From 44d6ebdeba18b97d316333f446d37ea606cfadd8 Mon Sep 17 00:00:00 2001 From: Phil Race Date: Mon, 9 Mar 2015 16:44:39 -0700 Subject: [PATCH] 8071715: Tune font layout engine Reviewed-by: srl, bae, mschoene --- .../layout/ContextualGlyphInsertionProc2.cpp | 8 ++++++++ .../layout/ContextualGlyphSubstProc.cpp | 8 ++++++++ .../layout/ContextualGlyphSubstProc2.cpp | 16 ++++++++++++---- .../layout/IndicRearrangementProcessor.cpp | 5 +++++ .../layout/IndicRearrangementProcessor2.cpp | 5 +++++ .../libfontmanager/layout/LigatureSubstProc.cpp | 2 +- .../layout/StateTableProcessor.cpp | 1 + .../layout/StateTableProcessor2.cpp | 4 ++++ .../native/libfontmanager/layout/StateTables.h | 2 +- 9 files changed, 45 insertions(+), 6 deletions(-) diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphInsertionProc2.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphInsertionProc2.cpp index 85f9fc7ab22..40fefefe375 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphInsertionProc2.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphInsertionProc2.cpp @@ -107,6 +107,10 @@ le_uint16 ContextualGlyphInsertionProcessor2::processStateEntry(LEGlyphStorage & le_int16 markIndex = SWAPW(entry->markedInsertionListIndex); if (markIndex > 0) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_int16 count = (flags & cgiMarkedInsertCountMask) >> 5; le_bool isKashidaLike = (flags & cgiMarkedIsKashidaLike); le_bool isBefore = (flags & cgiMarkInsertBefore); @@ -115,6 +119,10 @@ le_uint16 ContextualGlyphInsertionProcessor2::processStateEntry(LEGlyphStorage & le_int16 currIndex = SWAPW(entry->currentInsertionListIndex); if (currIndex > 0) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_int16 count = flags & cgiCurrentInsertCountMask; le_bool isKashidaLike = (flags & cgiCurrentIsKashidaLike); le_bool isBefore = (flags & cgiCurrentInsertBefore); diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc.cpp index 87fdf4d3aab..63f7b644fec 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc.cpp @@ -76,6 +76,10 @@ ByteOffset ContextualGlyphSubstitutionProcessor::processStateEntry(LEGlyphStorag WordOffset currOffset = SWAPW(entry->currOffset); if (markOffset != 0 && LE_SUCCESS(success)) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } LEGlyphID mGlyph = glyphStorage[markGlyph]; TTGlyphID newGlyph = SWAPW(int16Table.getObject(markOffset + LE_GET_GLYPH(mGlyph), success)); // whew. @@ -83,6 +87,10 @@ ByteOffset ContextualGlyphSubstitutionProcessor::processStateEntry(LEGlyphStorag } if (currOffset != 0) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } LEGlyphID thisGlyph = glyphStorage[currGlyph]; TTGlyphID newGlyph = SWAPW(int16Table.getObject(currOffset + LE_GET_GLYPH(thisGlyph), success)); // whew. diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc2.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc2.cpp index f6d93b48bf7..a59096eb1d0 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc2.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/ContextualGlyphSubstProc2.cpp @@ -70,17 +70,25 @@ le_uint16 ContextualGlyphSubstitutionProcessor2::processStateEntry(LEGlyphStorag if(LE_FAILURE(success)) return 0; le_uint16 newState = SWAPW(entry->newStateIndex); le_uint16 flags = SWAPW(entry->flags); - le_int16 markIndex = SWAPW(entry->markIndex); - le_int16 currIndex = SWAPW(entry->currIndex); + le_uint16 markIndex = SWAPW(entry->markIndex); + le_uint16 currIndex = SWAPW(entry->currIndex); - if (markIndex != -1) { + if (markIndex != 0x0FFFF) { + if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_uint32 offset = SWAPL(perGlyphTable(markIndex, success)); LEGlyphID mGlyph = glyphStorage[markGlyph]; TTGlyphID newGlyph = lookup(offset, mGlyph, success); glyphStorage[markGlyph] = LE_SET_GLYPH(mGlyph, newGlyph); } - if (currIndex != -1) { + if (currIndex != 0x0FFFF) { + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } le_uint32 offset = SWAPL(perGlyphTable(currIndex, success)); LEGlyphID thisGlyph = glyphStorage[currGlyph]; TTGlyphID newGlyph = lookup(offset, thisGlyph, success); diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.cpp index 3ae26be484c..a5f308844a3 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor.cpp @@ -70,6 +70,11 @@ ByteOffset IndicRearrangementProcessor::processStateEntry(LEGlyphStorage &glyphS ByteOffset newState = SWAPW(entry->newStateOffset); IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } + if (flags & irfMarkFirst) { firstGlyph = currGlyph; } diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.cpp index 4d531b2a03d..1cf169b7686 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/IndicRearrangementProcessor2.cpp @@ -68,6 +68,11 @@ le_uint16 IndicRearrangementProcessor2::processStateEntry(LEGlyphStorage &glyphS le_uint16 newState = SWAPW(entry->newStateIndex); // index to the new state IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags); + if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) { + success = LE_INDEX_OUT_OF_BOUNDS_ERROR; + return 0; + } + if (flags & irfMarkFirst) { firstGlyph = currGlyph; } diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc.cpp index ecb966e1bde..5a94563fa5b 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/LigatureSubstProc.cpp @@ -73,7 +73,7 @@ ByteOffset LigatureSubstitutionProcessor::processStateEntry(LEGlyphStorage &glyp const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success); ByteOffset newState = SWAPW(entry->newStateOffset); - le_int16 flags = SWAPW(entry->flags); + le_uint16 flags = SWAPW(entry->flags); if (flags & lsfSetComponent) { if (++m >= nComponents) { diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor.cpp index 9924a903708..f5bef5f3038 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor.cpp @@ -85,6 +85,7 @@ void StateTableProcessor::process(LEGlyphStorage &glyphStorage, LEErrorCode &suc if (currGlyph == glyphCount) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor2.cpp b/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor2.cpp index e00a2d09d2e..9aa097a6f52 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor2.cpp +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTableProcessor2.cpp @@ -103,6 +103,7 @@ void StateTableProcessor2::process(LEGlyphStorage &glyphStorage, LEErrorCode &su if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { LEGlyphID gid = glyphStorage[currGlyph]; TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); @@ -134,6 +135,7 @@ void StateTableProcessor2::process(LEGlyphStorage &glyphStorage, LEErrorCode &su if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { LEGlyphID gid = glyphStorage[currGlyph]; TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid); @@ -171,6 +173,7 @@ void StateTableProcessor2::process(LEGlyphStorage &glyphStorage, LEErrorCode &su if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else if(currGlyph > glyphCount) { // note if > glyphCount, we've run off the end (bad font) currGlyph = glyphCount; @@ -211,6 +214,7 @@ void StateTableProcessor2::process(LEGlyphStorage &glyphStorage, LEErrorCode &su if (currGlyph == glyphCount || currGlyph == -1) { // XXX: How do we handle EOT vs. EOL? classCode = classCodeEOT; + break; } else { TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]); if (glyphCode == 0xFFFF) { diff --git a/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTables.h b/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTables.h index 9ba6da51295..fb09aee1ce5 100644 --- a/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTables.h +++ b/jdk/src/java.desktop/share/native/libfontmanager/layout/StateTables.h @@ -126,7 +126,7 @@ typedef le_uint8 EntryTableIndex; struct StateEntry { ByteOffset newStateOffset; - le_int16 flags; + le_uint16 flags; }; typedef le_uint16 EntryTableIndex2;