minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity

* include/freetype/internal/ftmemory.h: s/new/newsz/ (for C++). 

(FT_ALLOC): Remove redundant redefinition.

* builds/compiler/gcc-dev.mk (CFLAGS) [g++]: Don't use
`-Wstrict-prototypes'.

* src/base/ftstream.c (FT_Stream_EnterFrame): Add cast.

Formatting, copyright years.
This commit is contained in:
Werner Lemberg 2006-05-02 22:22:16 +00:00
parent 9482ba50b7
commit c6afa1221a
12 changed files with 219 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
ChangeLog
View File

@ -1,53 +1,91 @@
2006-05-02 Werner Lemberg <wl@gnu.org>
* include/freetype/internal/ftmemory.h: s/new/newsz/ (for C++).
(FT_ALLOC): Remove redundant redefinition.
* builds/compiler/gcc-dev.mk (CFLAGS) [g++]: Don't use
`-Wstrict-prototypes'.
* src/base/ftstream.c (FT_Stream_EnterFrame): Add cast.
2006-05-02 David Turner <david@freetype.org>
* include/freetype/ftstream.h, src/base/ftstream.c: modifying
various frame-related functions to report the place where the
frames were entered/extracted/exited/released in the memory debugger.
* include/freetype/ftstream.h (FT_FRAME_ENTER, FT_FRAME_EXIT,
FT_FRAME_EXTRACT, FT_FRAME_RELEASE: Use FT_DEBUG_INNER to report the
place where the frames were entered, extracted, exited or released
in the memory debugger.
* include/freetype/internal/ftmemory.h, src/base/ftbitmap.c,
src/base/ftmac.c, src/base/ftrfork.c, src/lzw/ftzopen.c,
src/raster/ftrend1.c, src/sfnt/ttpost.c, src/truetype/ttgxvar.c,
src/type42/t42parse.c, src/winfonts/winfnt.c: hardening the code
against out-of-bounds conditions when allocating arrays. This is
for the cases where FT_NEW_ARRAY and FT_RENEW_ARRAY are not used
already. Introducing the new FT_ALLOC_MULT and FT_REALLOC_MULT
macros.
* src/base/ftstream.c (FT_Stream_ReleaseFrame) [FT_DEBUG_MEMORY]:
Call ft_mem_free.
(FT_Stream_EnterFrame) [FT_DEBUG_MEMORY]: Use ft_mem_qalloc.
(FT_Stream_ExitFrame) [FT_DEBUG_MEMORY]: Use ft_mem_free.
* include/freetype/fterrdef.h, include/freetype/config/ftconfig.h,
include/freetype/internal/ftmemory.h, src/base/ftdbgmem.c,
src/base/ftutil.c: udpating the memory management functions and
macros to safely deal with array size buffer overflows, this
corresponds to attemps to allocate arrays that are too large. For
an example, consider the following code:
Update the memory management functions and macros to safely deal
with array size buffer overflows. This corresponds to attemps to
allocate arrays that are too large. For an example, consider the
following code:
count = read_uint32_from_file();
array = malloc( sizeof(Item) * count );
for ( nn = 0; nn < count; nn++ )
count = read_uint32_from_file(); array = malloc( sizeof ( Item ) *
count ); for ( nn = 0; nn < count; nn++ )
array[nn] = read_item_from_file();
if 'count' is larger than FT_UINT_MAX/sizeof(Item), the multiplication
will overflow and the array allocated will be smaller than the data
read from the file. In this case, the heap will be trashed, and this
can be used as a denial-of-service, or make the engine crash later.
If `count' is larger than `FT_UINT_MAX/sizeof(Item)', the
multiplication overflows, and the array allocated os smaller than
the data read from the file. In this case, the heap will be
trashed, and this can be used as a denial-of-service attack, or make
the engine crash later.
the FT_ARRAY_NEW and FT_ARRAY_RENEW macro now check that the new
count is no more than FT_INT_MAX/item_size, otherwise, a new error,
named 'FT_Err_Array_Too_Large' will be returned.
The FT_ARRAY_NEW and FT_ARRAY_RENEW macros now ensure that the new
count is no larger than `FT_INT_MAX/item_size', otherwise a new
error code `FT_Err_Array_Too_Large' will be returned.
note that the memory debugger now works again when FT_DEBUG_MEMORY
is defined, and FT_STRICT_ALIASING has disappeared, the corresponding
code being now the default.
Note that the memory debugger now works again when FT_DEBUG_MEMORY
is defined. FT_STRICT_ALIASING has disappeared; the corresponding
code is now the default.
* include/freetype/config/ftconfig.h (FT_BASE_DEF) [!__cplusplus]:
Don't use `extern'.
* include/freetype/fterrdef.h (FT_Err_Array_Too_Large): New error
code.
* include/freetype/internal/ftmemory.h (FT_DEBUG_INNER)
[FT_DEBUG_MEMORY]: New macro.
(ft_mem_realloc, ft_mem_qrealloc): Pass new object size count also.
(ft_mem_alloc_debug, ft_mem_qalloc_debug, ft_mem_realloc_debug,
ft_mem_qrealloc_debug, ft_mem_free_debug): Removed.
(FT_MEM_ALLOC, FT_MEM_REALLOC, FT_MEM_QALLOC, FT_MEM_QREALLOC,
FT_MEM_FREE): Redefine.
(FT_MEM_NEW_ARRAY, FT_MEM_RENEW_ARRAY, FT_MEM_QNEW_ARRAY,
FT_MEM_QRENEW_ARRAY): Redefine.
(FT_ALLOC_MULT, FT_REALLOC_MULT, FT_MEM_QALLOC_MULT,
FT_MEM_QREALLOC_MULT): New macros. Update callers where
appropriate.
(FT_MEM_SET_ERROR): Slightly redefine.
* src/base/ftdbgmem.c (_ft_debug_file, _ft_debug_lineno)
[FT_DEBUG_MEMORY]: New global variables, replacing...
(FT_MemTable_Rec) [FT_DEBUG_MEMORY]: Remove `filename' and
`line_no'. Update all callers.
(ft_mem_debug_alloc) [FT_DEBUG_MEMORY]: Avoid possible integer
overflow.
(ft_mem_alloc_debug, ft_mem_realloc_debug, ft_mem_qalloc_debug,
ft_mem_qrealloc_debug, ft_mem_free_debug): Removed.
* src/base/ftmac.c (read_lwfn): Catch integer overflow.
* src/base/ftrfork.c (raccess_guess_darwin_hfsplus): Ditto.
* src/base/ftutil.c: Remove special code for FT_STRICT_ALIASING.
(ft_mem_alloc. ft_mem_realloc, ft_mem_qrealloc): Rewrite.
2006-04-30 suzuki toshiya <mpsuzuki@hiroshima-u.ac.jp>
Fix bug in Mac_Read_POST_Resource() to parse PFB font with MacOS
resource fork (bug since 2003-09-11). Patch is provided by
Huib-Jan Imbens <ft@imbens.nl>.
* src/base/ftobjs.c: fix pfb_pos initialization, remove extra cast
to copy to pfb_lenpos.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Correct pfb_pos
initialization, remove extra cast to copy to pfb_lenpos. This fixes
parsing of PFB fonts with MacOS resource fork (bug introduced
2003-09-11). Patch provided by Huib-Jan Imbens <ft@imbens.nl>.
2006-04-29 Werner Lemberg <wl@gnu.org>

5
builds/compiler/gcc-dev.mk
View File

@ -65,6 +65,7 @@ T := -o$(space)
ifndef CFLAGS
ifeq ($(findstring g++,$(CC)),)
nested_externs := -Wnested-externs
strict_prototypes := -Wstrict-prototypes
endif
CFLAGS := -c -g -O0 \
@ -74,10 +75,10 @@ ifndef CFLAGS
-Wshadow \
-Wpointer-arith \
-Wwrite-strings \
-Wstrict-prototypes \
-Wredundant-decls \
-Wno-long-long \
$(nested_externs)
$(nested_externs) \
$(strict_prototypes)
endif
# ANSIFLAGS: Put there the flags used to make your compiler ANSI-compliant.

2
include/freetype/config/ftconfig.h
View File

@ -265,7 +265,7 @@ FT_BEGIN_HEADER
#ifndef FT_BASE_DEF
#ifdef __cplusplus
#define FT_BASE_DEF( x ) extern "C" x
#define FT_BASE_DEF( x ) x
#else
#define FT_BASE_DEF( x ) x
#endif

76
include/freetype/internal/ftmemory.h
View File

@ -62,13 +62,16 @@ FT_BEGIN_HEADER
FT_BASE( const char* ) _ft_debug_file;
FT_BASE( long ) _ft_debug_lineno;
# define FT_DEBUG_INNER(exp) ( _ft_debug_file = __FILE__, _ft_debug_lineno = __LINE__, (exp) )
#define FT_DEBUG_INNER( exp ) ( _ft_debug_file = __FILE__, \
_ft_debug_lineno = __LINE__, \
(exp) )
#else /* !FT_DEBUG_MEMORY */
#define FT_DEBUG_INNER( exp ) (exp)
#endif
#endif /* !FT_DEBUG_MEMORY */
/*
* The allocation functions return a pointer, and the error code
@ -119,8 +122,10 @@ FT_BASE( long ) _ft_debug_lineno;
#define FT_MEM_NEW( ptr ) \
FT_MEM_ALLOC( ptr, sizeof ( *(ptr) ) )
#define FT_MEM_REALLOC( ptr, cur, new ) \
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, 1, (cur), (new), (ptr), &error ) )
#define FT_MEM_REALLOC( ptr, cursz, newsz ) \
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, 1, \
(cursz), (newsz), \
(ptr), &error ) )
#define FT_MEM_QALLOC( ptr, size ) \
FT_DEBUG_INNER( (ptr) = ft_mem_qalloc( memory, (size), &error ) )
@ -128,32 +133,40 @@ FT_BASE( long ) _ft_debug_lineno;
#define FT_MEM_QNEW( ptr ) \
FT_MEM_QALLOC( ptr, sizeof ( *(ptr) ) )
#define FT_MEM_QREALLOC( ptr, cur, new ) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, 1, (cur), (new), (ptr), &error ) )
#define FT_MEM_QREALLOC( ptr, cursz, newsz ) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, 1, \
(cursz), (newsz), \
(ptr), &error ) )
#define FT_MEM_QRENEW_ARRAY(ptr,cur,new) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, sizeof(*(ptr)), (cur), (new), (ptr), &error ) )
#define FT_MEM_QRENEW_ARRAY( ptr, cursz, newsz ) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
(cursz), (newsz), \
(ptr), &error ) )
#define FT_MEM_ALLOC_MULT( ptr, count, item_size ) \
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, (item_size), 0, (count), NULL, &error ) )
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, (item_size), \
0, (count), \
NULL, &error ) )
#define FT_MEM_REALLOC_MULT( ptr, oldcnt, newcnt, itmsz ) \
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, (itmsz), (oldcnt), (newcnt), (ptr), &error ) )
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, (itmsz), \
(oldcnt), (newcnt), \
(ptr), &error ) )
#define FT_MEM_QALLOC_MULT( ptr, count, item_size ) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, (item_size), 0, (count), NULL, &error ) )
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, (item_size), \
0, (count), \
NULL, &error ) )
#define FT_MEM_QREALLOC_MULT( ptr, oldcnt, newcnt, itmsz) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, (itmsz), (oldcnt), (newcnt), (ptr), &error ) )
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, (itmsz), \
(oldcnt), (newcnt), \
(ptr), &error ) )
#define FT_MEM_SET_ERROR( cond ) ( (cond), error != 0 )
#define FT_ALLOC(ptr,size) FT_MEM_SET_ERROR( FT_MEM_ALLOC(ptr,size) )
#define FT_MEM_SET( dest, byte, count ) ft_memset( dest, byte, count )
#define FT_MEM_COPY( dest, source, count ) ft_memcpy( dest, source, count )
@ -193,16 +206,24 @@ FT_BASE( long ) _ft_debug_lineno;
/* */
#define FT_MEM_NEW_ARRAY( ptr, count ) \
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, sizeof(*(ptr)), 0, (count), NULL, &error ) )
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, sizeof ( *(ptr) ), \
0, (count), \
NULL, &error ) )
#define FT_MEM_RENEW_ARRAY(ptr,cur,new) \
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, sizeof(*(ptr)), (cur), (new), (ptr), &error ) )
#define FT_MEM_RENEW_ARRAY( ptr, cursz, newsz ) \
FT_DEBUG_INNER( (ptr) = ft_mem_realloc( memory, sizeof ( *(ptr) ), \
(cursz), (newsz), \
(ptr), &error ) )
#define FT_MEM_QNEW_ARRAY( ptr, count ) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, sizeof(*(ptr)), 0, (count), NULL, &error ) )
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
0, (count), \
NULL, &error ) )
#define FT_MEM_QRENEW_ARRAY(ptr,cur,new) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, sizeof(*(ptr)), (cur), (new), (ptr), &error ) )
#define FT_MEM_QRENEW_ARRAY( ptr, cursz, newsz ) \
FT_DEBUG_INNER( (ptr) = ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
(cursz), (newsz), \
(ptr), &error ) )
#define FT_ALLOC( ptr, size ) \
@ -215,7 +236,8 @@ FT_BASE( long ) _ft_debug_lineno;
FT_MEM_SET_ERROR( FT_MEM_ALLOC_MULT( ptr, count, item_size ) )
#define FT_REALLOC_MULT( ptr, oldcnt, newcnt, itmsz ) \
FT_MEM_SET_ERROR( FT_MEM_REALLOC_MULT(ptr,oldcnt,newcnt,itmsz) )
FT_MEM_SET_ERROR( FT_MEM_REALLOC_MULT( ptr, oldcnt, \
newcnt, itmsz ) )
#define FT_QALLOC( ptr, size ) \
FT_MEM_SET_ERROR( FT_MEM_QALLOC( ptr, size ) )
@ -227,12 +249,12 @@ FT_BASE( long ) _ft_debug_lineno;
FT_MEM_SET_ERROR( FT_MEM_QALLOC_MULT( ptr, count, item_size ) )
#define FT_QREALLOC_MULT( ptr, oldcnt, newcnt, itmsz ) \
FT_MEM_SET_ERROR( FT_MEM_QREALLOC_MULT(ptr,oldcnt,newcnt,itmsz) )
FT_MEM_SET_ERROR( FT_MEM_QREALLOC_MULT( ptr, oldcnt, \
newcnt, itmsz ) )
#define FT_FREE( ptr ) FT_MEM_FREE( ptr )
#define FT_NEW(ptr) \
FT_MEM_SET_ERROR( FT_MEM_NEW(ptr) )
#define FT_NEW( ptr ) FT_MEM_SET_ERROR( FT_MEM_NEW( ptr ) )
#define FT_NEW_ARRAY( ptr, count ) \
FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) )
@ -250,7 +272,6 @@ FT_BASE( long ) _ft_debug_lineno;
FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )
#ifdef FT_CONFIG_OPTION_OLD_INTERNALS
FT_BASE( FT_Error )
@ -274,6 +295,7 @@ FT_BASE( long ) _ft_debug_lineno;
FT_Long current,
FT_Long size,
void* *p );
FT_BASE( void )
FT_Free( FT_Memory memory,
void* *P );

8
include/freetype/internal/ftstream.h
View File

@ -4,7 +4,7 @@
/* */
/* Stream handling (specification). */
/* */
/* Copyright 1996-2001, 2002, 2004, 2005 by */
/* Copyright 1996-2001, 2002, 2004, 2005, 2006 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@ -515,7 +515,8 @@ FT_BEGIN_HEADER
#define FT_FRAME_ENTER( size ) \
FT_SET_ERROR( FT_DEBUG_INNER( FT_Stream_EnterFrame( stream, size ) ) )
FT_SET_ERROR( \
FT_DEBUG_INNER( FT_Stream_EnterFrame( stream, size ) ) )
#define FT_FRAME_EXIT() \
FT_DEBUG_INNER( FT_Stream_ExitFrame( stream ) )
@ -526,7 +527,8 @@ FT_BEGIN_HEADER
(FT_Byte**)&(bytes) ) ) )
#define FT_FRAME_RELEASE( bytes ) \
FT_DEBUG_INNER( FT_Stream_ReleaseFrame( stream, (FT_Byte**)&(bytes) ) )
FT_DEBUG_INNER( FT_Stream_ReleaseFrame( stream, \
(FT_Byte**)&(bytes) ) )
FT_END_HEADER

17
src/base/ftdbgmem.c
View File

@ -50,7 +50,8 @@
#define FT_MEM_VAL( addr ) ((FT_ULong)(FT_Pointer)( addr ))
/* this structure holds statistics for a single allocation/release
/*
* This structure holds statistics for a single allocation/release
* site. This is useful to know where memory operations happen the
* most.
*/
@ -81,11 +82,12 @@
*/
#define FT_MEM_SOURCE_BUCKETS 128
/* this structure holds information related to a single allocated
* memory block. if KEEPALIVE is defined, blocks that are freed by
* FreeType are never released to the system. Instead, their 'size'
/*
* This structure holds information related to a single allocated
* memory block. If KEEPALIVE is defined, blocks that are freed by
* FreeType are never released to the system. Instead, their `size'
* field is set to -size. This is mainly useful to detect double frees,
* at the price of large memory footprint during execution !!
* at the price of large memory footprint during execution.
*/
typedef struct FT_MemNodeRec_
{
@ -104,8 +106,9 @@
} FT_MemNodeRec;
/* the global structure, containing compound statistics and all hash
* tables
/*
* The global structure, containing compound statistics and all hash
* tables.
*/
typedef struct FT_MemTableRec_
{

4
src/base/ftstream.c
View File

@ -4,7 +4,7 @@
/* */
/* I/O stream support (body). */
/* */
/* Copyright 2000-2001, 2002, 2004, 2005 by */
/* Copyright 2000-2001, 2002, 2004, 2005, 2006 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@ -241,7 +241,7 @@
#ifdef FT_DEBUG_MEMORY
/* assume _ft_debug_file and _ft_debug_lineno are already set */
stream->base = ft_mem_qalloc( memory, count, &error );
stream->base = (unsigned char*)ft_mem_qalloc( memory, count, &error );
if ( error )
goto Exit;
#else

3
src/base/ftutil.c
View File

@ -98,7 +98,8 @@
{
FT_Error error = FT_Err_Ok;
block = ft_mem_qrealloc( memory, item_size, cur_count, new_count, block, &error );
block = ft_mem_qrealloc( memory, item_size,
cur_count, new_count, block, &error );
if ( !error && new_count > cur_count )
FT_MEM_ZERO( (char*)block + cur_count * item_size,
( new_count - cur_count ) * item_size );

2
src/lzw/ftzopen.c
View File

@ -8,7 +8,7 @@
/* be used to parse compressed PCF fonts, as found with many X11 server */
/* distributions. */
/* */
/* Copyright 2005 by David Turner. */
/* Copyright 2005, 2006 by David Turner. */
/* */
/* This file is part of the FreeType project, and may only be used, */
/* modified, and distributed under the terms of the FreeType project */

2
src/raster/ftrend1.c
View File

@ -4,7 +4,7 @@
/* */
/* The FreeType glyph rasterizer interface (body). */
/* */
/* Copyright 1996-2001, 2002, 2003, 2005 by */
/* Copyright 1996-2001, 2002, 2003, 2005, 2006 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */

2
src/truetype/ttgxvar.c
View File

@ -4,7 +4,7 @@
/* */
/* TrueType GX Font Variation loader */
/* */
/* Copyright 2004, 2005 by */
/* Copyright 2004, 2005, 2006 by */
/* David Turner, Robert Wilhelm, Werner Lemberg, and George Williams. */
/* */
/* This file is part of the FreeType project, and may only be used, */

2
src/type42/t42parse.c
View File

@ -4,7 +4,7 @@
/* */
/* Type 42 font parser (body). */
/* */
/* Copyright 2002, 2003, 2004, 2005 by Roberto Alameda. */
/* Copyright 2002, 2003, 2004, 2005, 2006 by Roberto Alameda. */
/* */
/* This file is part of the FreeType project, and may only be used, */
/* modified, and distributed under the terms of the FreeType project */