aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPo Lu2023-09-23 10:07:38 +0800
committerPo Lu2023-09-23 10:07:38 +0800
commit5bd6f963f682c7ab332d8c640e67ff66a6bb4a96 (patch)
tree7fb459d8ac09fe4fded088a0d09e3a89bf17181b /src
parent3a1e65bd8ead5f8376e2794500e57315d294c5aa (diff)
downloademacs-5bd6f963f682c7ab332d8c640e67ff66a6bb4a96.tar.gz
emacs-5bd6f963f682c7ab332d8c640e67ff66a6bb4a96.zip
Correct comparisons between size_t and ssize_t
* src/sfnt.c (sfnt_read_table_directory, sfnt_read_cmap_format_0) (sfnt_read_cmap_format_2, sfnt_read_cmap_format_4) (sfnt_read_cmap_format_6, sfnt_read_cmap_format_8) (sfnt_read_cmap_format_12, sfnt_read_cmap_format_14) (sfnt_read_cmap_table_1, sfnt_read_cmap_table) (sfnt_read_head_table, sfnt_read_hhea_table, sfnt_read_maxp_table) (sfnt_read_glyf_table, sfnt_read_hmtx_table, sfnt_read_name_table) (sfnt_read_meta_table, sfnt_read_ttc_header) (sfnt_read_default_uvs_table, sfnt_read_nondefault_uvs_table) (sfnt_read_fvar_table, sfnt_read_gvar_table, sfnt_read_avar_table) (sfnt_read_cvar_table, sfnt_read_OS_2_table): * src/sfntfont.c (sfnt_enum_font): Revise code written with only signed `long' in mind to properly compare size_t values with ssize_t.
Diffstat (limited to 'src')
-rw-r--r--src/sfnt.c108
-rw-r--r--src/sfntfont.c9
2 files changed, 62 insertions, 55 deletions
diff --git a/src/sfnt.c b/src/sfnt.c
index 9340d8abc66..360b0cd2d4d 100644
--- a/src/sfnt.c
+++ b/src/sfnt.c
@@ -202,9 +202,9 @@ sfnt_read_table_directory (int fd)
202 range_shift, uint16_t); 202 range_shift, uint16_t);
203 rc = read (fd, subtable, offset); 203 rc = read (fd, subtable, offset);
204 204
205 if (rc < offset) 205 if (rc == -1 || rc < offset)
206 { 206 {
207 if (rc >= sizeof (uint32_t)) 207 if (rc != -1 && rc >= sizeof (uint32_t))
208 { 208 {
209 /* Detect a TTC file. In that case, the first long will be 209 /* Detect a TTC file. In that case, the first long will be
210 ``ttcf''. */ 210 ``ttcf''. */
@@ -247,7 +247,7 @@ sfnt_read_table_directory (int fd)
247 247
248 rc = read (fd, subtable->subtables, subtable_size); 248 rc = read (fd, subtable->subtables, subtable_size);
249 249
250 if (rc < offset) 250 if (rc == -1 || rc < offset)
251 { 251 {
252 xfree (subtable); 252 xfree (subtable);
253 return NULL; 253 return NULL;
@@ -311,7 +311,7 @@ sfnt_read_cmap_format_0 (int fd,
311 language)); 311 language));
312 rc = read (fd, &format0->language, wanted_size); 312 rc = read (fd, &format0->language, wanted_size);
313 313
314 if (rc < wanted_size) 314 if (rc == -1 || rc < wanted_size)
315 { 315 {
316 xfree (format0); 316 xfree (format0);
317 return (struct sfnt_cmap_format_0 *) -1; 317 return (struct sfnt_cmap_format_0 *) -1;
@@ -349,7 +349,7 @@ sfnt_read_cmap_format_2 (int fd,
349 /* Read the part before the variable length data. */ 349 /* Read the part before the variable length data. */
350 min_bytes -= offsetof (struct sfnt_cmap_format_2, language); 350 min_bytes -= offsetof (struct sfnt_cmap_format_2, language);
351 rc = read (fd, &format2->language, min_bytes); 351 rc = read (fd, &format2->language, min_bytes);
352 if (rc < min_bytes) 352 if (rc == -1 || rc < min_bytes)
353 { 353 {
354 xfree (format2); 354 xfree (format2);
355 return (struct sfnt_cmap_format_2 *) -1; 355 return (struct sfnt_cmap_format_2 *) -1;
@@ -383,7 +383,7 @@ sfnt_read_cmap_format_2 (int fd,
383 - SFNT_ENDOF (struct sfnt_cmap_format_2, 383 - SFNT_ENDOF (struct sfnt_cmap_format_2,
384 sub_header_keys, uint16_t[256])); 384 sub_header_keys, uint16_t[256]));
385 rc = read (fd, format2 + 1, min_bytes); 385 rc = read (fd, format2 + 1, min_bytes);
386 if (rc < min_bytes) 386 if (rc == -1 || rc < min_bytes)
387 { 387 {
388 xfree (format2); 388 xfree (format2);
389 return (struct sfnt_cmap_format_2 *) -1; 389 return (struct sfnt_cmap_format_2 *) -1;
@@ -454,7 +454,7 @@ sfnt_read_cmap_format_4 (int fd,
454 /* Read the initial data. */ 454 /* Read the initial data. */
455 min_bytes -= offsetof (struct sfnt_cmap_format_4, language); 455 min_bytes -= offsetof (struct sfnt_cmap_format_4, language);
456 rc = read (fd, &format4->language, min_bytes); 456 rc = read (fd, &format4->language, min_bytes);
457 if (rc < min_bytes) 457 if (rc == -1 || rc < min_bytes)
458 { 458 {
459 xfree (format4); 459 xfree (format4);
460 return (struct sfnt_cmap_format_4 *) -1; 460 return (struct sfnt_cmap_format_4 *) -1;
@@ -490,7 +490,7 @@ sfnt_read_cmap_format_4 (int fd,
490 490
491 /* Read the rest of the bytes to the end of format4. */ 491 /* Read the rest of the bytes to the end of format4. */
492 rc = read (fd, format4 + 1, bytes_minus_format4); 492 rc = read (fd, format4 + 1, bytes_minus_format4);
493 if (rc < bytes_minus_format4) 493 if (rc == -1 || rc < bytes_minus_format4)
494 { 494 {
495 xfree (format4); 495 xfree (format4);
496 return (struct sfnt_cmap_format_4 *) -1; 496 return (struct sfnt_cmap_format_4 *) -1;
@@ -559,7 +559,7 @@ sfnt_read_cmap_format_6 (int fd,
559 /* Read the fixed size data. */ 559 /* Read the fixed size data. */
560 min_size -= offsetof (struct sfnt_cmap_format_6, language); 560 min_size -= offsetof (struct sfnt_cmap_format_6, language);
561 rc = read (fd, &format6->language, min_size); 561 rc = read (fd, &format6->language, min_size);
562 if (rc < min_size) 562 if (rc == -1 || rc < min_size)
563 { 563 {
564 xfree (format6); 564 xfree (format6);
565 return (struct sfnt_cmap_format_6 *) -1; 565 return (struct sfnt_cmap_format_6 *) -1;
@@ -583,7 +583,8 @@ sfnt_read_cmap_format_6 (int fd,
583 rc = read (fd, format6 + 1, 583 rc = read (fd, format6 + 1,
584 (format6->entry_count 584 (format6->entry_count
585 * sizeof *format6->glyph_index_array)); 585 * sizeof *format6->glyph_index_array));
586 if (rc < format6->entry_count * sizeof *format6->glyph_index_array) 586 if (rc == -1 || (rc < (format6->entry_count
587 * sizeof *format6->glyph_index_array)))
587 { 588 {
588 xfree (format6); 589 xfree (format6);
589 return (struct sfnt_cmap_format_6 *) -1; 590 return (struct sfnt_cmap_format_6 *) -1;
@@ -611,7 +612,7 @@ sfnt_read_cmap_format_8 (int fd,
611 uint32_t length, i; 612 uint32_t length, i;
612 613
613 /* Read the 32-bit length field. */ 614 /* Read the 32-bit length field. */
614 if (read (fd, &length, sizeof (length)) < sizeof (length)) 615 if (read (fd, &length, sizeof length) < (int) sizeof length)
615 return (struct sfnt_cmap_format_8 *) -1; 616 return (struct sfnt_cmap_format_8 *) -1;
616 617
617 /* Swap the 32-bit length field. */ 618 /* Swap the 32-bit length field. */
@@ -633,7 +634,7 @@ sfnt_read_cmap_format_8 (int fd,
633 /* Read the fixed length data. */ 634 /* Read the fixed length data. */
634 min_size -= offsetof (struct sfnt_cmap_format_8, language); 635 min_size -= offsetof (struct sfnt_cmap_format_8, language);
635 rc = read (fd, &format8->language, min_size); 636 rc = read (fd, &format8->language, min_size);
636 if (rc < min_size) 637 if (rc == -1 || rc < min_size)
637 { 638 {
638 xfree (format8); 639 xfree (format8);
639 return (struct sfnt_cmap_format_8 *) -1; 640 return (struct sfnt_cmap_format_8 *) -1;
@@ -669,7 +670,7 @@ sfnt_read_cmap_format_8 (int fd,
669 670
670 /* Now read the variable length data. */ 671 /* Now read the variable length data. */
671 rc = read (fd, format8 + 1, temp); 672 rc = read (fd, format8 + 1, temp);
672 if (rc < temp) 673 if (rc == -1 || rc < temp)
673 { 674 {
674 xfree (format8); 675 xfree (format8);
675 return (struct sfnt_cmap_format_8 *) -1; 676 return (struct sfnt_cmap_format_8 *) -1;
@@ -703,7 +704,7 @@ sfnt_read_cmap_format_12 (int fd,
703 uint32_t length, i; 704 uint32_t length, i;
704 705
705 /* Read the 32-bit length field. */ 706 /* Read the 32-bit length field. */
706 if (read (fd, &length, sizeof (length)) < sizeof (length)) 707 if (read (fd, &length, sizeof length) < (int) sizeof length)
707 return (struct sfnt_cmap_format_12 *) -1; 708 return (struct sfnt_cmap_format_12 *) -1;
708 709
709 /* Swap the 32-bit length field. */ 710 /* Swap the 32-bit length field. */
@@ -725,7 +726,7 @@ sfnt_read_cmap_format_12 (int fd,
725 /* Read the fixed length data. */ 726 /* Read the fixed length data. */
726 min_size -= offsetof (struct sfnt_cmap_format_12, language); 727 min_size -= offsetof (struct sfnt_cmap_format_12, language);
727 rc = read (fd, &format12->language, min_size); 728 rc = read (fd, &format12->language, min_size);
728 if (rc < min_size) 729 if (rc == -1 || rc < min_size)
729 { 730 {
730 xfree (format12); 731 xfree (format12);
731 return (struct sfnt_cmap_format_12 *) -1; 732 return (struct sfnt_cmap_format_12 *) -1;
@@ -761,7 +762,7 @@ sfnt_read_cmap_format_12 (int fd,
761 762
762 /* Now read the variable length data. */ 763 /* Now read the variable length data. */
763 rc = read (fd, format12 + 1, temp); 764 rc = read (fd, format12 + 1, temp);
764 if (rc < temp) 765 if (rc == -1 || rc < temp)
765 { 766 {
766 xfree (format12); 767 xfree (format12);
767 return (struct sfnt_cmap_format_12 *) -1; 768 return (struct sfnt_cmap_format_12 *) -1;
@@ -808,12 +809,12 @@ sfnt_read_cmap_format_14 (int fd,
808 uint32_t buffer1[2]; 809 uint32_t buffer1[2];
809 size_t size, temp; 810 size_t size, temp;
810 char buffer[3 + 4 + 4]; 811 char buffer[3 + 4 + 4];
811 int i; 812 uint32_t i;
812 813
813 /* Read the length field and number of variation selector 814 /* Read the length field and number of variation selector
814 records. */ 815 records. */
815 816
816 if (read (fd, buffer1, sizeof buffer1) < sizeof buffer1) 817 if (read (fd, buffer1, sizeof buffer1) < (int) sizeof buffer1)
817 return NULL; 818 return NULL;
818 819
819 length = buffer1[0]; 820 length = buffer1[0];
@@ -847,7 +848,7 @@ sfnt_read_cmap_format_14 (int fd,
847 848
848 for (i = 0; i < num_records; ++i) 849 for (i = 0; i < num_records; ++i)
849 { 850 {
850 if (read (fd, buffer, sizeof buffer) < sizeof buffer) 851 if (read (fd, buffer, sizeof buffer) < (int) sizeof buffer)
851 { 852 {
852 xfree (format14); 853 xfree (format14);
853 return NULL; 854 return NULL;
@@ -893,7 +894,7 @@ sfnt_read_cmap_table_1 (int fd, uint32_t directory_offset,
893 return (struct sfnt_cmap_encoding_subtable_data *) -1; 894 return (struct sfnt_cmap_encoding_subtable_data *) -1;
894 895
895 if (read (fd, &header.format, sizeof header.format) 896 if (read (fd, &header.format, sizeof header.format)
896 < sizeof header.format) 897 < (int) sizeof header.format)
897 return (struct sfnt_cmap_encoding_subtable_data *) -1; 898 return (struct sfnt_cmap_encoding_subtable_data *) -1;
898 899
899 sfnt_swap16 (&header.format); 900 sfnt_swap16 (&header.format);
@@ -905,7 +906,7 @@ sfnt_read_cmap_table_1 (int fd, uint32_t directory_offset,
905 if (header.format != 14) 906 if (header.format != 14)
906 { 907 {
907 if (read (fd, &header.length, sizeof header.length) 908 if (read (fd, &header.length, sizeof header.length)
908 < sizeof header.length) 909 < (int) sizeof header.length)
909 return (struct sfnt_cmap_encoding_subtable_data *) -1; 910 return (struct sfnt_cmap_encoding_subtable_data *) -1;
910 911
911 sfnt_swap16 (&header.length); 912 sfnt_swap16 (&header.length);
@@ -984,7 +985,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable *subtable,
984 cmap = xmalloc (sizeof *cmap); 985 cmap = xmalloc (sizeof *cmap);
985 rc = read (fd, cmap, sizeof *cmap); 986 rc = read (fd, cmap, sizeof *cmap);
986 987
987 if (rc < sizeof *cmap) 988 if (rc < (int) sizeof *cmap)
988 { 989 {
989 xfree (cmap); 990 xfree (cmap);
990 return NULL; 991 return NULL;
@@ -1011,7 +1012,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable *subtable,
1011 /* Read the common part of the new subtable. */ 1012 /* Read the common part of the new subtable. */
1012 rc = read (fd, &(*subtables)[i], sizeof (*subtables)[i]); 1013 rc = read (fd, &(*subtables)[i], sizeof (*subtables)[i]);
1013 1014
1014 if (rc < sizeof (*subtables)[i]) 1015 if (rc < (int) sizeof (*subtables)[i])
1015 { 1016 {
1016 xfree (cmap); 1017 xfree (cmap);
1017 xfree (*subtables); 1018 xfree (*subtables);
@@ -1430,7 +1431,7 @@ sfnt_read_head_table (int fd, struct sfnt_offset_subtable *subtable)
1430 head = xmalloc (sizeof *head); 1431 head = xmalloc (sizeof *head);
1431 rc = read (fd, head, sizeof *head); 1432 rc = read (fd, head, sizeof *head);
1432 1433
1433 if (rc < sizeof *head) 1434 if (rc < (int) sizeof *head)
1434 { 1435 {
1435 xfree (head); 1436 xfree (head);
1436 return NULL; 1437 return NULL;
@@ -1506,7 +1507,7 @@ sfnt_read_hhea_table (int fd, struct sfnt_offset_subtable *subtable)
1506 hhea = xmalloc (sizeof *hhea); 1507 hhea = xmalloc (sizeof *hhea);
1507 rc = read (fd, hhea, sizeof *hhea); 1508 rc = read (fd, hhea, sizeof *hhea);
1508 1509
1509 if (rc < sizeof *hhea) 1510 if (rc < (int) sizeof *hhea)
1510 { 1511 {
1511 xfree (hhea); 1512 xfree (hhea);
1512 return NULL; 1513 return NULL;
@@ -1669,7 +1670,7 @@ sfnt_read_maxp_table (int fd, struct sfnt_offset_subtable *subtable)
1669 size = MIN (directory->length, sizeof *maxp); 1670 size = MIN (directory->length, sizeof *maxp);
1670 rc = read (fd, maxp, size); 1671 rc = read (fd, maxp, size);
1671 1672
1672 if (rc < size) 1673 if (rc == -1 || rc < size)
1673 { 1674 {
1674 xfree (maxp); 1675 xfree (maxp);
1675 return NULL; 1676 return NULL;
@@ -1749,7 +1750,7 @@ sfnt_read_glyf_table (int fd, struct sfnt_offset_subtable *subtable)
1749 1750
1750 /* Read the glyph data. */ 1751 /* Read the glyph data. */
1751 rc = read (fd, glyf->glyphs, glyf->size); 1752 rc = read (fd, glyf->glyphs, glyf->size);
1752 if (rc < glyf->size) 1753 if (rc == -1 || rc < glyf->size)
1753 { 1754 {
1754 xfree (glyf); 1755 xfree (glyf);
1755 return NULL; 1756 return NULL;
@@ -4637,7 +4638,7 @@ sfnt_read_hmtx_table (int fd, struct sfnt_offset_subtable *subtable,
4637 4638
4638 /* Read into hmtx + 1. */ 4639 /* Read into hmtx + 1. */
4639 rc = read (fd, hmtx + 1, size); 4640 rc = read (fd, hmtx + 1, size);
4640 if (rc < size) 4641 if (rc == -1 || rc < size)
4641 { 4642 {
4642 xfree (hmtx); 4643 xfree (hmtx);
4643 return NULL; 4644 return NULL;
@@ -4801,7 +4802,7 @@ sfnt_read_name_table (int fd, struct sfnt_offset_subtable *subtable)
4801 4802
4802 /* Read the fixed length data. */ 4803 /* Read the fixed length data. */
4803 rc = read (fd, name, required); 4804 rc = read (fd, name, required);
4804 if (rc < required) 4805 if (rc == -1 || rc < required)
4805 { 4806 {
4806 xfree (name); 4807 xfree (name);
4807 return NULL; 4808 return NULL;
@@ -4835,8 +4836,8 @@ sfnt_read_name_table (int fd, struct sfnt_offset_subtable *subtable)
4835 rc = read (fd, name->name_records, 4836 rc = read (fd, name->name_records,
4836 (name->count 4837 (name->count
4837 * sizeof *name->name_records)); 4838 * sizeof *name->name_records));
4838 if (rc < (name->count 4839 if (rc == -1 || (rc < (name->count
4839 * sizeof *name->name_records)) 4840 * sizeof *name->name_records)))
4840 { 4841 {
4841 xfree (name); 4842 xfree (name);
4842 return NULL; 4843 return NULL;
@@ -4892,7 +4893,7 @@ sfnt_read_name_table (int fd, struct sfnt_offset_subtable *subtable)
4892 name->data = (unsigned char *) (name->name_records 4893 name->data = (unsigned char *) (name->name_records
4893 + name->count); 4894 + name->count);
4894 rc = read (fd, name->data, required); 4895 rc = read (fd, name->data, required);
4895 if (rc < required) 4896 if (rc == -1 || rc < required)
4896 { 4897 {
4897 xfree (name); 4898 xfree (name);
4898 return NULL; 4899 return NULL;
@@ -4974,7 +4975,7 @@ sfnt_read_meta_table (int fd, struct sfnt_offset_subtable *subtable)
4974 4975
4975 /* Read the header. */ 4976 /* Read the header. */
4976 rc = read (fd, meta, required); 4977 rc = read (fd, meta, required);
4977 if (rc < required) 4978 if (rc == -1 || rc < required)
4978 { 4979 {
4979 xfree (meta); 4980 xfree (meta);
4980 return NULL; 4981 return NULL;
@@ -5120,7 +5121,7 @@ sfnt_read_ttc_header (int fd)
5120 size = SFNT_ENDOF (struct sfnt_ttc_header, num_fonts, 5121 size = SFNT_ENDOF (struct sfnt_ttc_header, num_fonts,
5121 uint32_t); 5122 uint32_t);
5122 rc = read (fd, ttc, size); 5123 rc = read (fd, ttc, size);
5123 if (rc < size) 5124 if (rc == -1 || rc < size)
5124 { 5125 {
5125 xfree (ttc); 5126 xfree (ttc);
5126 return NULL; 5127 return NULL;
@@ -5152,7 +5153,7 @@ sfnt_read_ttc_header (int fd)
5152 ttc = xrealloc (ttc, sizeof *ttc + size); 5153 ttc = xrealloc (ttc, sizeof *ttc + size);
5153 ttc->offset_table = (uint32_t *) (ttc + 1); 5154 ttc->offset_table = (uint32_t *) (ttc + 1);
5154 rc = read (fd, ttc->offset_table, size); 5155 rc = read (fd, ttc->offset_table, size);
5155 if (rc < size) 5156 if (rc == -1 || rc < size)
5156 { 5157 {
5157 xfree (ttc); 5158 xfree (ttc);
5158 return NULL; 5159 return NULL;
@@ -5175,7 +5176,7 @@ sfnt_read_ttc_header (int fd)
5175 uint32_t) 5176 uint32_t)
5176 - offsetof (struct sfnt_ttc_header, ul_dsig_tag)); 5177 - offsetof (struct sfnt_ttc_header, ul_dsig_tag));
5177 rc = read (fd, &ttc->ul_dsig_offset, size); 5178 rc = read (fd, &ttc->ul_dsig_offset, size);
5178 if (rc < size) 5179 if (rc == -1 || rc < size)
5179 { 5180 {
5180 xfree (ttc); 5181 xfree (ttc);
5181 return NULL; 5182 return NULL;
@@ -12312,7 +12313,7 @@ sfnt_read_default_uvs_table (int fd, off_t offset)
12312{ 12313{
12313 struct sfnt_default_uvs_table *uvs; 12314 struct sfnt_default_uvs_table *uvs;
12314 uint32_t num_ranges, i, j; 12315 uint32_t num_ranges, i, j;
12315 size_t size, temp; 12316 ssize_t size, temp;
12316 char data[512]; 12317 char data[512];
12317 12318
12318 /* First, seek to the given offset. */ 12319 /* First, seek to the given offset. */
@@ -12322,7 +12323,8 @@ sfnt_read_default_uvs_table (int fd, off_t offset)
12322 12323
12323 /* Next, read the number of ranges present. */ 12324 /* Next, read the number of ranges present. */
12324 12325
12325 if (read (fd, &num_ranges, sizeof num_ranges) != sizeof num_ranges) 12326 if (read (fd, &num_ranges, sizeof num_ranges)
12327 != (int) sizeof num_ranges)
12326 return NULL; 12328 return NULL;
12327 12329
12328 /* Swap the number of ranges present. */ 12330 /* Swap the number of ranges present. */
@@ -12382,7 +12384,7 @@ sfnt_read_nondefault_uvs_table (int fd, off_t offset)
12382{ 12384{
12383 struct sfnt_nondefault_uvs_table *uvs; 12385 struct sfnt_nondefault_uvs_table *uvs;
12384 uint32_t num_mappings, i, j; 12386 uint32_t num_mappings, i, j;
12385 size_t size, temp; 12387 ssize_t size, temp;
12386 char data[500]; 12388 char data[500];
12387 12389
12388 /* First, seek to the given offset. */ 12390 /* First, seek to the given offset. */
@@ -12884,7 +12886,7 @@ sfnt_read_fvar_table (int fd, struct sfnt_offset_subtable *subtable)
12884 /* Read the fvar table header. */ 12886 /* Read the fvar table header. */
12885 buffer = NULL; 12887 buffer = NULL;
12886 rc = read (fd, fvar, min_bytes); 12888 rc = read (fd, fvar, min_bytes);
12887 if (rc != min_bytes) 12889 if (rc == -1 || rc != min_bytes)
12888 goto bail; 12890 goto bail;
12889 12891
12890 /* Swap what was read. */ 12892 /* Swap what was read. */
@@ -12994,7 +12996,7 @@ sfnt_read_fvar_table (int fd, struct sfnt_offset_subtable *subtable)
12994 goto bail; 12996 goto bail;
12995 12997
12996 rc = read (fd, fvar->axis, sizeof *fvar->axis * fvar->axis_count); 12998 rc = read (fd, fvar->axis, sizeof *fvar->axis * fvar->axis_count);
12997 if (rc != sizeof *fvar->axis * fvar->axis_count) 12999 if (rc == -1 || rc != sizeof *fvar->axis * fvar->axis_count)
12998 goto bail; 13000 goto bail;
12999 13001
13000 /* Swap each axis. */ 13002 /* Swap each axis. */
@@ -13113,7 +13115,7 @@ sfnt_read_gvar_table (int fd, struct sfnt_offset_subtable *subtable)
13113 13115
13114 /* Read the gvar table header. */ 13116 /* Read the gvar table header. */
13115 rc = read (fd, gvar, min_bytes); 13117 rc = read (fd, gvar, min_bytes);
13116 if (rc != min_bytes) 13118 if (rc == -1 || rc != min_bytes)
13117 goto bail; 13119 goto bail;
13118 13120
13119 /* Swap what was read. */ 13121 /* Swap what was read. */
@@ -13179,7 +13181,7 @@ sfnt_read_gvar_table (int fd, struct sfnt_offset_subtable *subtable)
13179 { 13181 {
13180 gvar->u.offset_long = (uint32_t *) (gvar + 1); 13182 gvar->u.offset_long = (uint32_t *) (gvar + 1);
13181 rc = read (fd, gvar->u.offset_long, off_size); 13183 rc = read (fd, gvar->u.offset_long, off_size);
13182 if (rc != off_size) 13184 if (rc == -1 || rc != off_size)
13183 goto bail; 13185 goto bail;
13184 13186
13185 for (i = 0; i <= gvar->glyph_count; ++i) 13187 for (i = 0; i <= gvar->glyph_count; ++i)
@@ -13200,8 +13202,9 @@ sfnt_read_gvar_table (int fd, struct sfnt_offset_subtable *subtable)
13200 if (lseek (fd, offset, SEEK_SET) != offset) 13202 if (lseek (fd, offset, SEEK_SET) != offset)
13201 goto bail; 13203 goto bail;
13202 13204
13203 if (read (fd, gvar->global_coords, coordinate_size) 13205 rc = read (fd, gvar->global_coords, coordinate_size);
13204 != coordinate_size) 13206
13207 if (rc == -1 || rc != coordinate_size)
13205 goto bail; 13208 goto bail;
13206 13209
13207 for (i = 0; i < coordinate_size / sizeof *gvar->global_coords; ++i) 13210 for (i = 0; i < coordinate_size / sizeof *gvar->global_coords; ++i)
@@ -13224,8 +13227,9 @@ sfnt_read_gvar_table (int fd, struct sfnt_offset_subtable *subtable)
13224 if (lseek (fd, offset, SEEK_SET) != offset) 13227 if (lseek (fd, offset, SEEK_SET) != offset)
13225 goto bail; 13228 goto bail;
13226 13229
13227 if (read (fd, gvar->glyph_variation_data, 13230 rc = read (fd, gvar->glyph_variation_data, gvar->data_size);
13228 gvar->data_size) != gvar->data_size) 13231
13232 if (rc == -1 || rc != gvar->data_size)
13229 goto bail; 13233 goto bail;
13230 } 13234 }
13231 13235
@@ -13276,7 +13280,7 @@ sfnt_read_avar_table (int fd, struct sfnt_offset_subtable *subtable)
13276 13280
13277 /* Read the avar table header. */ 13281 /* Read the avar table header. */
13278 rc = read (fd, avar, min_size); 13282 rc = read (fd, avar, min_size);
13279 if (rc != min_size) 13283 if (rc == -1 || rc != min_size)
13280 goto bail; 13284 goto bail;
13281 13285
13282 /* Swap what was read. */ 13286 /* Swap what was read. */
@@ -13293,7 +13297,7 @@ sfnt_read_avar_table (int fd, struct sfnt_offset_subtable *subtable)
13293 size = directory->length - min_size; 13297 size = directory->length - min_size;
13294 buffer = xmalloc (size); 13298 buffer = xmalloc (size);
13295 rc = read (fd, buffer, size); 13299 rc = read (fd, buffer, size);
13296 if (rc != size) 13300 if (rc == -1 || rc != size)
13297 goto bail1; 13301 goto bail1;
13298 13302
13299 /* Swap each word. */ 13303 /* Swap each word. */
@@ -13594,7 +13598,7 @@ sfnt_read_cvar_table (int fd, struct sfnt_offset_subtable *subtable,
13594 size = directory->length - min_size; 13598 size = directory->length - min_size;
13595 buffer = xmalloc (size); 13599 buffer = xmalloc (size);
13596 rc = read (fd, buffer, size); 13600 rc = read (fd, buffer, size);
13597 if (rc != size) 13601 if (rc == -1 || rc != size)
13598 goto bail; 13602 goto bail;
13599 13603
13600 /* Now figure out how large cvar must be by reading the tuples. */ 13604 /* Now figure out how large cvar must be by reading the tuples. */
@@ -15346,7 +15350,7 @@ sfnt_read_OS_2_table (int fd, struct sfnt_offset_subtable *subtable)
15346 unsigned char[10]); 15350 unsigned char[10]);
15347 rc = read (fd, OS_2, wanted); 15351 rc = read (fd, OS_2, wanted);
15348 15352
15349 if (rc != wanted) 15353 if (rc == -1 || rc != wanted)
15350 { 15354 {
15351 xfree (OS_2); 15355 xfree (OS_2);
15352 return NULL; 15356 return NULL;
@@ -15377,7 +15381,7 @@ sfnt_read_OS_2_table (int fd, struct sfnt_offset_subtable *subtable)
15377 - offsetof (struct sfnt_OS_2_table, ul_unicode_range)); 15381 - offsetof (struct sfnt_OS_2_table, ul_unicode_range));
15378 rc = read (fd, &OS_2->ul_unicode_range, wanted); 15382 rc = read (fd, &OS_2->ul_unicode_range, wanted);
15379 15383
15380 if (rc != wanted) 15384 if (rc == -1 || rc != wanted)
15381 { 15385 {
15382 xfree (OS_2); 15386 xfree (OS_2);
15383 return NULL; 15387 return NULL;
diff --git a/src/sfntfont.c b/src/sfntfont.c
index db527d7d4af..d556092db12 100644
--- a/src/sfntfont.c
+++ b/src/sfntfont.c
@@ -1144,7 +1144,9 @@ sfnt_enum_font_1 (int fd, const char *file,
1144int 1144int
1145sfnt_enum_font (const char *file) 1145sfnt_enum_font (const char *file)
1146{ 1146{
1147 int fd, rc; 1147 int fd;
1148 int rc;
1149 off_t seek;
1148 struct sfnt_offset_subtable *subtables; 1150 struct sfnt_offset_subtable *subtables;
1149 struct sfnt_ttc_header *ttc; 1151 struct sfnt_ttc_header *ttc;
1150 size_t i; 1152 size_t i;
@@ -1175,8 +1177,9 @@ sfnt_enum_font (const char *file)
1175 1177
1176 for (i = 0; i < ttc->num_fonts; ++i) 1178 for (i = 0; i < ttc->num_fonts; ++i)
1177 { 1179 {
1178 if (lseek (fd, ttc->offset_table[i], SEEK_SET) 1180 seek = lseek (fd, ttc->offset_table[i], SEEK_SET);
1179 != ttc->offset_table[i]) 1181
1182 if (seek == -1 || seek != ttc->offset_table[i])
1180 continue; 1183 continue;
1181 1184
1182 subtables = sfnt_read_table_directory (fd); 1185 subtables = sfnt_read_table_directory (fd);
generated by cgit v1.2.1 (git 2.18.0) at 2026-04-10 12:38:27 +0000