642bc7590c introduced dynamically
allocated memory when parsing CFF files with the "old" engine. Bounds
checks have never been updated, however, leading to pointless
comparisons of pointers in some cases. This commit presents a
solution for bounds checks in the CFF module with an extended logic
for the "old" engine while staying as concise as possible for the
"new" one.
* src/cff/cffparse.h: Introduce the struct `CFF_T2_StringRec' and
the additional field `t2_strings' within `CFF_ParserRec'.
* src/cff/cffparse.c (cff_parser_within_limits): Move all boundary
checks into this new function and update the rest of `cffparse.c' to
use it.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12137
==========================
Tag sources with `VER-2-10-0'.
* docs/VERSION.TXT: Add entry for version 2.10.0.
* docs/CHANGES: Updated.
* README, Jamfile (RefDoc), src/base/ftver.rc,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.9.1/2.10.0/, s/291/2100/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 10.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 23:0:17.
* CMakeLists.txt (VERSION_MINOR): Set to 10.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (version, winversion): Since the minor version
number has two digits now, never omit the patch number. We would
get ambiguous zip file names otherwise.
(dist): Remove remnants of `docmaker' tool.
(do-dist): Remove unused intermediate files.
* src/cff/cffparse.c (destrict_c2s_item): Guard function with
CFF_CONFIG_OPTION_OLD_ENGINE macro.
* src/base/ftcalc.c (FT_Matrix_Check): New base function to properly
reject degenerate font matrices.
* include/freetype/internal/ftcalc.h: Updated.
* src/cff/cffparse.c (cff_parse_font_matrix), src/cid/cidload.c
(cid_parse_font_matrix), src/type1/t1load.c (t1_parse_font_matrix),
src/type42/t42parse.c (t42_parse_font_matrix): Use
`FT_Matrix_Check'.
This monster commit was created by applying Nikhil's scripts
`docconverter.py' and `markify.py' to all C header and source files,
followed up by minor manual clean-up.
No change in functionality, of course.
I used commit f7419907bc6044b9b7057f9789866426c804ba82 from
https://github.com/nikramakrishnan/freetype-docs.git.
*/* [FT_CONFIG_OPTION_PIC]: Remove all code guarded by this
preprocessor symbol.
*/*: Replace `XXX_GET' macros (which could be either a function in
PIC mode or an array in non-PIC mode) with `xxx' arrays.
* include/freetype/internal/ftpic.h, src/autofit/afpic.c,
src/autofit/afpic.h, src/base/basepic.c, src/base/basepic.h,
src/base/ftpic.c, src/cff/cffpic.c, src/cff/cffpic.h,
src/pshinter/pshpic.c, src/pshinter/pshpic.h, src/psnames/pspic.c,
src/psnames/pspic.h, src/raster/rastpic.c, src/raster/rastpic.h,
src/sfnt/sfntpic.c, src/sfnt/sfntpic.h, src/smooth/ftspic.c,
src/smooth/ftspic.h, src/truetype/ttpic.c, src/truetype/ttpic.h:
Removed.
* include/freetype/internal/psaux.h, src/psaux/psauxmod.c: Fix
switching between new and old engines.
* src/cff/cffgload.c, src/cff/cffparse.c: Update calls.
* src/psaux/psblues.c, src/psaux/psfont.c, src/psaux/psfont.h,
src/psaux/psft.c, src/psaux/psft.h, src/psaux/psintrp.c: Update all
to use new objects.
NOTE: Does not compile!
* include/freetype/internal/psaux.h: Include
FT_INTERNAL_TRUETYPE_TYPES_H.
(CFF_Builder_FuncsRec, CFF_Decocer_FuncsRec): New function tables.
(CFF_Builder): Updated.
Fix for forward declaration.
(PSAux_ServiceRec): New field `cff_decoder_funcs'.
* src/psaux/psauxmod.c (cff_builder_funcs, cff_decoder_funcs): New
function tables.
(PSAux_Interface): Updated.
* include/freetype/internal/tttypes.h (TT_FaceRec): Add `psaux'
service interface.
* src/cff/cffgload.c, src/cff/cffobjs.c, src/cff/cffparse.c: Update
function calls to use psaux service.
This commit handles the old engine.
* src/cff/cffgload.c: Include FT_INTERNAL_CALC_H.
(cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and
OVERFLOW_SUB_LONG where needed.
* src/cff/cffparse.c: Include FT_INTERNAL_CALC_H.
(power_ten_limits): New static array.
(do_fixed): Use it to prevent multiplication overflow.
(cff_parser_run): Use OVERFLOW_ADD_LONG.
* src/cff/cffload.c (FT_fdot14ToFixed): Fix casting.
(cff_blend_doBlend): Don't left-shift negative numbers.
Handle 5-byte numbers byte by byte to avoid alignment issues.
* src/cff/cffparse.c (cff_parse): Handle 5-byte numbers byte by byte
to avoid alignment issues.
* src/cid/cidload (cid_read_subrs): Do nothing if we don't have any
subrs.
* src/psaux/t1decode.c (t1_decode_parse_charstring): Fix tracing.
* src/tools/glnames.py (main): Put `DEFINE_PSTABLES' guard around
definition of `ft_get_adobe_glyph_index'.
* src/psnames/pstables.h: Regenerated.
* src/psnames/psmodule.c: Inlude `pstables.h' twice to get both
declaration and definition.
* src/truetype/ttgxvar.c (FT_fdot14ToFixed, FT_intToFixed): Fix
casting.
The font variation code. All parts dependent on the GX code in the
`truetype' module are guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
In other words, you can still compile the `cff' module without
defining TT_CONFIG_OPTION_GX_VAR_SUPPORT (which brings you CFF2
support without font variation).
* src/cff/cf2font.c (cf2_font_setup): Add support for font
variation.
* src/cff/cf2font.h (CF2_Font): Add fields for variation data.
* src/cff/cf2ft.c (cf2_free_instance): Free blend data.
(cf2_getVStore, cf2_getNormalizedVector): New functions.
* src/cff/cf2ft.h: Updated.
* src/cff/cf2intrp.c: Include `cffload.h'.
(cf2_cmdRESERVED_15, cf2_cmdRESERVED_16): Replace with...
(cf2_cmdVSINDEX, cf2_cmdBLEND): ... this new enum values.
(cf2_doBlend): New function.
(cf2_interpT2CharString): Handle `vsindex' and `blend' opcodes.
* src/cff/cffload.c (FT_fdot14ToFixed): New macro.
(cff_vstore_done, cff_vstore_load): New functions.
(cff_blend_clear, cff_blend_doBlend, cff_blend_build_vector,
cff_blend_check_vector): New functions.
(cff_load_private_dict): Add arguments for blend vector.
Handle blend data.
(cff_subfont_load, cff_subfont_done): Updated.
(cff_font_load): Handle CFF2 variation store data.
(cff_font_done): Updated.
* src/cff/cffload.h: Include `cffparse.h'.
Updated.
* src/cff/cffobjs.c (cff_face_done): Updated.
* src/cff/cffparse.c: Include `cffload.h'.
(cff_parse_num): Handle internal value 255.
(cff_parse_vsindex, cff_parse_blend): New functions.
(CFF_FIELD_BLEND): New macro.
(cff_parser_run): Updated.
* src/cff/cffparse.h (cff_kind_blend): New enum value.
* src/cff/cfftoken.h: Handle `vstore', `vsindex', and `blend'
dictionary values.
* src/cff/cfftypes.h (CFF_VarData, CFF_AxisCoords, CFF_VarRegion,
CFF_VStore, CFF_Blend): New structures.
(CFF_FontRecDict): Add `vstore_offset' field.
(CFF_Private): Add `vsindex' field.
(CFF_SubFont): Add fields for blend data.
(CFF_Font): Add `vstore' field.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): `CFF2' is equal to `gvar',
since glyph variation data is directly embedded.
(TT_Set_MM_Blend): Don't load `gvar' table for CFF2 fonts.
* include/freetype/config/ftstdlib.h (FT_LONG_MIN): New macro.
* src/cff/cffparse.c (cff_parse_font_matrix): Use largest scaling
value of all matrix coefficients to scale matrix.
* src/cff/cffobjs.c (cff_face_init): Use `matrix->yx' member for
matrix normalization if `matrix->yy' is zero.
Now all glyphs of MM CFFs like `ITCGaramondMM-It.otf' can be
displayed.
* src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_store,
cff_op_load>: Partially implement it.
* src/cff/cffparse.c (cff_parser_init): Add new parameter to pass
the number of Multiple Master axes.
Update all callers.
(cff_parse_multiple_master): Get number of axes.
(cff_parser_run) <opcode 31>: Updated.
* src/cff/cffparse.h: Updated.
(CFF_ParserRec): Add `num_axes' field.
* src/cff/cffload.c: Updated.
* src/cff/cfftypes.h (CFF_FontRecDictRec): Add `num_axes' field.
The new code only displays the first master in the font.
* src/cff/cffgload.c (cff_decode_parse_charstrings): Add new
parameter to allow function calls from dictionaries also.
<cff_op_blend>: Partially implement it.
Update all callers.
* src/cff/cffgload.h: Updated.
* src/cff/cffparse.c (cff_parser_init): Add new parameter to pass the
number of Multiple Master designs.
Update all callers.
(cff_parse_multiple_master): New function to rudimentarily parse
operator.
(cff_parser_run): Handle `T2' operator.
* src/cff/cffparse.h: Updated.
(CFF_ParserRec): Add `num_designs' field.
* src/cff/cffload.c: Updated.
* src/cff/cfftoken.h: Handle `MultipleMaster' operator.
* src/cff/cfftypes.h (CFF_FontRecDictRec): Add `num_designs' field.
* src/sfnt/sfobjs.c (sfnt_init_face): Don't handle `fvar' table for
MM CFFs.
* src/base/ftcalc.c (FT_DivFix): Use unsigned values for
computations which use the left shift operator and convert to signed
as the last step.
* src/base/fttrigon.c (ft_trig_prenorm, FT_Vector_Rotate,
FT_Vector_Length, FT_Vector_Polarize): Ditto.
* src/cff/cffgload.c (cff_decoder_parse_charstrings): Simplify.
* src/cff/cffload.c (cff_subfont_load): Fix constant.
* src/cff/cffparse.c (cff_parse_integer, cff_parse_real, do_fixed,
cff_parse_fixed_dynamic): Use unsigned values for computations which
use the left shift operator and convert to signed as the last step.
* src/cid/cidload.c (cid_get_offset): Ditto.
* src/psaux/psconv.c (PS_Conv_ToFixed): Ditto.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Ditto.
* src/truetype/ttinterp.c (TT_MulFix14, TT_DotFix14): Ditto.
Armin Hasitzka