From: समीर सिंह Sameer Singh <lumarzeli30@gmail.com> --- dlls/gdi32/uniscribe/opentype.c | 11 +++++++++++ dlls/gdi32/uniscribe/shape.c | 6 +++++- dlls/gdi32/uniscribe/usp10_internal.h | 1 + 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/dlls/gdi32/uniscribe/opentype.c b/dlls/gdi32/uniscribe/opentype.c index faeb3e9ddb0..918762e7773 100644 --- a/dlls/gdi32/uniscribe/opentype.c +++ b/dlls/gdi32/uniscribe/opentype.c @@ -945,6 +945,9 @@ static INT GSUB_apply_MultipleSubst(const OT_LookupTable *look, WORD *glyphs, IN offset = GET_BE_WORD(msf1->Sequence[index]); seq = (const GSUB_Sequence*)((const BYTE*)msf1+offset); sub_count = GET_BE_WORD(seq->GlyphCount); + if (sub_count-1 > max_glyphs-*glyph_count) + return GSUB_E_OUTOFMEMORY; + TRACE(" Glyph 0x%x (+%i)->",glyphs[glyph_index],(sub_count-1)); for (j = (*glyph_count)+(sub_count-1); j > glyph_index; j--) @@ -1138,6 +1141,8 @@ static INT GSUB_apply_ContextSubst(const OT_LookupList* lookup, const OT_LookupT TRACE(" SUBST: %u -> %u %u.\n", l, sequence_index, lookup_index); newIndex = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count, max_glyphs); + if (newIndex == GSUB_E_OUTOFMEMORY) + return GSUB_E_OUTOFMEMORY; if (newIndex == GSUB_E_NOGLYPH) { ERR(" Chain failed to generate a glyph\n"); @@ -1225,6 +1230,8 @@ static INT GSUB_apply_ContextSubst(const OT_LookupList* lookup, const OT_LookupT TRACE(" SUBST: %u -> %u %u.\n", l, sequence_index, lookup_index); newIndex = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count, max_glyphs); + if (newIndex == GSUB_E_OUTOFMEMORY) + return GSUB_E_OUTOFMEMORY; if (newIndex == GSUB_E_NOGLYPH) { ERR(" Chain failed to generate a glyph\n"); @@ -1385,6 +1392,8 @@ static INT GSUB_apply_ChainContextSubst(const OT_LookupList* lookup, const OT_Lo TRACE("SUBST: %u -> %u %u.\n", k, sequence_index, lookup_index); new_index = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count, max_glyphs); + if (new_index == GSUB_E_OUTOFMEMORY) + return GSUB_E_OUTOFMEMORY; if (new_index == GSUB_E_NOGLYPH) ERR("Chain failed to generate a glyph.\n"); } @@ -1472,6 +1481,8 @@ static INT GSUB_apply_ChainContextSubst(const OT_LookupList* lookup, const OT_Lo TRACE("SUBST: %u -> %u %u.\n", k, sequence_index, lookup_index); new_index = GSUB_apply_lookup(lookup, lookup_index, glyphs, g, write_dir, glyph_count, max_glyphs); + if (new_index == GSUB_E_OUTOFMEMORY) + return GSUB_E_OUTOFMEMORY; if (new_index == GSUB_E_NOGLYPH) ERR("Chain failed to generate a glyph.\n"); } diff --git a/dlls/gdi32/uniscribe/shape.c b/dlls/gdi32/uniscribe/shape.c index 223fe532710..76647cda415 100644 --- a/dlls/gdi32/uniscribe/shape.c +++ b/dlls/gdi32/uniscribe/shape.c @@ -561,10 +561,12 @@ static int GSUB_apply_feature_all_lookups(const void *header, LoadedFeature *fea } if (out_index == GSUB_E_NOGLYPH) TRACE("lookups found no glyphs\n"); - else + else if (out_index != GSUB_E_OUTOFMEMORY) { int out2; out2 = GSUB_apply_feature_all_lookups(header, feature, glyphs, glyph_index, write_dir, glyph_count, max_glyphs); + if (out2==GSUB_E_OUTOFMEMORY) + return GSUB_E_OUTOFMEMORY; if (out2!=GSUB_E_NOGLYPH) out_index = out2; } @@ -850,6 +852,8 @@ static int apply_GSUB_feature(HDC hdc, SCRIPT_ANALYSIS *psa, ScriptCache* psc, W INT prevCount = *pcGlyphs; nextIndex = OpenType_apply_GSUB_lookup(psc->GSUB_Table, feature->lookups[lookup_index], pwOutGlyphs, i, write_dir, pcGlyphs, cMaxGlyphs); + if (nextIndex == GSUB_E_OUTOFMEMORY) + return GSUB_E_OUTOFMEMORY; if (*pcGlyphs != prevCount) { UpdateClusters(nextIndex, *pcGlyphs - prevCount, write_dir, cChars, pwLogClust); diff --git a/dlls/gdi32/uniscribe/usp10_internal.h b/dlls/gdi32/uniscribe/usp10_internal.h index 0ce7becefa4..fa62d08cdb2 100644 --- a/dlls/gdi32/uniscribe/usp10_internal.h +++ b/dlls/gdi32/uniscribe/usp10_internal.h @@ -135,6 +135,7 @@ enum usp10_script #define GSUB_E_NOFEATURE -20 #define GSUB_E_NOGLYPH -10 +#define GSUB_E_OUTOFMEMORY -30 #define FEATURE_ALL_TABLES 0 #define FEATURE_GSUB_TABLE 1 -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/10844