java/openjdk6/files/icedtea/security/20130618/8012421-better_positioning.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100

# HG changeset patch
# User prr
# Date 1366411203 25200
# Node ID 92ad159889b19b66a64cd3c89b628132fe089354
# Parent  3b7e8e89595d6f0f967981d3e08fe170fd3898ef
8012421: Better positioning of PairPositioning
Reviewed-by: srl, mschoene, vadim

diff --git a/src/share/native/sun/font/layout/PairPositioningSubtables.cpp b/src/share/native/sun/font/layout/PairPositioningSubtables.cpp
--- jdk/src/share/native/sun/font/layout/PairPositioningSubtables.cpp
+++ jdk/src/share/native/sun/font/layout/PairPositioningSubtables.cpp
@@ -76,23 +76,30 @@
 {
     LEGlyphID firstGlyph = glyphIterator->getCurrGlyphID();
     le_int32 coverageIndex = getGlyphCoverage(base, firstGlyph, success);
+
+    if (LE_FAILURE(success)) {
+      return 0;
+    }
     GlyphIterator tempIterator(*glyphIterator);
 
     if (coverageIndex >= 0 && glyphIterator->next()) {
         Offset pairSetTableOffset = SWAPW(pairSetTableOffsetArray[coverageIndex]);
-        PairSetTable *pairSetTable = (PairSetTable *) ((char *) this + pairSetTableOffset);
+        LEReferenceTo<PairSetTable> pairSetTable(base, success, ((char *) this + pairSetTableOffset));
+        if (LE_FAILURE(success)) {
+          return 0;
+        }
         le_uint16 pairValueCount = SWAPW(pairSetTable->pairValueCount);
         le_int16 valueRecord1Size = ValueRecord::getSize(SWAPW(valueFormat1));
         le_int16 valueRecord2Size = ValueRecord::getSize(SWAPW(valueFormat2));
         le_int16 recordSize = sizeof(PairValueRecord) - sizeof(ValueRecord) + valueRecord1Size + valueRecord2Size;
         LEGlyphID secondGlyph = glyphIterator->getCurrGlyphID();
-        const PairValueRecord *pairValueRecord = NULL;
+        LEReferenceTo<PairValueRecord> pairValueRecord;
 
         if (pairValueCount != 0) {
-            pairValueRecord = findPairValueRecord((TTGlyphID) LE_GET_GLYPH(secondGlyph), pairSetTable->pairValueRecordArray, pairValueCount, recordSize);
+            pairValueRecord = findPairValueRecord(base, (TTGlyphID) LE_GET_GLYPH(secondGlyph), pairSetTable->pairValueRecordArray, pairValueCount, recordSize, success);
         }
 
-        if (pairValueRecord == NULL) {
+        if (pairValueRecord.isEmpty()) {
             return 0;
         }
 
@@ -154,22 +161,26 @@
     return 0;
 }
 
-const PairValueRecord *PairPositioningFormat1Subtable::findPairValueRecord(TTGlyphID glyphID, const PairValueRecord *records, le_uint16 recordCount, le_uint16 recordSize) const
+LEReferenceTo<PairValueRecord> PairPositioningFormat1Subtable::findPairValueRecord(const LETableReference &base, TTGlyphID glyphID, const PairValueRecord *records, le_uint16 recordCount, le_uint16 recordSize, LEErrorCode &success) const
 {
 #if 1
         // The OpenType spec. says that the ValueRecord table is
         // sorted by secondGlyph. Unfortunately, there are fonts
         // around that have an unsorted ValueRecord table.
-        const PairValueRecord *record = records;
+        LEReferenceTo<PairValueRecord> record(base, success, records);
+        record.verifyLength(0, recordSize, success);
 
         for(le_int32 r = 0; r < recordCount; r += 1) {
+           if (LE_FAILURE(success)) return (const PairValueRecord*)NULL;
                 if (SWAPW(record->secondGlyph) == glyphID) {
                         return record;
                 }
 
-                record = (const PairValueRecord *) ((char *) record + recordSize);
+                record =  LEReferenceTo<PairValueRecord>(base, success, ((const char*)record.getAlias())+ recordSize);
+                record.verifyLength(0, recordSize, success);
         }
 #else
+  #error dead code - not updated.
     le_uint8 bit = OpenTypeUtilities::highBit(recordCount);
     le_uint16 power = 1 << bit;
     le_uint16 extra = (recordCount - power) * recordSize;
@@ -195,7 +206,7 @@
     }
 #endif
 
-    return NULL;
+    return (const PairValueRecord*)NULL;
 }
 
 U_NAMESPACE_END
diff --git a/src/share/native/sun/font/layout/PairPositioningSubtables.h b/src/share/native/sun/font/layout/PairPositioningSubtables.h
--- jdk/src/share/native/sun/font/layout/PairPositioningSubtables.h
+++ jdk/src/share/native/sun/font/layout/PairPositioningSubtables.h
@@ -77,8 +77,9 @@
     le_uint32  process(const LEReferenceTo<PairPositioningFormat1Subtable> &base, GlyphIterator *glyphIterator, const LEFontInstance *fontInstance, LEErrorCode &success) const;
 
 private:
-    const PairValueRecord *findPairValueRecord(TTGlyphID glyphID, const PairValueRecord *records,
-        le_uint16 recordCount, le_uint16 recordSize) const;
+    LEReferenceTo<PairValueRecord> findPairValueRecord(const LETableReference &base, TTGlyphID glyphID, const PairValueRecord *records,
+        le_uint16 recordCount, le_uint16 recordSize, LEErrorCode &success) const;
+
 };
 LE_VAR_ARRAY(PairPositioningFormat1Subtable, pairSetTableOffsetArray)