date:20110709

Re: [ft-devel] details on iPhone exploit caused by FreeType?

2011-07-09 Thread Werner LEMBERG


> Moving error check down to default, where it belongs

Applied, thanks.


Werner

___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] details on iPhone exploit caused by FreeType?

2011-07-09 Thread Алексей Подтележников

Moving error check down to default, where it belongs

diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
index a60ec38..f015e47 100644
--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@@ -686,9 +686,6 @@
 subr_no = (FT_Int)( top[1] >> 16 );
 arg_cnt = (FT_Int)( top[0] >> 16 );

-if ( arg_cnt < 0 || subr_no < 0 )
-  goto Unexpected_OtherSubr;
-
 /***/
 /* */
 /* remove all operands to callothersubr from the stack */
@@ -1011,11 +1008,14 @@
   break;

 default:
-  FT_ERROR(( "t1_decoder_parse_charstrings:"
- " unknown othersubr [%d %d], wish me luck\n",
- arg_cnt, subr_no ));
-  unknown_othersubr_result_cnt = arg_cnt;
-  break;
+  if ( arg_cnt >= 0 && subr_no > 0 )
+  {
+FT_ERROR(( "t1_decoder_parse_charstrings:"
+   " unknown othersubr [%d %d], wish me luck\n",
+   arg_cnt, subr_no ));
+unknown_othersubr_result_cnt = arg_cnt;
+break;
+  }

 Unexpected_OtherSubr:
   FT_ERROR(( "t1_decoder_parse_charstrings:"

___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] details on iPhone exploit caused by FreeType?

2011-07-09 Thread Werner LEMBERG

>> But the `default' label continues, while `Unexpected_OtherSubr'
>> aborts...
> 
> Again, good "cases" do not need this check because they check
> arguments thoroughly too.  You just added an inefficiency to good
> "cases". Move your filter to "default" where you actually want to
> abort.

I don't follow.  Please provide a patch.


Werner

___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] details on iPhone exploit caused by FreeType?

2011-07-09 Thread Алексей Подтележников

On Sat, Jul 9, 2011 at 12:53 AM, Werner LEMBERG  wrote:
>
>> I would have this check under default: on line 1013 because other
>> cases have good checks already.
>
> But the `default' label continues, while `Unexpected_OtherSubr'
> aborts...

Again, good "cases" do not need this check because they check
arguments thoroughly too.
You just added an inefficiency to good "cases". Move your filter to
"default" where you actually
want to abort.

___
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Re: [ft-devel] details on iPhone exploit caused by FreeType?

Re: [ft-devel] details on iPhone exploit caused by FreeType?

Re: [ft-devel] details on iPhone exploit caused by FreeType?

Re: [ft-devel] details on iPhone exploit caused by FreeType?

4 matches

Site Navigation

Mail list logo

Footer information