From e0015f7612cf07ff80561475321ce1f98c7c2b88 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Tue, 8 May 2018 11:51:16 +0200 Subject: [PATCH] [autofit] Avoid potential SEGV if running out of memory. Problem reported by Shailesh Mistry . * src/autofit/afshaper.c (af_shaper_buf_create, af_shaper_buf_destroy) [!FT_CONFIG_OPTION_USE_HARFBUZZ]: Don't allocate and free a four-byte buffer. Instead, make those functions no-ops; the calling functions will provide a pointer to a buffer instead. * src/autofit/afcjk.c (af_cjk_metrics_init_widths, af_cjk_metrics_init_blues, af_cjk_metrics_check_digits), src/autofit/aflatin.c (af_latin_metrics_init_widths, af_latin_metrics_init_blues, af_latin_metrics_check_digits) [!FT_CONFIG_OPTION_USE_HARFBUZZ]: Use pointer to local variable for `shaper_buf'. --- ChangeLog | 29 ++++++++++++++++++++++++----- src/autofit/afcjk.c | 40 +++++++++++++++++++++++++++++++++++----- src/autofit/aflatin.c | 42 ++++++++++++++++++++++++++++++++++++------ src/autofit/afshaper.c | 15 ++++----------- 4 files changed, 99 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index 89472279e..1c0625e67 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10 +1,29 @@ +2018-05-08 Werner Lemberg + + [autofit] Avoid potential SEGV if running out of memory. + + Problem reported by Shailesh Mistry . + + * src/autofit/afshaper.c (af_shaper_buf_create, + af_shaper_buf_destroy) [!FT_CONFIG_OPTION_USE_HARFBUZZ]: Don't + allocate and free a four-byte buffer. Instead, make those functions + no-ops; the calling functions will provide a pointer to a buffer + instead. + + * src/autofit/afcjk.c (af_cjk_metrics_init_widths, + af_cjk_metrics_init_blues, af_cjk_metrics_check_digits), + src/autofit/aflatin.c (af_latin_metrics_init_widths, + af_latin_metrics_init_blues, af_latin_metrics_check_digits) + [!FT_CONFIG_OPTION_USE_HARFBUZZ]: Use pointer to local variable for + `shaper_buf'. + 2018-05-07 Nikolaus Waxweiler - CMake: Allow using project as subfolder in other project + [cmake] Allow using project as subfolder in other project. - * CMakeLists.txt: Test for CMake build directory being diffent from source - directory. Provide other parts of the build system access the full include - directory. + * CMakeLists.txt: Test for CMake build directory being different + from source directory. Provide other parts of the build system + access the full include directory. 2018-05-07 Werner Lemberg @@ -24,6 +43,7 @@ 2018-05-04 suzuki toshiya Support symbol visibility features of Sun / Oracle C compilers. + Reported by Kiyoshi Kanazawa: https://lists.gnu.org/archive/html/freetype-devel/2018-05/msg00008.html Thanks to the suggestions by Alexei and Alan Coopersmith. @@ -44,7 +64,6 @@ * CMakeLists.txt: Generate ftconfig.h on non-UNIX. - 2018-05-02 Werner Lemberg Remove FT_CONFIG_OPTION_PIC and related code. diff --git a/src/autofit/afcjk.c b/src/autofit/afcjk.c index 808f8cc58..e93e8a709 100644 --- a/src/autofit/afcjk.c +++ b/src/autofit/afcjk.c @@ -94,15 +94,26 @@ AF_StyleClass style_class = metrics->root.style_class; AF_ScriptClass script_class = af_script_classes[style_class->script]; - void* shaper_buf; + /* If HarfBuzz is not available, we need a pointer to a single */ + /* unsigned long value. */ +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ + void* shaper_buf; +#else + FT_ULong shaper_buf_; + void* shaper_buf = &shaper_buf_; +#endif + const char* p; #ifdef FT_DEBUG_LEVEL_TRACE FT_ULong ch = 0; #endif - p = script_class->standard_charstring; + p = script_class->standard_charstring; + +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ shaper_buf = af_shaper_buf_create( face ); +#endif /* We check a list of standard characters. The first match wins. */ @@ -290,7 +301,14 @@ AF_Blue_Stringset bss = sc->blue_stringset; const AF_Blue_StringRec* bs = &af_blue_stringsets[bss]; - void* shaper_buf; + /* If HarfBuzz is not available, we need a pointer to a single */ + /* unsigned long value. */ +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ + void* shaper_buf; +#else + FT_ULong shaper_buf_; + void* shaper_buf = &shaper_buf_; +#endif /* we walk over the blue character strings as specified in the */ @@ -301,7 +319,9 @@ "==========================\n" "\n" )); +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ shaper_buf = af_shaper_buf_create( face ); +#endif for ( ; bs->string != AF_BLUE_STRING_MAX; bs++ ) { @@ -559,15 +579,25 @@ FT_Bool started = 0, same_width = 1; FT_Fixed advance = 0, old_advance = 0; - void* shaper_buf; + /* If HarfBuzz is not available, we need a pointer to a single */ + /* unsigned long value. */ +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ + void* shaper_buf; +#else + FT_ULong shaper_buf_; + void* shaper_buf = &shaper_buf_; +#endif /* in all supported charmaps, digits have character codes 0x30-0x39 */ const char digits[] = "0 1 2 3 4 5 6 7 8 9"; const char* p; - p = digits; + p = digits; + +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ shaper_buf = af_shaper_buf_create( face ); +#endif while ( *p ) { diff --git a/src/autofit/aflatin.c b/src/autofit/aflatin.c index 036351b2b..9b2d2b04a 100644 --- a/src/autofit/aflatin.c +++ b/src/autofit/aflatin.c @@ -85,16 +85,27 @@ AF_StyleClass style_class = metrics->root.style_class; AF_ScriptClass script_class = af_script_classes[style_class->script]; - void* shaper_buf; + /* If HarfBuzz is not available, we need a pointer to a single */ + /* unsigned long value. */ +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ + void* shaper_buf; +#else + FT_ULong shaper_buf_; + void* shaper_buf = &shaper_buf_; +#endif + const char* p; #ifdef FT_DEBUG_LEVEL_TRACE FT_ULong ch = 0; #endif - p = script_class->standard_charstring; - shaper_buf = af_shaper_buf_create( face ); + p = script_class->standard_charstring; + +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ + shaper_buf = af_shaper_buf_create( face ); +#endif /* * We check a list of standard characters to catch features like * `c2sc' (small caps from caps) that don't contain lowercase letters @@ -323,7 +334,14 @@ FT_Pos flat_threshold = FLAT_THRESHOLD( metrics->units_per_em ); - void* shaper_buf; + /* If HarfBuzz is not available, we need a pointer to a single */ + /* unsigned long value. */ +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ + void* shaper_buf; +#else + FT_ULong shaper_buf_; + void* shaper_buf = &shaper_buf_; +#endif /* we walk over the blue character strings as specified in the */ @@ -333,7 +351,9 @@ "============================\n" "\n" )); +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ shaper_buf = af_shaper_buf_create( face ); +#endif for ( ; bs->string != AF_BLUE_STRING_MAX; bs++ ) { @@ -1030,15 +1050,25 @@ FT_Bool started = 0, same_width = 1; FT_Fixed advance = 0, old_advance = 0; - void* shaper_buf; + /* If HarfBuzz is not available, we need a pointer to a single */ + /* unsigned long value. */ +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ + void* shaper_buf; +#else + FT_ULong shaper_buf_; + void* shaper_buf = &shaper_buf_; +#endif /* in all supported charmaps, digits have character codes 0x30-0x39 */ const char digits[] = "0 1 2 3 4 5 6 7 8 9"; const char* p; - p = digits; + p = digits; + +#ifdef FT_CONFIG_OPTION_USE_HARFBUZZ shaper_buf = af_shaper_buf_create( face ); +#endif while ( *p ) { diff --git a/src/autofit/afshaper.c b/src/autofit/afshaper.c index f30828173..ce3133fad 100644 --- a/src/autofit/afshaper.c +++ b/src/autofit/afshaper.c @@ -591,14 +591,9 @@ void* af_shaper_buf_create( FT_Face face ) { - FT_Error error; - FT_Memory memory = face->memory; - FT_ULong* buf; + FT_UNUSED( face ); - - FT_MEM_ALLOC( buf, sizeof ( FT_ULong ) ); - - return (void*)buf; + return NULL; } @@ -606,10 +601,8 @@ af_shaper_buf_destroy( FT_Face face, void* buf ) { - FT_Memory memory = face->memory; - - - FT_FREE( buf ); + FT_UNUSED( face ); + FT_UNUSED( buf ); }