fofi/FoFiTrueType.cc | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-)
New commits: commit 331b0f1c16c4f636fc616569bab030969aa848f2 Author: Carlos Garcia Campos <[email protected]> Date: Tue Aug 30 16:42:33 2011 +0200 xpdf303: Check for entries in the table directory with bogus tags in FoFiTrueType This handles the case where the number of tables given in the header is too high. diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc index b76b7f1..4e125fd 100644 --- a/fofi/FoFiTrueType.cc +++ b/fofi/FoFiTrueType.cc @@ -882,7 +882,7 @@ void FoFiTrueType::writeTTF(FoFiOutputFunc outputFunc, }; GBool missingCmap, missingName, missingPost, missingOS2; GBool unsortedLoca, badCmapLen, abbrevHMTX; - int nZeroLengthTables; + int nZeroLengthTables, nBogusTables; int nHMetrics, advWidth, lsb; TrueTypeLoca *locaTable; TrueTypeTable *newTables; @@ -946,11 +946,30 @@ void FoFiTrueType::writeTTF(FoFiOutputFunc outputFunc, locaTable[i].idx = i; } - // check for zero-length tables - nZeroLengthTables = 0; + // check for zero-length tables and bogus tags + nZeroLengthTables = nBogusTables = 0; for (i = 0; i < nTables; ++i) { if (tables[i].len == 0) { ++nZeroLengthTables; + if (tables[i].tag == cmapTag) { + missingCmap = gTrue; + } else if (tables[i].tag == nameTag) { + missingName = gTrue; + } else if (tables[i].tag == postTag) { + missingPost = gTrue; + } else if (tables[i].tag == os2Tag) { + missingOS2 = gTrue; + } + } else if (!(tables[i].tag & 0xe0000000) || + !(tables[i].tag & 0x00e00000) || + !(tables[i].tag & 0x0000e000) || + !(tables[i].tag & 0x000000e0)) { + // tags where any of the bytes are < 0x20 are probably bogus + // (the TrueType spec uses ASCII sequences for tags) -- this + // catches problems where the number of tables given in the + // header is too large, and so gibberish data is read at the end + // of the table directory + ++nBogusTables; } } @@ -981,7 +1000,8 @@ void FoFiTrueType::writeTTF(FoFiOutputFunc outputFunc, // if nothing is broken, just write the TTF file as is if (!missingCmap && !missingName && !missingPost && !missingOS2 && - !unsortedLoca && !badCmapLen && !abbrevHMTX && nZeroLengthTables == 0 && + !unsortedLoca && !badCmapLen && !abbrevHMTX && + nZeroLengthTables == 0 && nBogusTables == 0 && !name && !codeToGID) { (*outputFunc)(outputStream, (char *)file, len); goto done1; @@ -1188,7 +1208,7 @@ void FoFiTrueType::writeTTF(FoFiOutputFunc outputFunc, // - sort the table by tag // - compute new table positions, including 4-byte alignment // - (re)compute table checksums - nNewTables = nTables - nZeroLengthTables + + nNewTables = nTables - nZeroLengthTables - nBogusTables + (missingCmap ? 1 : 0) + (missingName ? 1 : 0) + (missingPost ? 1 : 0) + (missingOS2 ? 1 : 0); newTables = (TrueTypeTable *)gmallocn(nNewTables, sizeof(TrueTypeTable)); _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
