# HG changeset patch # User prr # Date 1426024375 25200 # Node ID 19bab48772f474e4c310bcf59a85eab6eb648e3c # Parent 9cbd15400b321d1d28179013cdb59cf5a30fa135 8071715: Tune font layout engine Reviewed-by: srl, bae, mschoene diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/ContextualGlyphInsertionProc2.cpp --- a/src/share/native/sun/font/layout/ContextualGlyphInsertionProc2.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/ContextualGlyphInsertionProc2.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -107,6 +107,10 @@ le_int16 markIndex = SWAPW(entry->markedInsertionListIndex); if (markIndex > 0) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_int16 count = (flags & cgiMarkedInsertCountMask) >> 5; le_bool isKashidaLike = (flags & cgiMarkedIsKashidaLike); le_bool isBefore = (flags & cgiMarkInsertBefore); @@ -115,6 +119,10 @@ le_int16 currIndex = SWAPW(entry->currentInsertionListIndex); if (currIndex > 0) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_int16 count = flags & cgiCurrentInsertCountMask; le_bool isKashidaLike = (flags & cgiCurrentIsKashidaLike); le_bool isBefore = (flags & cgiCurrentInsertBefore); diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp --- a/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -76,6 +76,10 @@ WordOffset currOffset = SWAPW(entry->currOffset); if (markOffset != 0 && LE_SUCCESS(success)) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } LEGlyphID mGlyph = glyphStorage[markGlyph]; TTGlyphID newGlyph = SWAPW(int16Table.getObject(markOffset + LE_GET_GLYPH(mGlyph), success)); // whew. @@ -83,6 +87,10 @@ } if (currOffset != 0) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } LEGlyphID thisGlyph = glyphStorage[currGlyph]; TTGlyphID newGlyph = SWAPW(int16Table.getObject(currOffset + LE_GET_GLYPH(thisGlyph), success)); // whew. diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/ContextualGlyphSubstProc2.cpp --- a/src/share/native/sun/font/layout/ContextualGlyphSubstProc2.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/ContextualGlyphSubstProc2.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -70,17 +70,25 @@ if(LE_FAILURE(success)) return 0; le_uint16 newState = SWAPW(entry->newStateIndex); le_uint16 flags = SWAPW(entry->flags); - le_int16 markIndex = SWAPW(entry->markIndex); - le_int16 currIndex = SWAPW(entry->currIndex); + le_uint16 markIndex = SWAPW(entry->markIndex); + le_uint16 currIndex = SWAPW(entry->currIndex); - if (markIndex != -1) { + if (markIndex != 0x0FFFF) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_uint32 offset = SWAPL(perGlyphTable(markIndex, success)); LEGlyphID mGlyph = glyphStorage[markGlyph]; TTGlyphID newGlyph = lookup(offset, mGlyph, success); glyphStorage[markGlyph] = LE_SET_GLYPH(mGlyph, newGlyph); } - if (currIndex != -1) { + if (currIndex != 0x0FFFF) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_uint32 offset = SWAPL(perGlyphTable(currIndex, success)); LEGlyphID thisGlyph = glyphStorage[currGlyph]; TTGlyphID newGlyph = lookup(offset, thisGlyph, success); diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp --- a/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -70,6 +70,11 @@ ByteOffset newState = SWAPW(entry->newStateOffset); IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } + if (flags & irfMarkFirst) { firstGlyph = currGlyph; } diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/IndicRearrangementProcessor2.cpp --- a/src/share/native/sun/font/layout/IndicRearrangementProcessor2.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/IndicRearrangementProcessor2.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -68,6 +68,11 @@ le_uint16 newState = SWAPW(entry->newStateIndex); // index to the new state IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } + if (flags & irfMarkFirst) { firstGlyph = currGlyph; } diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/LigatureSubstProc.cpp --- a/src/share/native/sun/font/layout/LigatureSubstProc.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/LigatureSubstProc.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -73,7 +73,7 @@ const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success); ByteOffset newState = SWAPW(entry->newStateOffset); - le_int16 flags = SWAPW(entry->flags); + le_uint16 flags = SWAPW(entry->flags); if (flags & lsfSetComponent) { if (++m >= nComponents) { diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/StateTableProcessor.cpp --- a/src/share/native/sun/font/layout/StateTableProcessor.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/StateTableProcessor.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -85,6 +85,7 @@ if (currGlyph == glyphCount) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/StateTableProcessor2.cpp --- a/src/share/native/sun/font/layout/StateTableProcessor2.cpp Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/StateTableProcessor2.cpp Tue Mar 10 14:52:55 2015 -0700 @@ -103,6 +103,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { LEGlyphID gid = glyphStorage[currGlyph]; TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); @@ -134,6 +135,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { LEGlyphID gid = glyphStorage[currGlyph]; TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); @@ -171,6 +173,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else if(currGlyph > glyphCount) { // note if > glyphCount, we've run off the end (bad font) currGlyph = glyphCount; @@ -211,6 +214,7 @@ if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); if (glyphCode == 0xFFFF) { diff -r 9cbd15400b32 -r 19bab48772f4 src/share/native/sun/font/layout/StateTables.h --- a/src/share/native/sun/font/layout/StateTables.h Fri Jul 03 19:25:05 2015 +0100 +++ b/src/share/native/sun/font/layout/StateTables.h Tue Mar 10 14:52:55 2015 -0700 @@ -126,7 +126,7 @@ struct StateEntry { ByteOffset newStateOffset; - le_int16 flags; + le_uint16 flags; }; typedef le_uint16 EntryTableIndex2;