From b66efefdcde552e4880896aa961a0b9a583762d2 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Thu, 12 Mar 2009 08:07:49 +0000 Subject: [PATCH] Fix some FreeType Coverity issues as reported for Ghostscript. * src/base/ftobjs.c (FT_New_Face, FT_New_Memory_Face): Initialize `args.stream' (#3874, #3875). (open_face_PS_from_sfnt_stream): Improve error management (#3786). * src/base/ftmm.c (ft_face_get_mm_service): Fix check of `aservice' (#3870). * src/base/ftstroke.c (ft_stroke_border_get_counts): Remove dead code (#3790). * src/base/ftrfork.c (raccess_guess_apple_generic): Check error value of `FT_Stream_Skip' (#3784). * src/type1/t1gload.c (T1_Load_Glyph): Check `size' before accessing it (#3872) * src/pcf/pcfdrivr.c (PCF_Glyph_Load): Check `face' before accessing it (#3871). * src/pcf/pcfread.c (pcf_get_metrics): Handle return value of `pcf_get_metric' (#3789, #3782). (pcf_get_properties): Use FT_STREAM_SKIP (#3783). * src/cache/ftcmanag.c (FTC_Manager_RegisterCache): Fix check of `acache' (#3797) * src/cff/cffdrivr.c (cff_ps_get_font_info): Fix check of `cff' (#3796). * src/cff/cffgload.c (cff_decoder_prepare): Check `size' (#3795). * src/cff/cffload.c (cff_index_get_pointers): Add comment (#3794). * src/bdf/bdflib.c (_bdf_add_property): Check `fp->value.atom' (#3793). (_bdf_parse_start): Add comment (#3792). * src/raster/ftraster.c (Finalize_Profile_Table): Check `ras.fProfile' (#3791). * src/sfnt/ttsbit.c (Load_SBit_Image): Use FT_STREAM_SKIP (#3785). * src/gzip/ftgzip.c (ft_gzip_get_uncompressed_size): Properly ignore seek error (#3781). --- ChangeLog | 43 +++++++++++++++++++++++++++++++++++++++++++ src/base/ftmm.c | 4 ++-- src/base/ftobjs.c | 17 +++++++++++++++-- src/base/ftrfork.c | 8 ++++++-- src/base/ftstroke.c | 5 +---- src/bdf/bdflib.c | 9 ++++++++- src/cache/ftcmanag.c | 5 +++-- src/cff/cffdrivr.c | 3 ++- src/cff/cffgload.c | 4 ++-- src/cff/cffload.c | 3 ++- src/gzip/ftgzip.c | 2 +- src/pcf/pcfdrivr.c | 6 ++++-- src/pcf/pcfread.c | 10 +++++++--- src/raster/ftraster.c | 6 +++--- src/sfnt/ttsbit.c | 6 +++++- src/type1/t1gload.c | 18 +++++++++++++----- 16 files changed, 117 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 33a7a8d2e..e408626d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,46 @@ +2009-03-11 Werner Lemberg + + Fix some FreeType Coverity issues as reported for Ghostscript. + + * src/base/ftobjs.c (FT_New_Face, FT_New_Memory_Face): Initialize + `args.stream' (#3874, #3875). + (open_face_PS_from_sfnt_stream): Improve error management (#3786). + * src/base/ftmm.c (ft_face_get_mm_service): Fix check of `aservice' + (#3870). + * src/base/ftstroke.c (ft_stroke_border_get_counts): Remove dead + code (#3790). + * src/base/ftrfork.c (raccess_guess_apple_generic): Check error + value of `FT_Stream_Skip' (#3784). + + * src/type1/t1gload.c (T1_Load_Glyph): Check `size' before accessing + it (#3872) + + * src/pcf/pcfdrivr.c (PCF_Glyph_Load): Check `face' before accessing + it (#3871). + * src/pcf/pcfread.c (pcf_get_metrics): Handle return value of + `pcf_get_metric' (#3789, #3782). + (pcf_get_properties): Use FT_STREAM_SKIP (#3783). + + * src/cache/ftcmanag.c (FTC_Manager_RegisterCache): Fix check of + `acache' (#3797) + + * src/cff/cffdrivr.c (cff_ps_get_font_info): Fix check of `cff' + (#3796). + * src/cff/cffgload.c (cff_decoder_prepare): Check `size' (#3795). + * src/cff/cffload.c (cff_index_get_pointers): Add comment (#3794). + + * src/bdf/bdflib.c (_bdf_add_property): Check `fp->value.atom' + (#3793). + (_bdf_parse_start): Add comment (#3792). + + * src/raster/ftraster.c (Finalize_Profile_Table): Check + `ras.fProfile' (#3791). + + * src/sfnt/ttsbit.c (Load_SBit_Image): Use FT_STREAM_SKIP (#3785). + + * src/gzip/ftgzip.c (ft_gzip_get_uncompressed_size): Properly ignore + seek error (#3781). + 2009-03-11 Michael Toftdal Extend CID service functions to handle CID-keyed CFFs as CID fonts. diff --git a/src/base/ftmm.c b/src/base/ftmm.c index 586d5e84d..030772981 100644 --- a/src/base/ftmm.c +++ b/src/base/ftmm.c @@ -4,7 +4,7 @@ /* */ /* Multiple Master font support (body). */ /* */ -/* Copyright 1996-2001, 2003, 2004 by */ +/* Copyright 1996-2001, 2003, 2004, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -52,7 +52,7 @@ *aservice, MULTI_MASTERS ); - if ( aservice ) + if ( *aservice ) error = FT_Err_Ok; } diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index 89892df57..72dea335b 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -1140,6 +1140,7 @@ args.flags = FT_OPEN_PATHNAME; args.pathname = (char*)pathname; + args.stream = NULL; return FT_Open_Face( library, &args, face_index, aface ); } @@ -1166,6 +1167,7 @@ args.flags = FT_OPEN_MEMORY; args.memory_base = file_base; args.memory_size = file_size; + args.stream = NULL; return FT_Open_Face( library, &args, face_index, aface ); } @@ -1436,8 +1438,19 @@ is_sfnt_cid ? "cid" : "type1", aface ); Exit: - FT_Stream_Seek( stream, pos ); - return error; + { + FT_Error error1; + + + if ( error == FT_Err_Unknown_File_Format ) + { + error1 = FT_Stream_Seek( stream, pos ); + if ( error1 ) + return error1; + } + + return error; + } } diff --git a/src/base/ftrfork.c b/src/base/ftrfork.c index 719570d6a..d59a07611 100644 --- a/src/base/ftrfork.c +++ b/src/base/ftrfork.c @@ -4,7 +4,7 @@ /* */ /* Embedded resource forks accessor (body). */ /* */ -/* Copyright 2004, 2005, 2006, 2007, 2008 by */ +/* Copyright 2004, 2005, 2006, 2007, 2008, 2009 by */ /* Masatake YAMATO and Redhat K.K. */ /* */ /* FT_Raccess_Get_HeaderInfo() and raccess_guess_darwin_hfsplus() are */ @@ -709,8 +709,12 @@ return FT_Err_Ok; } else - FT_Stream_Skip( stream, 4 + 4 ); /* offset + length */ + { + error = FT_Stream_Skip( stream, 4 + 4 ); /* offset + length */ + if ( error ) + return error; } + } return FT_Err_Unknown_File_Format; } diff --git a/src/base/ftstroke.c b/src/base/ftstroke.c index fd04d2765..3f5421fa5 100644 --- a/src/base/ftstroke.c +++ b/src/base/ftstroke.c @@ -4,7 +4,7 @@ /* */ /* FreeType path stroker (body). */ /* */ -/* Copyright 2002, 2003, 2004, 2005, 2006, 2008 by */ +/* Copyright 2002, 2003, 2004, 2005, 2006, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -606,9 +606,6 @@ if ( tags[0] & FT_STROKE_TAG_END ) { - if ( in_contour == 0 ) - goto Fail; - in_contour = 0; num_contours++; } diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c index 512cd62c3..5435b20e6 100644 --- a/src/bdf/bdflib.c +++ b/src/bdf/bdflib.c @@ -1,6 +1,6 @@ /* * Copyright 2000 Computing Research Labs, New Mexico State University - * Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007 + * Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009 * Francesco Zappa Nardelli * * Permission is hereby granted, free of charge, to any person obtaining a @@ -1394,6 +1394,12 @@ font->font_descent = fp->value.int32; else if ( ft_memcmp( name, "SPACING", 7 ) == 0 ) { + if ( !fp->value.atom ) + { + error = BDF_Err_Invalid_File_Format; + goto Exit; + } + if ( fp->value.atom[0] == 'p' || fp->value.atom[0] == 'P' ) font->spacing = BDF_PROPORTIONAL; else if ( fp->value.atom[0] == 'm' || fp->value.atom[0] == 'M' ) @@ -2072,6 +2078,7 @@ error = _bdf_list_split( &p->list, (char *)" +", line, linelen ); if ( error ) goto Exit; + /* at this point, `p->font' can't be NULL */ p->cnt = p->font->props_size = _bdf_atoul( p->list.field[1], 0, 10 ); if ( FT_NEW_ARRAY( p->font->props, p->cnt ) ) diff --git a/src/cache/ftcmanag.c b/src/cache/ftcmanag.c index 989b9e209..4d44094ce 100644 --- a/src/cache/ftcmanag.c +++ b/src/cache/ftcmanag.c @@ -4,7 +4,7 @@ /* */ /* FreeType Cache Manager (body). */ /* */ -/* Copyright 2000-2001, 2002, 2003, 2004, 2005, 2006, 2008 by */ +/* Copyright 2000-2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -608,7 +608,8 @@ } Exit: - *acache = cache; + if ( acache ) + *acache = cache; return error; } diff --git a/src/cff/cffdrivr.c b/src/cff/cffdrivr.c index 8d385f7fa..3dd86f2aa 100644 --- a/src/cff/cffdrivr.c +++ b/src/cff/cffdrivr.c @@ -370,7 +370,8 @@ cff->font_info = font_info; } - *afont_info = *cff->font_info; + if ( cff ) + *afont_info = *cff->font_info; Fail: return error; diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c index c64c6f4fd..2718a277b 100644 --- a/src/cff/cffgload.c +++ b/src/cff/cffgload.c @@ -4,7 +4,7 @@ /* */ /* OpenType Glyph Loader (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by */ +/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -420,7 +420,7 @@ sub = cff->subfonts[fd_index]; - if ( builder->hints_funcs ) + if ( builder->hints_funcs && size ) { CFF_Internal internal = (CFF_Internal)size->root.internal; diff --git a/src/cff/cffload.c b/src/cff/cffload.c index 4a58189ca..22163fb75 100644 --- a/src/cff/cffload.c +++ b/src/cff/cffload.c @@ -319,7 +319,7 @@ static FT_Error cff_index_load_offsets( CFF_Index idx ) { - FT_Error error = 0; + FT_Error error = CFF_Err_Ok; FT_Stream stream = idx->stream; FT_Memory memory = stream->memory; @@ -402,6 +402,7 @@ old_offset = 1; for ( n = 0; n <= idx->count; n++ ) { + /* at this point, `idx->offsets' can't be NULL */ offset = idx->offsets[n]; if ( !offset ) offset = old_offset; diff --git a/src/gzip/ftgzip.c b/src/gzip/ftgzip.c index b0f054a54..0d6bd3495 100644 --- a/src/gzip/ftgzip.c +++ b/src/gzip/ftgzip.c @@ -569,7 +569,7 @@ if ( error ) result = 0; - FT_Stream_Seek( stream, old_pos ); + (void)FT_Stream_Seek( stream, old_pos ); } return result; diff --git a/src/pcf/pcfdrivr.c b/src/pcf/pcfdrivr.c index 0b454122d..e2d4d3d87 100644 --- a/src/pcf/pcfdrivr.c +++ b/src/pcf/pcfdrivr.c @@ -2,7 +2,7 @@ FreeType font driver for pcf files - Copyright (C) 2000, 2001, 2002, 2003, 2004, 2006, 2007, 2008 by + Copyright (C) 2000, 2001, 2002, 2003, 2004, 2006, 2007, 2008, 2009 by Francesco Zappa Nardelli Permission is hereby granted, free of charge, to any person obtaining a copy @@ -442,7 +442,7 @@ THE SOFTWARE. FT_Int32 load_flags ) { PCF_Face face = (PCF_Face)FT_SIZE_FACE( size ); - FT_Stream stream = face->root.stream; + FT_Stream stream; FT_Error error = PCF_Err_Ok; FT_Bitmap* bitmap = &slot->bitmap; PCF_Metric metric; @@ -459,6 +459,8 @@ THE SOFTWARE. goto Exit; } + stream = face->root.stream; + if ( glyph_index > 0 ) glyph_index--; diff --git a/src/pcf/pcfread.c b/src/pcf/pcfread.c index 7438ae776..8e04c57b3 100644 --- a/src/pcf/pcfread.c +++ b/src/pcf/pcfread.c @@ -2,7 +2,7 @@ FreeType font driver for pcf fonts - Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by + Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 by Francesco Zappa Nardelli Permission is hereby granted, free of charge, to any person obtaining a copy @@ -470,7 +470,11 @@ THE SOFTWARE. if ( nprops & 3 ) { i = 4 - ( nprops & 3 ); - FT_Stream_Skip( stream, i ); + if ( FT_STREAM_SKIP( i ) ) + { + error = PCF_Err_Invalid_Stream_Skip; + goto Bail; + } } if ( PCF_BYTE_ORDER( format ) == MSBFirst ) @@ -623,7 +627,7 @@ THE SOFTWARE. metrics = face->metrics; for ( i = 0; i < nmetrics; i++ ) { - pcf_get_metric( stream, format, metrics + i ); + error = pcf_get_metric( stream, format, metrics + i ); metrics[i].bits = 0; diff --git a/src/raster/ftraster.c b/src/raster/ftraster.c index ccb2e783b..eb9c4a45f 100644 --- a/src/raster/ftraster.c +++ b/src/raster/ftraster.c @@ -4,7 +4,7 @@ /* */ /* The FreeType glyph rasterizer (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2005, 2007, 2008 by */ +/* Copyright 1996-2001, 2002, 2003, 2005, 2007, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -811,10 +811,10 @@ a }; n = ras.num_Profs; + p = ras.fProfile; - if ( n > 1 ) + if ( n > 1 && p ) { - p = ras.fProfile; while ( n > 0 ) { if ( n > 1 ) diff --git a/src/sfnt/ttsbit.c b/src/sfnt/ttsbit.c index 28acde3d8..eadaade71 100644 --- a/src/sfnt/ttsbit.c +++ b/src/sfnt/ttsbit.c @@ -1325,7 +1325,11 @@ range->image_format, metrics, stream ); case 8: /* compound format */ - FT_Stream_Skip( stream, 1L ); + if ( FT_STREAM_SKIP( 1L ) ) + { + error = SFNT_Err_Invalid_Stream_Skip; + goto Exit; + } /* fallthrough */ case 9: diff --git a/src/type1/t1gload.c b/src/type1/t1gload.c index 67de87097..c3ac13f59 100644 --- a/src/type1/t1gload.c +++ b/src/type1/t1gload.c @@ -4,7 +4,7 @@ /* */ /* Type 1 Glyph Loader (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2008 by */ +/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -295,8 +295,16 @@ if ( load_flags & FT_LOAD_NO_RECURSE ) load_flags |= FT_LOAD_NO_SCALE | FT_LOAD_NO_HINTING; - glyph->x_scale = size->root.metrics.x_scale; - glyph->y_scale = size->root.metrics.y_scale; + if ( size ) + { + glyph->x_scale = size->root.metrics.x_scale; + glyph->y_scale = size->root.metrics.y_scale; + } + else + { + glyph->x_scale = 0x10000L; + glyph->y_scale = 0x10000L; + } glyph->root.outline.n_points = 0; glyph->root.outline.n_contours = 0; @@ -430,8 +438,8 @@ } /* Then scale the metrics */ - metrics->horiAdvance = FT_MulFix( metrics->horiAdvance, x_scale ); - metrics->vertAdvance = FT_MulFix( metrics->vertAdvance, y_scale ); + metrics->horiAdvance = FT_MulFix( metrics->horiAdvance, x_scale ); + metrics->vertAdvance = FT_MulFix( metrics->vertAdvance, y_scale ); } /* compute the other metrics */