minhngoc25a
/
freetype2
mirror of git://git.savannah.gnu.org/freetype/freetype2.git
2
1
Fork 2
Code Issues 4 Releases Wiki Activity
6,241 Commits 82 Branches 119 Tags 33 MiB
Commit Graph

318 Commits

Author SHA1 Message Date
Werner Lemberg 2a1597826a [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7739

* src/truetype/ttinterp.c (Ins_CEILING): Use FT_PIX_CEIL_LONG.
 2018-04-17 12:25:17 +02:00
Werner Lemberg 70ac167c47 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718

* src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
 2018-04-16 10:39:10 +02:00
Werner Lemberg 235b1e2fe6 [truetype]: Limit `SLOOP' bytecode argument to 16 bits. 
This fixes

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7707

* src/truetype/ttinterp.c (Ins_SLOOP): Do it.
 2018-04-15 21:55:04 +02:00
Werner Lemberg 827ca3bcf2 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7652

* src/truetype/ttinterp.c (Ins_MDAP): Use SUB_LONG.
 2018-04-14 07:20:31 +02:00
Werner Lemberg bd9400bd46 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7453

* src/truetype/ttinterp.c (Round_Super, Round_Super_45): Use
ADD_LONG and SUB_LONG.
 2018-04-09 21:28:37 +02:00
Werner Lemberg efd13c5d1b * src/truetype/ttinterp.c (TT_RunIns): Fix tracing arguments. 2018-03-01 22:17:54 +01:00
Werner Lemberg 4a03f17449 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6027

* src/truetype/ttinterp.c (Ins_MSIRP, Ins_MIAP, Ins_MIRP): Use
SUB_LONG; avoid FT_ABS.
 2018-02-06 02:23:19 +01:00
Werner Lemberg 29c759284e * src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
 2018-01-27 14:43:43 +01:00
Werner Lemberg 0a0c22569d Update copyright year. 2018-01-02 09:33:57 +01:00
Werner Lemberg 98ba0c4a37 New `ftdriver.h' file, covering all driver modules. 
This reduces redundancy and increases synergy; it also reduces the
number of header files.

* include/freetype/config/ftheader.h (FT_DRIVER_H): New macro.
(FT_AUTOHINTER_H, FT_CFF_DRIVER_H, FT_TRUETYPE_DRIVER_H,
FT_PCF_DRIVER_H, FT_TYPE1_DRIVER_H): Make them aliases to
FT_DRIVER_H.

* include/freetype/ftautoh.h, include/freetype/ftcffdrv.h,
include/freetype/ftpcfdrv.h, include/freetype/ftt1drv.h,
include/freetype/ftttdrv.h: Replaced with...
* include/freetype/ftdriver.h: ...this new file.
(FT_CFF_HINTING_ADOBE, FT_T1_HINTING_ADOBE): Renamed to...
(FT_HINTING_ADOBE): ... this new macro.
(FT_CFF_HINTING_FREETYPE, FT_T1_HINTING_FREETYPE): Renamed to...
(FT_HINTING_FREETYPE): ... this new macro.

* src/*/*: Updated accordingly.
 2017-12-08 18:41:49 +01:00
Werner Lemberg 71fecc539e Improve tracing messages by using singular and plural forms. 
* src/*/*.c: Implement it.
 2017-12-05 12:06:29 +01:00
Ben Wagner c06b9cf56d [truetype] Really, really fix #52082. 
* src/truetype/ttinterp.c (Ins_MDRP): Correct conditional.
 2017-09-28 19:08:38 +02:00
Ben Wagner 63be40bccf [truetype] Really fix #52082. 
* src/truetype/ttinterp.c (Ins_MDRP): Correct conditional.
 2017-09-23 00:44:59 +02:00
Werner Lemberg 6d04bd991b [truetype] Integer overflow (#52082). 
* src/truetype/ttinterp.c (Ins_MDRP): Avoid FT_ABS.
 2017-09-21 21:22:51 +02:00
Werner Lemberg eaa9adf325 [truetype] Integer overflows. 
Changes triggered by

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3429

* src/truetype/ttinterp.c (Ins_SHPIX, Ins_DELTAP): Use NEG_LONG.
(Ins_MIAP): Use SUB_LONG.
 2017-09-20 08:00:05 +02:00
Werner Lemberg 0aca17cf53 [truetype] Integer overflow. 
Changes triggered by

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3107

* src/truetype/ttinterp.c (Ins_MDRP, Ins_MIRP, Ins_ALIGNPTS): Use
NEG_LONG.
 2017-08-22 08:25:14 +02:00
Werner Lemberg 17196b7c74 [truetype] Integer overflow. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2868

* src/truetype/ttinterp.c (Ins_ALIGNRP): Use NEG_LONG.
 2017-08-05 18:58:34 +02:00
Nikolaus Waxweiler 7f44c2db24 [truetype] Do not set any ClearType flags in v40 monochrome mode. 
This fixes weird behavior of instructions that resulted in rendering
differences between v35 and v40 in monochrome mode, e.g., in
`timesbi.ttf'.

* src/truetype/ttinterp.c (Ins_GETINFO)
[TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Check
`subpixel_hinting_lean'.
 2017-08-03 06:15:30 +02:00
Werner Lemberg ca799e9be5 [truetype] Integer overflow. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455

* src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG.
 2017-07-03 06:27:52 +02:00
Werner Lemberg dde8f5abbe [truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391

* src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use
NEG_LONG.

* src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG.
 2017-06-27 06:16:04 +02:00
Werner Lemberg b27cef27ff [truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364

* src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG.
 2017-06-24 20:17:46 +02:00
Werner Lemberg 298e2ea5a6 [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328

* src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and
SUB_INT32.

* src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG.
 2017-06-22 11:52:43 +02:00
Werner Lemberg 8c763fb1be [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313

* src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32.

* src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
 2017-06-20 07:49:52 +02:00
Werner Lemberg 4dc00cf5c0 [truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278

* src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use
ADD_LONG and SUB_LONG.
 2017-06-16 13:33:09 +02:00
Werner Lemberg 5c402d97af [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218

* src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32.

* src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.
 2017-06-13 06:56:48 +02:00
Werner Lemberg 9038837ee2 [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186

* src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32.

* src/truetype/ttinterp.c (Round_None, Round_To_Grid,
Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid,
Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG,
SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG,
FT_PAD_ROUND_LONG
(Ins_SxVTL, Ins_MIRP): Use SUB_LONG.
(_iup_worker_shift): Use SUB_LONG and ADD_LONG.
 2017-06-09 20:42:46 +02:00
Werner Lemberg dcd8de272f */*: Remove `OVERFLOW_' prefix. 
This increases readability.
 2017-06-09 11:21:58 +02:00
Werner Lemberg 7bffeacd7e [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137

* src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32.

* src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use
OVERFLOW_SUB_LONG.
 2017-06-07 17:08:01 +02:00
Werner Lemberg 9fa8a2997f [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088

* src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32.

* src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG,
OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.
 2017-06-04 20:43:08 +02:00
Werner Lemberg addb2dddb6 [base, cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068

* src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.

* src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c
(cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32.

* src/truetype/ttgload.c (compute_glyph_metrics): User
OVERFLOW_SUB_LONG.

* src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig,
Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X,
Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
 2017-06-03 21:05:42 +02:00
Werner Lemberg 1ea343228d [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057

* src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32.

* src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG.
(Ins_SUB): Use OVERFLOW_SUB_LONG.
(Ins_NEG): Use NEG_LONG.
 2017-06-03 06:52:13 +02:00
Werner Lemberg 8d435c463d * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. 
Problem reported by Marek Kašík <mkasik@redhat.com>.

The problematic font that exceeds the old limit is Padauk-Bold,
version 3.002, containing bytecode generated by a buggy version of
ttfautohint.
 2017-06-01 07:09:44 +02:00
Nikolaus Waxweiler a0455468fd [truetype] Always use interpreter v35 for B/W rendering (#51051). 
* src/truetype/ttgload.c (tt_loader_init)
[TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Adjust
`subpixel_hinting_lean', `grayscale_cleartype', and
`vertical_lcd_lean' accordingly.

* src/truetype/ttinterp.c (Ins_GETINFO): Updated.
(TT_RunIns): Update `backward_compatibility' flag.
 2017-05-20 07:28:46 +02:00
Werner Lemberg 8cd31eb7b0 */*: s/backwards compatibility/backward compatibility/. 2017-05-03 23:54:29 +02:00
Werner Lemberg 5f18d867c0 [truetype] Do linear scaling for FT_LOAD_NO_HINTING (#50470). 
* src/truetype/ttobs.h (TT_SizeRec): Add field `hinted_metrics' to
hold hinted metrics.
Make `metrics' a pointer so that `tt_glyph_load' can easily switch
between metrics.

* src/truetype/ttdriver.c (tt_size_request): Updated.
(tt_glyph_load): Use top-level metrics if FT_LOAD_NO_HINTING is
used.

* src/truetype/ttgload.c (TT_Hint_Glyph, TT_Process_Simple_Glyph,
TT_Process_Composite_Component, load_truetype_glyph,
compute_glyph_metrics, TT_Load_Glyph): Updated.

* src/truetype/ttinterp.c (TT_Load_Context): Updated.

* src/truetype/ttobjs.c (tt_size_reset): Updated.

* src/truetype/ttsubpix.c (sph_set_tweaks): Updated.
 2017-04-26 11:40:28 +02:00
Werner Lemberg 093c182058 [truetype] Avoid reexecution of `fpgm' and `prep' in case of error. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=981

* include/freetype/fterrdef.h (FT_Err_DEF_In_Glyf_Bytecode): New
error code.

* src/truetype/ttinterp.c (Ins_FDEF, Ins_IDEF): Prohibit execution
of these two opcodes in `glyf' bytecode.
(TT_RunIns): Don't enforce reexecution of `fpgm' and `prep' bytecode
in case of error since function tables can no longer be modified
(due to the changes in `Ins_FDEF' and `Ins_IDEF').  This change can
enormously speed up handling of broken fonts.
 2017-04-03 11:37:33 +02:00
Werner Lemberg 3e79254ae7 * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter (#50573). 
The problematic font that exceeds the old limit is Lato-Regular,
version 2.007, containing bytecode generated by a buggy version of
ttfautohint.
 2017-03-18 10:06:15 +01:00
Werner Lemberg 13fa85a246 [truetype] Another limitation for bytecode loop count maximum. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=900

* src/truetype/ttinterp.c (TT_RunIns): Limit `loopcall_counter_max'
by number of glyphs also.
 2017-03-18 09:42:58 +01:00
Werner Lemberg 9931175dcc Improve `make multi'. 
* src/autofit/aflatin2.c: Guard file with FT_OPTION_AUTOFIT2.

* src/base/ftmac.c: Guard more parts of the file with FT_MACINTOSH.

* src/psaux/afmparse.c: Guard file with T1_CONFIG_OPTION_NO_AFM.

* src/sfnt/pngshim.c: Guard file with
TT_CONFIG_OPTION_EMBEDDED_BITMAPS also.

* src/sfnt/ttbdf.c: Avoid empty source file.
* src/sfnt/ttpost.c: Guard file with
TT_CONFIG_OPTION_POSTSCRIPT_NAMES.
* src/sfnt/ttsbit.c: Guard file with
TT_CONFIG_OPTION_EMBEDDED_BITMAPS.

* src/truetype/ttgxvar.c, src/truetype/ttinterp.c: Avoid empty
source file.

* src/truetype/ttsubpix.c: Guard file with
TT_USE_BYTECODE_INTERPRETER also.

* src/type1/t1afm.c: Guard file with T1_CONFIG_OPTION_NO_AFM.

* src/autofit/autofit.c, src/base/ftbase.c, src/cache/ftcache.c,
src/cff/cff.c, src/cid/type1cid.c, src/gxvalid/gxvalid.c,
src/pcf/pcf.c, src/pfr/pfr.c, src/psaux/psaux.c,
src/pshinter/pshinter.c, src/psnames/psnames.c, src/raster/raster.c,
src/sfnt/sfnt.c, src/smooth/smooth.c, src/truetype/truetype.c,
src/type1/type1.c, src/type42/type42.c: Remove conditionals; sort
entries.
 2017-03-18 07:06:49 +01:00
Werner Lemberg 43061d6a93 * src/truetype/ttinterp.c (TT_RunIns): Adjust loop detector limits. 2017-01-20 10:16:38 +01:00
Alexei Podtelezhnikov 236bbdbef9 Typos. 2017-01-18 23:12:31 -05:00
Werner Lemberg 563ae78022 Update copyright year. 2017-01-04 20:16:34 +01:00
Werner Lemberg f80c4473b6 Replace `++foo' and `--foo' with `foo++' and `foo--', resp. 2016-12-26 23:57:45 +01:00
Werner Lemberg 4441f7b246 Replace `foo == NULL' and `foo != NULL' with `!foo' and `foo', resp. 
Other minor formatting.
 2016-12-26 17:08:17 +01:00
Werner Lemberg 37c72f66a5 Minor formatting. 2016-12-25 22:55:25 +01:00
Werner Lemberg 328d68449d [truetype] Remove clang warnings. 
* src/truetype/ttinterp.h (TT_ExecContextRec): Using `FT_ULong' for
loop counter handling.

* src/truetype/ttinterp.c: Updated.
(Ins_SCANTYPE): Use signed constant.
(TT_RunIns): Ensure `num_twilight_points' is 16bit.
 2016-10-29 00:18:56 +02:00
Werner Lemberg 5081674c5f [truetype] Fix SCANTYPE instruction (#49394). 
* src/truetype/ttinterp.c (Ins_SCANTYPE): Only use lower 16bits.
 2016-10-22 19:16:08 +02:00
Werner Lemberg 2ecf89b481 */*: s/FT_MEM_ZERO/FT_ZERO/ where appropriate. 2016-09-28 19:06:21 +02:00
Werner Lemberg a3e2c83234 [truetype] Trace number of executed opcodes. 
* src/truetype/ttinterp.c (TT_RunIns): Implement it.
 2016-09-27 21:42:02 +02:00
Werner Lemberg 0d94592942 [truetype] Introduce dynamic limits for some bytecode opcodes. 
This speeds up FreeType's handling of malformed fonts.

* src/truetype/ttinterp.c (TT_RunIns): Set up limits for the number
of twilight points, the total number of negative jumps, and the
total number of loops in LOOPCALL opcodes.  The values are based on
the number of points and entries in the CVT table.
(Ins_JMPR): Test negative jump counter.
(Ins_LOOPCALL): Test loopcall counter.

* src/truetype/ttinterp.h (TT_ExecContext): Updated.

* docs/CHANGES: Updated.
 2016-09-27 08:44:31 +02:00