--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -76,14 +76,14 @@
}
if (flags & irfMarkFirst) {
- firstGlyph = currGlyph;
+ firstGlyph = (le_uint32)currGlyph;
}
if (flags & irfMarkLast) {
- lastGlyph = currGlyph;
+ lastGlyph = (le_uint32)currGlyph;
}
- doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask));
+ doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success);
if (!(flags & irfDontAdvance)) {
// XXX: Should handle reverse too...
@@ -97,18 +97,29 @@
{
}
-void IndicRearrangementProcessor::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const
+void IndicRearrangementProcessor::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const
{
LEGlyphID a, b, c, d;
le_int32 ia, ib, ic, id, ix, x;
- LEErrorCode success = LE_NO_ERROR;
+
+ if (LE_FAILURE(success)) return;
+
+ if (verb == irvNoAction) {
+ return;
+ }
+ if (firstGlyph > lastGlyph) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return;
+ }
switch(verb)
{
- case irvNoAction:
+ case irvxA:
+ if (firstGlyph == lastGlyph) break;
+ if (firstGlyph + 1 < firstGlyph) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
break;
-
- case irvxA:
+ }
a = glyphStorage[firstGlyph];
ia = glyphStorage.getCharIndex(firstGlyph, success);
x = firstGlyph + 1;
@@ -125,6 +136,11 @@
break;
case irvDx:
+ if (firstGlyph == lastGlyph) break;
+ if (lastGlyph - 1 > lastGlyph) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
d = glyphStorage[lastGlyph];
id = glyphStorage.getCharIndex(lastGlyph, success);
x = lastGlyph - 1;
@@ -153,6 +169,11 @@
break;
case irvxAB:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 1)) { // difference == 1 is a no-op, < 1 is an error.
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
ia = glyphStorage.getCharIndex(firstGlyph, success);
@@ -174,6 +195,11 @@
break;
case irvxBA:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 1)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
ia = glyphStorage.getCharIndex(firstGlyph, success);
@@ -195,6 +221,11 @@
break;
case irvCDx:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 1)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
ic = glyphStorage.getCharIndex(lastGlyph - 1, success);
@@ -216,6 +247,11 @@
break;
case irvDCx:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 1)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
ic = glyphStorage.getCharIndex(lastGlyph - 1, success);
@@ -237,6 +273,11 @@
break;
case irvCDxA:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
@@ -262,6 +303,11 @@
break;
case irvDCxA:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
@@ -287,6 +333,11 @@
break;
case irvDxAB:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
d = glyphStorage[lastGlyph];
@@ -312,6 +363,11 @@
break;
case irvDxBA:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
d = glyphStorage[lastGlyph];
@@ -337,6 +393,10 @@
break;
case irvCDxAB:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
@@ -359,6 +419,10 @@
break;
case irvCDxBA:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
@@ -381,6 +445,10 @@
break;
case irvDCxAB:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
@@ -403,6 +471,10 @@
break;
case irvDCxBA:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.h Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.h Wed Jul 29 11:04:39 2015 -0700
@@ -56,7 +56,7 @@
virtual void endStateTable();
- void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const;
+ void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const;
IndicRearrangementProcessor(const LEReferenceTo<MorphSubtableHeader> &morphSubtableHeader, LEErrorCode &success);
virtual ~IndicRearrangementProcessor();
@@ -76,8 +76,8 @@
static UClassID getStaticClassID();
protected:
- le_int32 firstGlyph;
- le_int32 lastGlyph;
+ le_uint32 firstGlyph;
+ le_uint32 lastGlyph;
LEReferenceTo<IndicRearrangementSubtableHeader> indicRearrangementSubtableHeader;
LEReferenceToArrayOf<IndicRearrangementStateEntry> entryTable;
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -74,14 +74,14 @@
}
if (flags & irfMarkFirst) {
- firstGlyph = currGlyph;
+ firstGlyph = (le_uint32)currGlyph;
}
if (flags & irfMarkLast) {
- lastGlyph = currGlyph;
+ lastGlyph = (le_uint32)currGlyph;
}
- doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask));
+ doRearrangementAction(glyphStorage, (IndicRearrangementVerb) (flags & irfVerbMask), success);
if (!(flags & irfDontAdvance)) {
currGlyph += dir;
@@ -94,18 +94,29 @@
{
}
-void IndicRearrangementProcessor2::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const
+void IndicRearrangementProcessor2::doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const
{
LEGlyphID a, b, c, d;
le_int32 ia, ib, ic, id, ix, x;
- LEErrorCode success = LE_NO_ERROR;
+
+ if (LE_FAILURE(success)) return;
+
+ if (verb == irvNoAction) {
+ return;
+ }
+ if (firstGlyph > lastGlyph) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return;
+ }
switch(verb)
{
- case irvNoAction:
+ case irvxA:
+ if (firstGlyph == lastGlyph) break;
+ if (firstGlyph + 1 < firstGlyph) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
break;
-
- case irvxA:
+ }
a = glyphStorage[firstGlyph];
ia = glyphStorage.getCharIndex(firstGlyph, success);
x = firstGlyph + 1;
@@ -122,6 +133,11 @@
break;
case irvDx:
+ if (firstGlyph == lastGlyph) break;
+ if (lastGlyph - 1 > lastGlyph) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
d = glyphStorage[lastGlyph];
id = glyphStorage.getCharIndex(lastGlyph, success);
x = lastGlyph - 1;
@@ -150,6 +166,11 @@
break;
case irvxAB:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 1)) { // difference == 1 is a no-op, < 1 is an error.
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
ia = glyphStorage.getCharIndex(firstGlyph, success);
@@ -171,6 +192,11 @@
break;
case irvxBA:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 1)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
ia = glyphStorage.getCharIndex(firstGlyph, success);
@@ -192,6 +218,11 @@
break;
case irvCDx:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 1)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
ic = glyphStorage.getCharIndex(lastGlyph - 1, success);
@@ -213,6 +244,11 @@
break;
case irvDCx:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 1)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
ic = glyphStorage.getCharIndex(lastGlyph - 1, success);
@@ -234,6 +270,11 @@
break;
case irvCDxA:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
@@ -259,6 +300,11 @@
break;
case irvDCxA:
+ if ((lastGlyph - 2 > lastGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
c = glyphStorage[lastGlyph - 1];
d = glyphStorage[lastGlyph];
@@ -284,6 +330,11 @@
break;
case irvDxAB:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
d = glyphStorage[lastGlyph];
@@ -309,6 +360,11 @@
break;
case irvDxBA:
+ if ((firstGlyph + 2 < firstGlyph) ||
+ (lastGlyph - firstGlyph < 2)) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
d = glyphStorage[lastGlyph];
@@ -334,6 +390,10 @@
break;
case irvCDxAB:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
@@ -356,6 +416,10 @@
break;
case irvCDxBA:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
@@ -378,6 +442,10 @@
break;
case irvDCxAB:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
@@ -400,6 +468,10 @@
break;
case irvDCxBA:
+ if (lastGlyph - firstGlyph < 3) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ break;
+ }
a = glyphStorage[firstGlyph];
b = glyphStorage[firstGlyph + 1];
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.h Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.h Wed Jul 29 11:04:39 2015 -0700
@@ -56,7 +56,7 @@
virtual void endStateTable();
- void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb) const;
+ void doRearrangementAction(LEGlyphStorage &glyphStorage, IndicRearrangementVerb verb, LEErrorCode &success) const;
IndicRearrangementProcessor2(const LEReferenceTo<MorphSubtableHeader2> &morphSubtableHeader, LEErrorCode &success);
virtual ~IndicRearrangementProcessor2();
@@ -76,8 +76,8 @@
static UClassID getStaticClassID();
protected:
- le_int32 firstGlyph;
- le_int32 lastGlyph;
+ le_uint32 firstGlyph;
+ le_uint32 lastGlyph;
LEReferenceToArrayOf<IndicRearrangementStateEntry2> entryTable;
LEReferenceTo<IndicRearrangementSubtableHeader2> indicRearrangementSubtableHeader;
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/MorphTables.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/MorphTables.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -75,6 +75,7 @@
return;
}
subtableHeader.addOffset(length, success);
+ if (LE_FAILURE(success)) break;
}
SubtableCoverage coverage = SWAPW(subtableHeader->coverage);
FeatureFlags subtableFeatures = SWAPL(subtableHeader->subtableFeatures);
@@ -91,6 +92,8 @@
{
SubtableProcessor *processor = NULL;
+ if (LE_FAILURE(success)) return;
+
switch (SWAPW(coverage) & scfTypeMask)
{
case mstIndicRearrangement:
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/MorphTables2.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/MorphTables2.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -197,6 +197,7 @@
return;
}
subtableHeader.addOffset(length, success); // Don't addOffset for the last entry.
+ if (LE_FAILURE(success)) break;
}
le_uint32 coverage = SWAPL(subtableHeader->coverage);
FeatureFlags subtableFeatures = SWAPL(subtableHeader->subtableFeatures);
@@ -212,6 +213,8 @@
{
SubtableProcessor2 *processor = NULL;
+ if (LE_FAILURE(success)) return;
+
switch (SWAPL(coverage) & scfTypeMask2)
{
case mstIndicRearrangement:
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/SegmentArrayProcessor.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/SegmentArrayProcessor.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -63,6 +63,8 @@
le_int32 glyphCount = glyphStorage.getGlyphCount();
le_int32 glyph;
+ if (LE_FAILURE(success)) return;
+
for (glyph = 0; glyph < glyphCount; glyph += 1) {
LEGlyphID thisGlyph = glyphStorage[glyph];
const LookupSegment *lookupSegment = segmentArrayLookupTable->lookupSegment(segmentArrayLookupTable, segments, thisGlyph, success);
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/SegmentArrayProcessor2.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/SegmentArrayProcessor2.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -63,6 +63,8 @@
le_int32 glyphCount = glyphStorage.getGlyphCount();
le_int32 glyph;
+ if (LE_FAILURE(success)) return;
+
for (glyph = 0; glyph < glyphCount; glyph += 1) {
LEGlyphID thisGlyph = glyphStorage[glyph];
// lookupSegment already range checked by lookupSegment() function.
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/SegmentSingleProcessor2.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/SegmentSingleProcessor2.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -64,6 +64,8 @@
le_int32 glyphCount = glyphStorage.getGlyphCount();
le_int32 glyph;
+ if (LE_FAILURE(success)) return;
+
for (glyph = 0; glyph < glyphCount; glyph += 1) {
LEGlyphID thisGlyph = glyphStorage[glyph];
const LookupSegment *lookupSegment = segmentSingleLookupTable->lookupSegment(segmentSingleLookupTable, segments, thisGlyph, success);
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/SimpleArrayProcessor2.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/SimpleArrayProcessor2.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -61,10 +61,11 @@
void SimpleArrayProcessor2::process(LEGlyphStorage &glyphStorage, LEErrorCode &success)
{
- if (LE_FAILURE(success)) return;
le_int32 glyphCount = glyphStorage.getGlyphCount();
le_int32 glyph;
+ if (LE_FAILURE(success)) return;
+
for (glyph = 0; glyph < glyphCount; glyph += 1) {
LEGlyphID thisGlyph = glyphStorage[glyph];
if (LE_GET_GLYPH(thisGlyph) < 0xFFFF) {
--- a/jdk/src/java.desktop/share/native/libfontmanager/layout/SingleTableProcessor.cpp Fri Jul 24 09:44:32 2015 -0700
+++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/SingleTableProcessor.cpp Wed Jul 29 11:04:39 2015 -0700
@@ -63,6 +63,8 @@
le_int32 glyph;
le_int32 glyphCount = glyphStorage.getGlyphCount();
+ if (LE_FAILURE(success)) return;
+
for (glyph = 0; glyph < glyphCount; glyph += 1) {
const LookupSingle *lookupSingle = singleTableLookupTable->lookupSingle(singleTableLookupTable, entries, glyphStorage[glyph], success);