From 27811904d8de0ce5591417812ca31163bf5aad60 Mon Sep 17 00:00:00 2001 From: Geremy Condra Date: Fri, 16 Dec 2011 12:43:20 -0800 Subject: Updated freetype to 2.4.8 This change is to fix a vulnerability in 2.4.7 (CVE-2011-3439). It is taken from http://b/issue?id=5700584. Change-Id: I25a87999bc3ab44d7c7f59e7f04f56895d86bb5d --- src/truetype/ttinterp.c | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) (limited to 'src/truetype') diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 6c4eed6..c62c589 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -5155,25 +5155,38 @@ D = CUR_Func_project( CUR.zp0.cur + L, CUR.zp1.cur + K ); else { - FT_Vector* vec1 = CUR.zp0.orus + L; - FT_Vector* vec2 = CUR.zp1.orus + K; + /* XXX: UNDOCUMENTED: twilight zone special case */ - - if ( CUR.metrics.x_scale == CUR.metrics.y_scale ) + if ( CUR.GS.gep0 == 0 || CUR.GS.gep1 == 0 ) { - /* this should be faster */ + FT_Vector* vec1 = CUR.zp0.org + L; + FT_Vector* vec2 = CUR.zp1.org + K; + + D = CUR_Func_dualproj( vec1, vec2 ); - D = TT_MULFIX( D, CUR.metrics.x_scale ); } else { - FT_Vector vec; + FT_Vector* vec1 = CUR.zp0.orus + L; + FT_Vector* vec2 = CUR.zp1.orus + K; + + + if ( CUR.metrics.x_scale == CUR.metrics.y_scale ) + { + /* this should be faster */ + D = CUR_Func_dualproj( vec1, vec2 ); + D = TT_MULFIX( D, CUR.metrics.x_scale ); + } + else + { + FT_Vector vec; - vec.x = TT_MULFIX( vec1->x - vec2->x, CUR.metrics.x_scale ); - vec.y = TT_MULFIX( vec1->y - vec2->y, CUR.metrics.y_scale ); + vec.x = TT_MULFIX( vec1->x - vec2->x, CUR.metrics.x_scale ); + vec.y = TT_MULFIX( vec1->y - vec2->y, CUR.metrics.y_scale ); - D = CUR_fast_dualproj( &vec ); + D = CUR_fast_dualproj( &vec ); + } } } } -- cgit v1.2.3