When creating a CID parser the location of the 'StartData' or '/sfnts'
tokens needs to be known. However, the token parser requires that the
entire document be in memory and flattening the entire stream into memory is
to be avoided.
To avoid forcing the entire stream into memory, previously this code would
scan through the stream looking for 'StartData' or '/sfnts' as strings.
However, these strings could have been in a comment or string token, so the
stream would be read into memory up to that point and the parser run to
check that these strings were actually tokens. This forced a parser restart
from the beginning each time; as a result, data with many 'StartData'
non-tokens would take n^2 time to check.
* src/cid/cidparse.c (cid_parser_new): Change algorithm to make the initial
scan look for the last possible 'StartData' or '/sfnts' string in the
stream. The stream is read forward instead of backward as a typical normal
CID font will have one 'StartData' toward the beginning of the data and it
it much faster to read the data from beginning to end instead of end to
beginning. For memory-based fonts the limit is set to the end of the stream
since the stream is already in memory. Then the parser is run once to look
for 'StartData' or '/sfnts' tokens. If they are found the parser is re-set
to reflect this new information.
Reported as
https://issues.chromium.org/issues/40201695
Technically, `strtol` can only be used with C strings terminated with
`\0`. CID data is not generally null-terminated and often does not
contain a `\0` if it is hex-encoded. AddressSanitizer with `ASAN_OPTIONS`
containing `strict_string_checks=1` verifies this by using an adversarial
`strtol` that always reads to the terminating `\0`.
To avoid undefined behavior from `strtol` in `cid_parser_new`, use the
parser to parse the tokens instead of attempting to parse them ad-hoc.
This will internally use `PS_Conv_Strtol` to parse the integer, which
respects the parser's limits and directly implements the PostScript
parsing rules for integers.
* src/cid/cidparse.c (cid_parser_new): Use the parser to parse the
tokens.
Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329
This is mainly for better diagnostics of malformed fonts.
* src/bdf/bdflib.c (_bfd_readstream): Stop font format testing if the first
input line is too long or doesn't end with `\r` or `\n`.
* src/cid/cidparse.c (cid_parser_new): Don't handle too short input as an
error but as an unknown format.
* src/pfr/pfrobjs.c (pfr_face_init): Ditto.
* src/winfonts/winfnt.c (fnt_font_load, fnt_face_get_dll_font): Ditto.
We no longer have to take care of the 8.3 file name limit; this
allows us (a) to introduce longer, meaningful file names, and (b) to
avoid macro names in `#include' lines altogether since some
compilers (most notably Visual C++) doesn't support this properly.
*/*: Replace
#include FOO_H
with
#include <freetype/foo.h>
or something similar. Also update the documentation.
This monster commit was created by applying Nikhil's scripts
`docconverter.py' and `markify.py' to all C header and source files,
followed up by minor manual clean-up.
No change in functionality, of course.
I used commit f7419907bc6044b9b7057f9789866426c804ba82 from
https://github.com/nikramakrishnan/freetype-docs.git.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
started with `StartData' in CID-keyed Type 1 fonts.
* include/freetype/internal/t1types.h (CID_FaceRec): Add new
members `binary_data' and `cid_stream'.
* src/cid/cidload.c (cid_read_subrs): Use `face->cid_stream'.
(cid_hex_to_binary): New auxiliary function.
(cid_face_open): Add new argument `face_index' to return quickly
if less than zero. Updated all callers.
Call `cid_hex_to_binary', then open and assign memory stream to
`face->cid_stream' if `parser->binary_length' is non-zero.
* src/cid/cidload.h: Updated.
* src/cid/cidobjs.c (cid_face_done): Free `binary_data' and
`cid_stream'.
* src/cid/cidparse.c (cid_parser_new): Check arguments to
`StartData' and set parser->binary_length accordingly.
* src/cid/cidparse.h (CID_Parser): New member `binary_length'.
* src/cid/cidgload.c (cid_load_glyph): Use `face->cid_stream'.
* docs/CHANGES: Updated.
include/freetype/config/ftstdlib.h (ft_atoi): Replaced with...
(ft_atol): This.
* src/base/ftdbgmem.c: s/atol/ft_atol/.
* src/type42/t42drivr.c: s/ft_atoi/ft_atol/.
FTC_FaceID.
* src/cff/cffdrivr.c (cff_get_cmap_info): Call sfnt module's TT CMap
Info service function if the cmap comes from sfnt. Return 0 if the
cmap is sythesized in cff module.
Formatting; updating copyright.
correctly. This doesn't slow down the loading of PS fonts
significantly since charstrings aren't affected.
* include/freetype/config/ftstdlib.h (ft_xdigit): Renamed to...
(ft_isxdigit): This. Updated all callers.
(ft_isdigit): New alias to `isdigit'.
* include/freetype/internal/psaux.h (PS_Parser_FuncsRec): Renamed
`skip_alpha' to `skip_PS_token'.
Add parameter to `to_bytes' and change some argument types.
* src/psaux/psauxmod.c (ps_parser_funcs): Updated.
* src/psaux/psobjs.c (ft_char_table): New array to map character
codes (ASCII and EBCDIC) of digits to numbers.
(OP): New auxiliary macro holding either `>=' or `<' depending on
the character encoding.
(skip_comment): New function.
(skip_spaces): Use it.
(skip_alpha): Removed.
(skip_literal_string, skip_string): New functions.
(ps_parser_skip_PS_token): New function. This is a better
replacement of...
(ps_parser_skip_alpha): Removed.
(ps_parser_to_token, ps+parser_to_token_array): Updated.
(T1Radix): Rewritten, using `ft_char_table'.
(t1_toint): Renamed to...
(ps_toint): This. Update all callers.
Use `ft_char_table'.
(ps_tobytes): Add parameter to handle delimiters and change some
argument types.
Use `ft_char_table'.
(t1_tofixed): Renamed to...
(ps_tofixed): This. Update all callers.
Use `ft_char_table'.
(t1_tocoordarray): Renamed and updated to...
(ps_tocoordarray): This. Update all callers.
(t1_tofixedarray): Renamed and updated to...
(ps_tofixedarray): This. Update all callers.
(t1_tobool): Renamed to...
(ps_tobool): This. Update all callers.
(ps_parser_load_field): Updated.
(ps_parser_load_field_table): Use `T1_MAX_TABLE_ELEMENTS'
everywhere.
(ps_parser_to_int, ps_parser_to_fixed, ps_parser_to_coord_array,
ps_parser_to_fixed_array): Skip spaces. Updated.
(ps_parser_to_bytes): Add parameter to handle delimiters and change
some argument types. Updated.
* src/psaux/psobjs.h: Updated.
* src/cid/cidload.c (cid_parse_dict): Updated.
* src/cid/cidparse.c (cid_parser_new): Check whether the `StartData'
token was really found.
* src/cid/cidparse.h (cid_parser_skip_alpha): Updated and renamed
to...
(cid_parser_skip_PS_token): This.
* src/type1/t1parse.h (T1_ParserRec): Use `FT_Bool' for boolean
fields.
(T1_Skip_Alpha): Replaced with...
(T1_Skip_PS_Token): This new macro.
* src/type1/t1parse.c (hexa_value): Removed.
(T1_Get_Private_Dict): Use `ft_isxdigit' and
`psaux->ps_parser_funcs_to_bytes' for handling ASCII hexadecimal
encoding.
After decrypting, replace the four random bytes at the beginning
with whitespace.
* src/type1/t1load.c (t1_allocate_blend): Use proper error values.
(parser_blend_design_positions, parse_blend_design_map,
parse_weight_vector): Updated.
(is_space): Handle `\f' also.
(is_name_char): Removed.
(read_binary_data): Updated.
(parse_encoding): Use `ft_isdigit'.
Updated.
(parse_subrs): Updated.
(TABLE_EXTEND): New macro.
(parse_charstrings): Updated.
Provide a workaround for buggy fonts which have more entries in the
/CharStrings dictionary then expected; the function now adds some
slots and skips entries which still exceed the new limit.
(parse_dict): Updated.
Terminate on the token `closefile'.
* src/type42/t42parse.c (T1_Skip_Alpha): Replaced with...
(T1_Skip_PS_Token): This new macro. Updated all callers.
(t42_parse_encoding): Use `ft_isdigit'.
* src/base/ftmm.c (ft_face_get_mm_service): Return FT_Err_OK if
success.
want to list them all here. The operations performed were all logical
transformations of the sources:
- trying to convert all enums and constants to CAPITALIZED_STYLE, with
#define definitions like
#define my_old_constants MY_NEW_CONSTANT
- big, big update of the documentation comments
* include/freetype/freetype.h, src/base/ftobjs.c, src/smooth/ftsmooth.c,
include/freetype/ftimage.h: adding support for LCD-optimized rendering
though the new constants/enums:
FT_RENDER_MODE_LCD, FT_RENDER_MODE_LCD_V
FT_PIXEL_MODE_LCD, FT_PIXEL_MODE_LCD_V
this is still work in progress, don't expect everything to work correctly
though most of the features have been implemented.
* adding new FT_LOAD_XXX flags, used to specify both hinting and rendering
targets:
FT_LOAD_TARGET_NORMAL :: anti-aliased hinting & rendering
FT_LOAD_TARGET_MONO :: monochrome bitmaps
FT_LOAD_TARGET_LCD :: horizontal RGB/BGR decimated hinting & rendering
FT_LOAD_TARGET_LCD_V :: vertical RGB/BGR decimated hinting & rendering
note that FT_LOAD_TARGET_NORMAL is 0, which means that the default
behaviour of the font engine is _unchanged_.
warn about the GNU Make requirement at compile time..
* include/freetype/config/ftstdlib.h,
include/freetype/config/ftconfig.h,
include/freetype/config/ftheader.h,
include/freetype/internal/ftmemory.h,
include/freetype/internal/ftobjs.h,
src/autohint/ahoptim.c,
src/base/ftdbgmem.c, src/base/ftdebug.c,
src/base/ftmac.c, src/base/ftobjs.c,
src/base/ftsystem.c,
src/cache/ftcimage.c, src/cache/ftcsbits.c,
src/cff/cffdriver.c, src/cff/cffload.c, src/cff/cffobjs.c,
src/cid/cidload.c, src/cid/cidparse.c, src/cid/cidriver.c,
src/pcf/pcfdriver.c, src/pcf/pcfread.c,
src/psaux/t1cmap.c, src/psaux/t1decode.c,
src/pshinter/pshalgo1.c, src/pshinter/pshalgo2.c,
src/pshinter/pshrec.c,
src/psnames/psmodule.c,
src/raster/ftraster.c,
src/sfnt/sfdriver.c, src/sfnt/ttload.c, src/sfnt/ttpost.c,
src/smooth/ftgrays.c,
src/type1/t1afm.c, src/type1/t1driver.c, src/type1/t1gload.c,
src/type1/t1load.c, src/type1/t1objs.c, src/type1/t1parse.c:
added the new configuration file "ftstdlib.h" used to define
aliases for all ISO C library functions used by the engine
(e.g. strlen, qsort, setjmp, etc...)
this eases the porting of FreeType 2 to exotic environments like
XFree86 modules/extensions..
also removed many #include <string.h>, #include <stdlib.h>, etc...
from the engine's sources where they're not needed..
changed the names of memory macros. Examples:
MEM_Set => FT_MEM_SET
MEM_Copy => FT_MEM_COPY
MEM_Move => FT_MEM_MOVE
ALLOC => FT_ALLOC
FREE => FT_FREE
REALLOC = >FT_REALLOC
FT_NEW was introduced to allocate a new object from a _typed_
pointer..
note that ALLOC_ARRAY and REALLOC_ARRAY have been replaced
by FT_NEW_ARRAY and FT_RENEW_ARRAY which take _typed_ pointer
arguments.
This results in _lots_ of sources being changed, but makes the
code more generic and less error-prone..