CVS commit: xsrc/external/mit/freetype/dist/src/lzw

Tue, 16 Aug 2011 11:20:12 -0700 

Module Name:    xsrc
Committed By:   joerg
Date:           Tue Aug 16 18:20:04 UTC 2011

Modified Files:
        xsrc/external/mit/freetype/dist/src/lzw: ftzopen.c

Log Message:
Increase strictness of LZW parser.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c
diff -u xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c:1.3 xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c:1.4
--- xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c:1.3	Mon Nov 22 08:38:55 2010
+++ xsrc/external/mit/freetype/dist/src/lzw/ftzopen.c	Tue Aug 16 18:20:04 2011
@@ -266,7 +266,7 @@
         state->block_mode = max_bits & LZW_BLOCK_MASK;
         state->max_free   = (FT_UInt)( ( 1UL << state->max_bits ) - 256 );
 
-        if ( state->max_bits > LZW_MAX_BITS )
+        if ( state->max_bits > LZW_MAX_BITS || state->max_bits < 12)
           goto Eof;
 
         state->num_bits = LZW_INIT_BITS;
@@ -277,19 +277,7 @@
         state->free_bits = state->num_bits < state->max_bits
                            ? (FT_UInt)( ( 1UL << state->num_bits ) - 256 )
                            : state->max_free + 1;
-
-        c = ft_lzwstate_get_code( state );
-        if ( c < 0 )
-          goto Eof;
-
-        old_code = old_char = (FT_UInt)c;
-
-        if ( buffer )
-          buffer[result] = (FT_Byte)old_char;
-
-        if ( ++result >= out_size )
-          goto Exit;
-
+        old_code = -1;
         state->phase = FT_LZW_PHASE_CODE;
       }
       /* fall-through */
@@ -309,14 +297,10 @@
 
         if ( code == LZW_CLEAR && state->block_mode )
         {
-          /* why not LZW_FIRST-256 ? */
-          state->free_ent  = ( LZW_FIRST - 1 ) - 256;
+          state->free_ent  = LZW_FIRST - 256;
           state->buf_clear = 1;
-          c = ft_lzwstate_get_code( state );
-          if ( c < 0 )
-            goto Eof;
-
-          code = (FT_UInt)c;
+          old_code = -1;
+          goto NextCode;
         }
 
         in_code = code; /* save code for later */
@@ -326,6 +310,8 @@
           /* special case for KwKwKwK */
           if ( code - 256U >= state->free_ent )
           {
+            if ( code - 256U > state->free_ent )
+              goto Eof; /* Broken stream */
             FTLZW_STACK_PUSH( old_char );
             code = old_code;
           }
@@ -361,7 +347,7 @@
         }
 
         /* now create new entry */
-        if ( state->free_ent < state->max_free )
+        if ( state->free_ent < state->max_free && old_code != -1)
         {
           if ( state->free_ent >= state->prefix_size &&
                ft_lzwstate_prefix_grow( state ) < 0  )

Reply via email to