* src/bzip2/ftbzip2.c (ft_bzip2_file_fill_input), src/gzip/ftgzip.c
(ft_gzip_file_fill_input): In case of an error, adjust the limit to
avoid copying uninitialized memory.
* src/bzip2/ftbzip2.c (ft_bzip2_file_fill_output), src/gzip/ftgzip.c
(ft_gzip_file_fill_output): In case of an error, adjust the limit to
avoid copying uninitialized memory.
* src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Add code to better
skip invalid segments.
If searching the next character, provide a more efficient logic to
speed up the code.
Thanks to Danh Hong <danhhong@gmail.com> for guidance with blue zone
characters!
* src/autofit/afblue.dat: Add blue zone data for Lao.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Lao standard characters.
* src/autofit/afranges.c: Add Lao data.
* src/autofit/afstyles.h: Add Lao data.
open_face_from_buffer() frees passed buffer if valid font
is not found. But if copying to the buffer is failed,
the allocated buffer should be freed within the caller.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free
the buffer `sfnt_ps' if an error caused before calling
open_face_from_buffer().
(Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if
an error caused before calling open_face_from_buffer();
Suggested by Hin-Tak Leung.
* src/bzip2/ftbzip2.c (ft_bzip2_stream_io), src/gzip/ftgzip.c
(ft_gzip_stream_io), src/lzw/ftlzw.c (ft_lzw_stream_io): Do it.
While the current code in `FT_Get_Next_Char' correctly rejects
out-of-bounds glyph indices, it can be extremely slow for malformed
cmaps that use 32bit values. This commit tries to improve that.
* src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next,
tt_cmap12_char_map_binary, tt_cmap13_next,
tt_cmap13_char_map_binary): Reject glyph indices larger than or
equal to the number of glyphs.
* src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds
glyph indices.
(FT_Get_First_Char): Updated.
* src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character
codes greater than 0xFFFF.
(tt_cmap8_char_index): Avoid integer overflow in computation of
glyph index.
(tt_cmap8_char_next): Avoid integer overflows in computation of
both next character code and glyph index.
(tt_cmap10_char_index): Fix unsigned integer logic.
(tt_cmap10_char_next): Avoid integer overflow in computation of
next character code.
(tt_cmap12_next): Avoid integer overflows in computation of both
next character code and glyph index.
(tt_cmap12_char_map_binary): Ditto.
(tt_cmap12_char_next): Simplify.
(tt_cmap13_char_map_binary): Avoid integer overflow in computation
of next character code.
(tt_cmap13_char_next): Simplify.
* src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length
of the resource fork for Mac OS. The resource fork larger
than 16 MB can be written but could not be handled
correctly, at least in Carbon routine.
See https://support.microsoft.com/en-us/kb/130437
* src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x'
for `%p' formatter.
* src/base/ftbase.c (Mac_Read_POST_Resource): Check the
fragment and total size of the concatenated POST resource
before buffer allocation.
(Mac_Read_sfnt_Resource): Check the declared size of
sfnt resource before buffer allocation.
* src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT):
Check the total resource size before buffer allocation.
This patch fixes weaknesses in function `tt_face_load_font_dir'.
- It incorrectly assumed that valid tables are always at the
beginning. As a consequence, some valid tables after invalid
entries (which are ignored) were never seen.
- Duplicate table entries (this is, having the same tag) were not
rejected.
- The number of valid tables was sometimes too large, leading to
access of invalid tables.
* src/sfnt/ttload.c (check_table_dir): Add argument to return number
of valid tables.
Add another tracing message.
(tt_face_load_font_dir): Only allocate table array for valid
entries as returned by `check_table_dir'.
Reject duplicate tables and adjust number of valid tables
accordingly.
* src/pcf/pcfread.c (pcf_load_font): Take absolute values for
AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and
RESOLUTION_Y. In tracing mode, add warnings.
* src/gzip/ftgzip.c (ft_gzip_stream_close): Avoid memory leak.
(ft_gzip_get_uncompressed_file): Correct byte order while reading
unsigned long value. Without this change, the whole optimization of
accessing small files in `FT_Stream_OpenGzip' is never executed! As
a consequence, access to PCF files in general (which are normally
small files) should be much improved now as originally intended.
* src/psaux/psobjs.c (ps_parser_skip_PS_token): If a token is
enclosed in balanced expressions, ensure that the cursor position
doesn't get larger than the current limit.