.cxx | 33 ------------------------
2 files changed, 31 insertions(+), 40 deletions(-)
New commits:
commit 03f58d6af52bab05545833980cca835a3df0949a
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Sun Feb 26 16:03:37 2023 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Sun Feb 26 23:29:17 2023 +0000
cid#1521198 Untrusted loop bound
move sanity check inside CountTTCFonts so it applies
to the fd smuggle in via filename mechanism
Change-Id: Id2fee5801d71720747a8736859681e7c9a324bc3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/147740
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 6644946699a4..549507121962 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -1073,8 +1073,6 @@ static void GetNames(AbstractTrueTypeFont *t)
int CountTTCFonts(const char* fname)
{
- int nFonts = 0;
- sal_uInt8 buffer[12];
FILE* fd;
#ifdef LINUX
int nFD;
@@ -1088,13 +1086,39 @@ int CountTTCFonts(const char* fname)
else
#endif
fd = fopen(fname, "rb");
- if( fd ) {
- if (fread(buffer, 1, 12, fd) == 12) {
- if(GetUInt32(buffer, 0) == T_ttcf )
- nFonts = GetUInt32(buffer, 8);
+
+ if (!fd)
+ return 0;
+
+ int nFonts = 0;
+ sal_uInt8 buffer[12];
+ if (fread(buffer, 1, 12, fd) == 12) {
+ if(GetUInt32(buffer, 0) == T_ttcf )
+ nFonts = GetUInt32(buffer, 8);
+ }
+
+ if (nFonts > 0)
+ {
+ fseek(fd, 0, SEEK_END);
+ sal_uInt64 fileSize = ftell(fd);
+
+ //Feel free to calc the exact max possible number of fonts a file
+ //could contain given its physical size. But this will clamp it to
+ //a sane starting point
+ //http://processingjs.nihongoresources.com/the_smallest_font/
+ //https://github.com/grzegorzrolek/null-ttf
+ const int nMaxFontsPossible = fileSize / 528;
+ if (nFonts > nMaxFontsPossible)
+ {
+ SAL_WARN("vcl.fonts", "font file " << fname <<" claims to have "
+ << nFonts << " fonts, but only "
+ << nMaxFontsPossible << " are possible");
+ nFonts = nMaxFontsPossible;
}
- fclose(fd);
}
+
+ fclose(fd);
+
return nFonts;
}
diff --git a/vcl/unx/generic/fontmanager/fontmanager.cxx
b/vcl/unx/generic/fontmanager/fontmanager.cxx
index 0d48a692e97e..e9e2907091f9 100644
--- a/vcl/unx/generic/fontmanager/fontmanager.cxx
+++ b/vcl/unx/generic/fontmanager/fontmanager.cxx
@@ -179,14 +179,12 @@ std::vector<PrintFontManager::PrintFont>
PrintFontManager::analyzeFontFile( int
OString aFullPath = aDir + "/" + rFontFile;
bool bSupported;
- bool bHack = false;
int nFD;
int n;
if (sscanf(aFullPath.getStr(), "/:FD:/%d%n", &nFD, &n) == 1 &&
aFullPath.getStr()[n] == '\0')
{
// Hack, pathname that actually means we will use a pre-opened file
descriptor
bSupported = true;
- bHack = true;
}
else
{
@@ -220,37 +218,6 @@ std::vector<PrintFontManager::PrintFont>
PrintFontManager::analyzeFontFile( int
{
SAL_INFO("vcl.fonts", "ttc: " << aFullPath << " contains " <<
nLength << " fonts");
- if (!bHack)
- {
- sal_uInt64 fileSize = 0;
-
- OUString aURL;
- if
(osl::File::getFileURLFromSystemPath(OStringToOUString(aFullPath,
osl_getThreadTextEncoding()),
- aURL) == osl::File::E_None)
- {
- osl::File aFile(aURL);
- if (aFile.open(osl_File_OpenFlag_Read |
osl_File_OpenFlag_NoLock) == osl::File::E_None)
- {
- osl::DirectoryItem aItem;
- if (osl::DirectoryItem::get(aURL, aItem) ==
osl::File::E_None)
- {
- osl::FileStatus aFileStatus(
osl_FileStatus_Mask_FileSize );
- if (aItem.getFileStatus(aFileStatus) ==
osl::File::E_None)
- fileSize = aFileStatus.getFileSize();
- }
- }
- }
-
- //Feel free to calc the exact max possible number of fonts a
file
- //could contain given its physical size. But this will clamp
it to
- //a sane starting point
- //http://processingjs.nihongoresources.com/the_smallest_font/
- //https://github.com/grzegorzrolek/null-ttf
- const int nMaxFontsPossible = fileSize / 528;
- if (nLength > nMaxFontsPossible)
- nLength = nMaxFontsPossible;
- }
-
for( int i = 0; i < nLength; i++ )
{
PrintFont aFont;
