Google Git
Sign in
skia / third_party / freetype2 / fdbef538f41198a59af8bebfc2841e3ce25b10d1^! / .
commitfdbef538f41198a59af8bebfc2841e3ce25b10d1[log] [tgz]
authorDave Arnold <darnold@adobe.com>Fri Mar 17 07:28:11 2017 +0100
committerWerner Lemberg <wl@gnu.org>Fri Mar 17 07:28:11 2017 +0100
treeab2775fb78f3c8854519fc5276b514566d437977
parent0bf95b585e5a44e6999ebd54ad2b1913e5e885a8 [diff]
[cff] Fix potential bugs in default NDV for CFF2.

* src/cff/cffload.c (cff_blend_build_vector): Explicitly build blend
vector when `lenNDV' is zero; don't rely on zero-init.
Save `lenNDV' as part of cache key even when `lenNDV' is zero.

diff --git a/ChangeLog b/ChangeLog
index 86a5818..8035e62 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,13 @@
 2017-03-17  Dave Arnold <darnold@adobe.com>
 
+	[cff] Fix potential bugs in default NDV for CFF2.
+
+	* src/cff/cffload.c (cff_blend_build_vector): Explicitly build blend
+	vector when `lenNDV' is zero; don't rely on zero-init.
+	Save `lenNDV' as part of cache key even when `lenNDV' is zero.
+
+2017-03-17  Dave Arnold <darnold@adobe.com>
+
 	[cff] Fix CFF2 stack allocation.
 
 	* src/cff/cffparse.c (cff_parser_init) add 1 for operator.

diff --git a/src/cff/cffload.c b/src/cff/cffload.c
index ed93fb5..91e74f3 100644
--- a/src/cff/cffload.c
+++ b/src/cff/cffload.c

@@ -1463,10 +1463,15 @@
 
       /* Note: `lenNDV' could be zero.                              */
       /*       In that case, build default blend vector (1,0,0...). */
-      /*       In the normal case, initialize each component to 1   */
-      /*       before inner loop.                                   */
-      if ( lenNDV != 0 )
-        blend->BV[master] = FT_FIXED_ONE; /* default */
+      if ( !lenNDV )
+      {
+        blend->BV[master] = 0;
+        continue;
+      }
+
+      /* In the normal case, initialize each component to 1 */
+      /* before inner loop.                                 */
+      blend->BV[master] = FT_FIXED_ONE; /* default */
 
       /* inner loop steps through axes in this region */
       for ( j = 0; j < lenNDV; j++ )
@@ -1529,12 +1534,12 @@
                        lenNDV * sizeof ( *NDV ) ) )
         goto Exit;
 
-      blend->lenNDV = lenNDV;
       FT_MEM_COPY( blend->lastNDV,
                    NDV,
                    lenNDV * sizeof ( *NDV ) );
     }
 
+    blend->lenNDV  = lenNDV;
     blend->builtBV = TRUE;
 
   Exit:

diff --git a/src/cff/cfftypes.h b/src/cff/cfftypes.h
index 8d43e28..74f569f 100644
--- a/src/cff/cfftypes.h
+++ b/src/cff/cfftypes.h

@@ -112,8 +112,8 @@
     FT_UInt  shortDeltaCount; /* not used; always zero */
 #endif
 
-    FT_UInt   regionIdxCount; /* number of regions in this var data */
-    FT_UInt*  regionIndices;  /* array of `regionCount' indices;    */
+    FT_UInt   regionIdxCount; /* number of region indexes           */
+    FT_UInt*  regionIndices;  /* array of `regionIdxCount' indices; */
                               /* these index `varRegionList'        */
   } CFF_VarData;