Re: [ft-devel] [freetype2] GSoC-2019-moazin 8887048: Performs basic to see if SVG data is valid or not.

Mon, 29 Jul 2019 13:00:03 -0700 

Why?

On Mon, Jul 29, 2019 at 12:41 PM Moazin Khatti <moa...@savannah.gnu.org>
wrote:

> branch: GSoC-2019-moazin
> commit 8887048557db93857ffa6169cfe4c3190f9cb1a1
> Author: Moazin Khatti <moazinkha...@gmail.com>
> Commit: Moazin Khatti <moazinkha...@gmail.com>
>
>     Performs basic to see if SVG data is valid or not.
> ---
>  src/sfnt/ttsvg.c | 38 ++++++++++++++++++++++++++++++++++++--
>  1 file changed, 36 insertions(+), 2 deletions(-)
>
> diff --git a/src/sfnt/ttsvg.c b/src/sfnt/ttsvg.c
> index f4a85ca..223eb88 100644
> --- a/src/sfnt/ttsvg.c
> +++ b/src/sfnt/ttsvg.c
> @@ -35,6 +35,24 @@
>
>  #include "ttsvg.h"
>
> +/* SVG table looks like:
> + * --------------------------------------
> + * Bytes:         Field                 |
> + * --------------------------------------
> + * 2              version
> + * 4              offsetToSVGDocumentList
> + * 4              reserved
> + * 2              numEntries (non-zero)
> + * 12*numEntries  documentList
> + *
> + * Since numEntries must be at least one, minimum
> + * size of SVG table is 24. Everything apart from
> + * the documentList makes 12 bytes.
> + */
> +
> +#define  SVG_HEADER_BASE_SIZE 12
> +#define  SVG_HEADER_MIN_SIZE  24
> +
>    /* TODO: (OT-SVG) Decide whether to add documentation here or not */
>
>    typedef struct Svg_
> @@ -69,6 +87,9 @@
>      if( error )
>        goto NoSVG;
>
> +    if ( table_size < SVG_HEADER_MIN_SIZE )
> +      goto InvalidTable;
> +
>      if( FT_FRAME_EXTRACT( table_size, table ))
>        goto NoSVG;
>
> @@ -77,7 +98,14 @@
>        goto NoSVG;
>
>      p = table;
> -    svg->version =            FT_NEXT_USHORT( p );
> +    svg->version = FT_NEXT_USHORT( p );
> +
> +    /* At the time of writing this, only version 0 exists,
> +     * and only that is supported by FreeType
> +     */
> +    if ( svg->version != 0 )
> +      goto InvalidTable;
> +
>      offsetToSVGDocumentList = FT_NEXT_ULONG( p );
>
>      if( offsetToSVGDocumentList == 0 )
> @@ -88,6 +116,9 @@
>      p = svg->svg_doc_list;
>      svg->num_entries = FT_NEXT_USHORT( p );
>
> +    if ( ( svg->num_entries*12 + SVG_HEADER_BASE_SIZE ) > table_size )
> +      goto InvalidTable;
> +
>      FT_TRACE3(( "version: %d\n", svg->version ));
>      FT_TRACE3(( "num entiries: %d\n", svg->num_entries ));
>
> @@ -244,7 +275,10 @@
>        *doc_length = mid_doc.length;
>        *start_glyph = mid_doc.start_glyph_id;
>        *end_glyph   = mid_doc.end_glyph_id;
> -      error = FT_Err_Ok;
> +      if ( *doc_length == 0 )
> +        error = FT_THROW( Invalid_SVG_Document );
> +      else
> +        error = FT_Err_Ok;
>      }
>      return error;
>    }
>
>

-- 
behdad
http://behdad.org/

_______________________________________________
Freetype-devel mailing list
Freetype-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/freetype-devel

Reply via email to