Commit Graph

3521 Commits

Author SHA1 Message Date
Werner Lemberg a2d225e322 [truetype] Protect against code range underflow.
* src/truetype/ttinterp.c (DO_JROT, DO_JMPR, DO_JROF): Don't allow
negative IP values.
2010-07-01 11:37:09 +02:00
Werner Lemberg 462ddb4072 [truetype] Add rudimentary tracing for bytecode instructions.
* src/truetype/ttinterp.c (opcode_name) [FT_DEBUG_LEVEL_TRACE]: New
array.
(TT_RunIns): Trace opcodes.
2010-07-01 11:28:43 +02:00
Werner Lemberg 6305b869d8 Fix Savannah bug #30263.
* src/smooth/ftgrays.c (gray_render_span): Use cast to `unsigned
int' to avoid integer overflow.

* src/smooth/ftsmooth.c (ft_smooth_render_generic): Use smaller
threshold values for `width' and `height'.  This is not directly
related to the bug fix but makes sense anyway.
2010-06-30 18:24:33 +02:00
Werner Lemberg 0ae6cf214f Minor optimizations by avoiding divisions.
* src/sfnt/ttkern.c (tt_face_load_kern, tt_face_get_kerning):
Replace divisions with multiplication in comparisons.
2010-06-30 10:26:48 +02:00
Werner Lemberg ae425e5189 Fix minor tracing issues.
* src/cff/cffgload.c, src/truetype/ttgload.c: Adjust tracing levels.
2010-06-29 12:31:08 +02:00
Werner Lemberg 18b552f6ae [cff] Really fix `hintmask' and `cntrmask' limit check.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Fix thinko and handle tracing also.
2010-06-27 15:41:02 +02:00
Werner Lemberg 8bebaa74cc Fix valgrind warning.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Initialize
`result' array.
2010-06-27 15:10:15 +02:00
Werner Lemberg 4f7851e3d2 [cff] Fix memory leak.
* src/cff/cffgload.c (cff_operator_seac): Free charstrings even in
case of errors.
2010-06-27 13:03:54 +02:00
Werner Lemberg e9f0cdb6c0 [cff] Protect against invalid `hintmask' and `cntrmask' operators.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Ensure that we don't exceed `limit' while parsing
the bit masks of the `hintmask' and `cntrmask' operators.
2010-06-27 12:34:19 +02:00
Werner Lemberg 1c70fcbc0a Fix PFR change 2010-06-24.
* src/pfr/pfrgload.c (pfr_glyph_load_simple): Really protect against
invalid indices.
2010-06-27 00:43:23 +02:00
Werner Lemberg 91ea0bf80d Improve PFR tracing messages.
* src/pfr/pfrgload.c (pfr_glyph_load_rec): Emit tracing messages for
simple and compound glyph offsets.
2010-06-26 22:46:38 +02:00
Werner Lemberg 82ad8ab242 Fix last PFR change.
* src/pfr/pfrobjs.c (pfr_face_init): Fix rejection logic.
2010-06-26 09:45:41 +02:00
Werner Lemberg 7d91173643 Fix Savannah bug #30262.
* src/sfnt/ttload.c (tt_face_load_maxp): Limit `maxComponentDepth'
arbitrarily to 100 to avoid stack exhaustion.
2010-06-26 09:29:51 +02:00
Werner Lemberg 75787c19ea Add some memory checks (mainly for debugging).
* src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error
if the frame size is larger than the stream size.

* src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if
seeking a position larger than the stream size.
2010-06-26 09:24:08 +02:00
Werner Lemberg ea5babaa67 Fix Savannah bug #30261.
* src/pfr/pfrobjs.c (pfr_face_init): Reject fonts which contain
neither outline nor bitmap glyphs.
2010-06-25 22:44:37 +02:00
Werner Lemberg e23ba91af7 Fix Savannah bug #30254.
* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for
first offset also.
2010-06-25 21:55:14 +02:00
suzuki toshiya c69891a134 Initial fix for Savannah bug #30248 and #30249.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check the error during
reading a PFB fragment embedded in LaserWriter PS font for Macintosh.
Reported by Robert Swiecki.
2010-06-25 10:48:12 +09:00
Werner Lemberg 6fc12943e9 Fix Savannah bug #30247.
* src/pcf/pcfread.c (pcf_get_metrics): Disallow (invalid) fonts with
zero metrics.
2010-06-24 20:20:26 +02:00
Graham Asher e419f48b40 * src/smooth/ftgrays.c (gray_render_cubic): Fix algorithm.
The previous version was too aggressive, as demonstrated in
http://lists.gnu.org/archive/html/freetype-devel/2010-06/msg00020.html.
2010-06-24 12:50:46 +02:00
Werner Lemberg f765e4403c */*: Use module specific error names where appropriate. 2010-06-24 10:34:29 +02:00
Werner Lemberg 8b1c34da4c Fix Savannah bug #30236.
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Improve check for pointer
to `cmap_table'.
2010-06-24 08:48:10 +02:00
Werner Lemberg 3cf87f4d27 Fix Savannah bug #30235.
* src/pfr/pfrgload.c (pfr_glyph_load_simple): Protect against
invalid indices if there aren't any coordinates for indexing.
2010-06-24 08:20:56 +02:00
Werner Lemberg b21d7bc567 [bdf]: Font properties are optional.
* src/bdf/bdflib.c (_bdf_readstream): Use special error code to
indicate a redo operation.
(_bdf_parse_start): Handle `CHARS' keyword here too and pass current
input line to `_bdf_parse_glyph'.
2010-06-24 07:40:49 +02:00
Werner Lemberg 8c2c2556af Whitespace. 2010-06-24 07:36:21 +02:00
Werner Lemberg fb69029a7a Fix Savannah bug #30220.
* include/freetype/fterrdef.h
(BDF_Err_Missing_Fontboundingbox_Field): New error code.

* src/bdf/bdflib.c (_bdf_parse_start): Check for missing
`FONTBOUNDINGBOX' field.
Avoid memory leak if there are multiple `FONT' lines (which is
invalid but doesn't hurt).
2010-06-23 10:00:52 +02:00
Werner Lemberg ddc4b136d6 Fix Savannah bug #30168.
* src/pfr/pfrgload.c (pfr_glyph_load_compound): Limit the number of
subglyphs to avoid endless recursion.
2010-06-21 09:28:32 +02:00
Werner Lemberg 90b07bd541 Fix Savannah bug #30145.
* src/psaux/psobjs.c (t1_builder_add_contour): Protect against
`outline == NULL' which might happen in invalid fonts.
2010-06-20 16:27:36 +02:00
Werner Lemberg f4c94d4b5f Fix Savannah bug #30135.
* src/bdf/bdflib.c (_bdf_list_join): Don't modify value in static
string `empty'.
(_bdf_parse_glyph): Avoid memory leak in case of error.
2010-06-19 16:08:31 +02:00
Werner Lemberg 5d86cdce7e Fix Savannah bug #30108.
* src/autofit/afglobal.c (af_face_globals_compute_script_coverage):
Properly mask AF_DIGIT bit in comparison.
2010-06-15 08:29:30 +02:00
Werner Lemberg 8d22746c9e Fix Savannah bug #30106.
Point numbers for FreeType's implementation of hinting masks are
collected before the final number of points of a glyph has been
determined; in particular, the code for handling the `endchar'
opcode can reduce the number of points.

* src/pshinter/pshalgo.c (psh_glyph_find_strong_points): Assure that
`end_point' is not larger than `glyph->num_points'.
2010-06-12 01:32:20 +02:00
Werner Lemberg 3624110cc2 [cff]: Improve debugging output.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Implement it.
2010-06-11 23:00:22 +02:00
Graham Asher 7fb3ef64a2 ftgrays: Speed up rendering of small cubic splines.
* src/smooth/ftgrays.c (gray_render_cubic): Implement new,
simplified algorithm to find out whether the spline can be replaced
with two straight lines.  See this thread for more:

  http://lists.gnu.org/archive/html/freetype-devel/2010-06/msg00000.html
2010-06-10 08:10:57 +02:00
Werner Lemberg ad61f178e2 Oops, revert unwanted previous commit for ftgrays.c. 2010-06-09 15:18:57 +02:00
Werner Lemberg 7d3d2cc4fe Fix Savannah bug #30082.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_callothersubr>: Protect against stack underflow.
2010-06-09 09:14:09 +02:00
Werner Lemberg a4124bf088 Fix Savannah bug #30053.
* src/cff/cffparse (cff_parse_real): Handle border case where
`fraction_length' has value 10.
2010-06-08 09:21:39 +02:00
Werner Lemberg 370aea802c Formatting. 2010-06-08 08:37:11 +02:00
Werner Lemberg d087199f2c Fix Savannah bug #30052.
This bug has been introduced with commit 2415cbf3.

* src/base/ftobjs.c (FT_Get_First_Char, FT_Get_Next_Char): Protect
against endless loop in case of corrupted font header data.
2010-06-07 08:46:01 +02:00
Werner Lemberg c217bf19f0 Remove unused variable.
Found by Graham.

* src/autofit/afhints.c (af_glyph_hints_reload): Remove unused
variable `first' in first block.
2010-05-26 16:16:34 +02:00
Werner Lemberg e30de299f2 Fix various memory problems found by linuxtesting.org.
* src/base/ftgxval.c (FT_TrueTypeGX_Free, FT_ClassicKern_Free),
src/base/ftotval.c (FT_OpenType_Free), src/base/ftpfr.c
(ft_pfr_check): Check `face'.

* src/base/ftobjs.c (FT_Get_Charmap_Index): Check `charmap' and
`charmap->face'.
(FT_Render_Glyph): Check `slot->face'.
(FT_Get_SubGlyph_Info): Check `glyph->subglyphs'.

Improve API documentation.
2010-05-22 20:03:41 +02:00
Werner Lemberg 09344385ee autofit: Remove dead code.
Suggested by Graham.

* src/autofit/afhints.c (af_glyph_hints_compute_inflections):
Removed.
(af_glyph_hints_reload): Remove third argument.
Update all callers.
2010-05-22 07:43:22 +02:00
Bram Tassyns d7cc8f499a Fix Savannah bug #27987.
* src/cff/cffobjs.c (remove_subset_prefix): New function.
(cff_face_init): Use it to adjust `cffface->family_name'.
2010-05-21 10:14:58 +02:00
Werner Lemberg 6da023d1ff TrueType: Make FreeType ignore maxSizeOfInstructions in `maxp'.
Acroread does the same.

* src/truetype/ttgload.c (TT_Process_Composite_Glyph): Call
`Update_Max' to adjust size of instructions array if necessary and
add a rough safety check.

(load_truetype_glyph): Save `loader->byte_len' before recursive
call.

* src/truetype/ttinterp.h, src/truetype/ttinterp.c (Update_Max):
Declare it as FT_LOCAL.
2010-05-20 15:38:00 +02:00
Hongbo Ni 236fc8e15a Apply patch #7196.
* src/cff/cffgload.c (cff_slot_load): Prevent crash if CFF subfont
index is out of range.
2010-05-18 11:00:39 +02:00
Werner Lemberg 4c66924440 * docs/formats.txt: Give pointer to PCF documentation.
Information provided by Alan Coopersmith
<alan.coopersmith@oracle.com>.
2010-05-11 07:24:28 +02:00
Werner Lemberg 30b8480bbb Whitespace. 2010-05-11 00:06:02 +02:00
Ken Sharp 88169b107a Fix Savannah bug #29846.
Previously we discovered fonts which used `setcurrentpoint' to set
the initial point of a contour to 0,0.  This caused FreeType to
raise an error, because the `setcurrentpoint' operator is only
supposed to be used with the results from an OtherSubr subroutine.

This was fixed by simply ignoring the error and carrying on.

Now we have found a font which uses setcurrentpoint to actually
establish a non-zero point for a contour during the course of a
glyph program.  FWIW, these files may be produced by an application
called `Intaglio' on the Mac, when converting TrueType fonts to
Type 1.

The fix allows the new invalid behaviour, the old invalid behaviour
and real proper usage of the operator to work the same way as Adobe
interpreters apparently do.

(t1_decoder_parse_charstrings): Make `setcurrentpoint' use the top
two elements of the stack to establish unconditionally the current x
and y coordinates.

Make the `flex' subroutine handling (OtherSubr 0) put the current
x,y coordinates onto the stack, instead of two dummy uninitialised
values.
2010-05-11 00:03:33 +02:00
Ken Sharp 54e63755f3 Fix Savannah bug #29444.
* src/psaux/psobjs.c (t1_builder_start_point): Accept (invalid)
`lineto' immediately after `hsbw', in accordance with Acrobat, GS,
and others.
2010-04-14 23:38:35 +02:00
Michał Cichoń 08e254e0a6 Fix Savannah bug #27999.
* src/cache/ftcmanag.c (FTC_Manager_RemoveFaceID): Only remove
selected entry, not all.
2010-04-14 21:25:30 +02:00
Werner Lemberg 4b407fff2e Typo. 2010-04-14 15:47:04 +02:00
Jonathan Kew 25e742c573 Add overflow check to `fvar' table.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Check axis and instance
count.
2010-04-06 16:42:56 +02:00