From cd430b3c44fb9df6b1fde6b5dd261942919a3f70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Wang?= Date: Thu, 5 Jun 2014 11:09:00 -0400 Subject: [PATCH] Bug 1020927 - Update OTS to d6018b62bf41f6b419aeae6d2795725a55715481 to accept 0 lookup for lookup, feature or script offset. r=jfkthame --- gfx/ots/README.mozilla | 2 +- gfx/ots/src/gpos.cc | 60 +++++++++++++++++++++++++----------------- gfx/ots/src/gsub.cc | 60 +++++++++++++++++++++++++----------------- 3 files changed, 73 insertions(+), 49 deletions(-) diff --git a/gfx/ots/README.mozilla b/gfx/ots/README.mozilla index d316e41112e..d63fe0d45f7 100644 --- a/gfx/ots/README.mozilla +++ b/gfx/ots/README.mozilla @@ -2,7 +2,7 @@ This is the Sanitiser for OpenType project, from http://code.google.com/p/ots/. Our reference repository is https://github.com/khaledhosny/ots/. -Current revision: bf4afceb8b441f3a219dd7cfea5613c18183836c +Current revision: d6018b62bf41f6b419aeae6d2795725a55715481 Upstream files included: LICENSE, src/, include/ diff --git a/gfx/ots/src/gpos.cc b/gfx/ots/src/gpos.cc index 5cb3e5691ad..314cf2923e2 100644 --- a/gfx/ots/src/gpos.cc +++ b/gfx/ots/src/gpos.cc @@ -757,36 +757,48 @@ bool ots_gpos_parse(OpenTypeFile *file, const uint8_t *data, size_t length) { DROP_THIS_TABLE("Bad version"); return true; } - if ((offset_script_list < kGposHeaderSize || - offset_script_list >= length) || - (offset_feature_list < kGposHeaderSize || - offset_feature_list >= length) || - (offset_lookup_list < kGposHeaderSize || - offset_lookup_list >= length)) { - DROP_THIS_TABLE("Bad offset in table header"); - return true; - } - if (!ParseLookupListTable(file, data + offset_lookup_list, - length - offset_lookup_list, - &kGposLookupSubtableParser, - &gpos->num_lookups)) { - DROP_THIS_TABLE("Failed to parse lookup list table"); - return true; + if (offset_lookup_list) { + if (offset_lookup_list < kGposHeaderSize || offset_lookup_list >= length) { + DROP_THIS_TABLE("Bad lookup list offset in table header"); + return true; + } + + if (!ParseLookupListTable(file, data + offset_lookup_list, + length - offset_lookup_list, + &kGposLookupSubtableParser, + &gpos->num_lookups)) { + DROP_THIS_TABLE("Failed to parse lookup list table"); + return true; + } } uint16_t num_features = 0; - if (!ParseFeatureListTable(file, data + offset_feature_list, - length - offset_feature_list, gpos->num_lookups, - &num_features)) { - DROP_THIS_TABLE("Failed to parse feature list table"); - return true; + if (offset_feature_list) { + if (offset_feature_list < kGposHeaderSize || offset_feature_list >= length) { + DROP_THIS_TABLE("Bad feature list offset in table header"); + return true; + } + + if (!ParseFeatureListTable(file, data + offset_feature_list, + length - offset_feature_list, gpos->num_lookups, + &num_features)) { + DROP_THIS_TABLE("Failed to parse feature list table"); + return true; + } } - if (!ParseScriptListTable(file, data + offset_script_list, - length - offset_script_list, num_features)) { - DROP_THIS_TABLE("Failed to parse script list table"); - return true; + if (offset_script_list) { + if (offset_script_list < kGposHeaderSize || offset_script_list >= length) { + DROP_THIS_TABLE("Bad script list offset in table header"); + return true; + } + + if (!ParseScriptListTable(file, data + offset_script_list, + length - offset_script_list, num_features)) { + DROP_THIS_TABLE("Failed to parse script list table"); + return true; + } } gpos->data = data; diff --git a/gfx/ots/src/gsub.cc b/gfx/ots/src/gsub.cc index 9d7d75e7382..4ff4214e343 100644 --- a/gfx/ots/src/gsub.cc +++ b/gfx/ots/src/gsub.cc @@ -614,36 +614,48 @@ bool ots_gsub_parse(OpenTypeFile *file, const uint8_t *data, size_t length) { DROP_THIS_TABLE("Bad version"); return true; } - if ((offset_script_list < kGsubHeaderSize || - offset_script_list >= length) || - (offset_feature_list < kGsubHeaderSize || - offset_feature_list >= length) || - (offset_lookup_list < kGsubHeaderSize || - offset_lookup_list >= length)) { - DROP_THIS_TABLE("Bad offset in table header"); - return true; - } - if (!ParseLookupListTable(file, data + offset_lookup_list, - length - offset_lookup_list, - &kGsubLookupSubtableParser, - &gsub->num_lookups)) { - DROP_THIS_TABLE("Failed to parse lookup list table"); - return true; + if (offset_lookup_list) { + if (offset_lookup_list < kGsubHeaderSize || offset_lookup_list >= length) { + DROP_THIS_TABLE("Bad lookup list offset in table header"); + return true; + } + + if (!ParseLookupListTable(file, data + offset_lookup_list, + length - offset_lookup_list, + &kGsubLookupSubtableParser, + &gsub->num_lookups)) { + DROP_THIS_TABLE("Failed to parse lookup list table"); + return true; + } } uint16_t num_features = 0; - if (!ParseFeatureListTable(file, data + offset_feature_list, - length - offset_feature_list, gsub->num_lookups, - &num_features)) { - DROP_THIS_TABLE("Failed to parse feature list table"); - return true; + if (offset_feature_list) { + if (offset_feature_list < kGsubHeaderSize || offset_feature_list >= length) { + DROP_THIS_TABLE("Bad feature list offset in table header"); + return true; + } + + if (!ParseFeatureListTable(file, data + offset_feature_list, + length - offset_feature_list, gsub->num_lookups, + &num_features)) { + DROP_THIS_TABLE("Failed to parse feature list table"); + return true; + } } - if (!ParseScriptListTable(file, data + offset_script_list, - length - offset_script_list, num_features)) { - DROP_THIS_TABLE("Failed to parse script list table"); - return true; + if (offset_script_list) { + if (offset_script_list < kGsubHeaderSize || offset_script_list >= length) { + DROP_THIS_TABLE("Bad script list offset in table header"); + return true; + } + + if (!ParseScriptListTable(file, data + offset_script_list, + length - offset_script_list, num_features)) { + DROP_THIS_TABLE("Failed to parse script list table"); + return true; + } } gsub->data = data;