Commit Graph

3596 Commits

Author SHA1 Message Date
Werner Lemberg 57cbb8c148 [sfnt] Fix cmap 14 validation (#46346).
* src/sfnt/ttcmap.c (tt_cmap14_validate): Check limit before
accessing `numRanges' and `numMappings'.
Fix size check for non-default UVS table.
2015-10-31 18:47:26 +01:00
Werner Lemberg 009cc15035 [sfnt] Handle infinite recursion in bitmap strikes (#46344).
* src/sfnt/ttsbit.c (TT_SBitDecoder_LoadFunc,
tt_sbit_decoder_load_bitmap, tt_sbit_decoder_load_byte_aligned,
tt_sbit_decoder_load_bit_aligned, tt_sbit_decoder_load_png): Add
argument for recursion depth.
(tt_sbit_decoder_load_compound): Add argument for recursion depth.
Increase recursion counter for recursive call.
(tt_sbit_decoder_load_image): Add argument for recursion depth.
Check recurse depth.
(tt_face_load_sbit_image): Updated.
2015-10-31 17:52:56 +01:00
Werner Lemberg 02cfd71498 * src/autofit/afhints.c (af_glyph_hints_dump_points): Minor. 2015-10-29 20:50:57 +01:00
Werner Lemberg 017db03ec5 * CMakeLists.txt: Remove code to set MSVC's /FD compiler switch.
Problem reported by David Capello <davidcapello@gmail.com>; see

  http://lists.nongnu.org/archive/html/freetype-devel/2015-10/msg00108.html

for details.
2015-10-29 05:52:09 +01:00
Werner Lemberg fba29fabb3 [pfr] Add some safety guards (#46302).
* src/pfr/pfrload.h (PFR_CHECK): Rename to...
(PFR_CHECK_SIZE): ... this.
(PFR_SIZE): [!PFR_CONFIG_NO_CHECKS]: Define to PFR_CHECK_SIZE.

* src/pfr/pfrload.c (pfr_log_font_count): Check `count'.
(pfr_extra_item_load_kerning_pairs): Remove tracing message.
(pfr_phy_font_load): Use PFR_CHECK_SIZE where appropriate.
Allocate `chars' after doing a size checks.

* src/pfr/pfrsbit.c (pfr_load_bitmap_bits): Move test for invalid
bitmap format to...
(pfr_slot_load_bitmap): ... this function.
Check bitmap size.
2015-10-27 21:04:48 +01:00
Werner Lemberg 6a19a7d332 [truetype] Fix sanitizing logic for `loca' (#46223).
* src/truetype/ttpload.c (tt_face_load_loca): A thinko caused an
incorrect adjustment of the number of glyphs, most often using far
too large values.
2015-10-26 15:40:22 +01:00
Werner Lemberg 7f00fa6462 [autofit] Improve tracing.
* src/autofit/afhints.c (af_print_idx, af_get_segment_index,
af_get_edge_index): New functions.

(af_glyph_hints_dump_points): Remove unnecessary `|', `[', and `]'.
Add segment and edge index for each point.
Slightly change printing order of some elements.
Don't print `-1' but `--' for missing elements.

(af_glyph_hints_dump_segments, af_glyph_hints_dump_edges): Remove
unnecessary `|', `[', and `]'.
Don't print `-1' but `--' for missing elements.
2015-10-25 10:59:59 +01:00
Werner Lemberg 6f09011fe6 [sfnt] Sanitize bitmap strike glyph height.
Problem reported by Nikolay Sivov <bunglehead@gmail.com>.

* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Avoid zero value
for `metrics->height' by applying some heuristics.
2015-10-24 10:10:22 +02:00
Werner Lemberg e93d326c8b [sfnt, type42] Fix clang compiler warnings.
* src/sfnt/sfobjs.c (sfnt_init_face): Initialize `offset'.

* src/type42/t42parse.c (t42_parse_sfnts): Use proper cast.
2015-10-22 10:17:20 +02:00
Werner Lemberg f1c93439b9 [cff] Avoid overflow/module arithmetic.
This modifies the addition of subroutine number to subroutine bias
from unsigned to signed, but does not change any results.

* src/cff/cf2ft.c (cf2_initGlobalRegionBuffer,
cf2_initLocalRegionBuffer): Change variable names from (unsigned)
`idx' to (signed) `subrNum', since it is not an index until after
the bias is added.
* src/cff/cf2ft.h: Updated.

* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>:
Updated similarly.
2015-10-22 10:11:23 +02:00
Werner Lemberg 59ae73fe16 [cid] Better check of `SubrCount' dictionary entry (#46272).
* src/cid/cidload.c (cid_face_open): Add more sanity tests for
`fd_bytes', `gd_bytes', `sd_bytes', and `num_subrs'.
2015-10-22 09:26:00 +02:00
Werner Lemberg e484d36b2b [base] Pacify compiler (#46266).
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Initialize `in' and
`anchor'.
2015-10-21 20:48:27 +02:00
Werner Lemberg 87fefc594e [type42] Fix heap buffer overflow (#46269).
* src/type42/t42parse.c (t42_parse_sfnts): Fix off-by-one error in
bounds checking.
2015-10-21 20:29:12 +02:00
Dave Arnold 3cfd51233c [cff] Fix limit in assert for max hints.
* src/cff/cf2interp.c (cf2_hintmask_setAll): Allow mask equal to the
limit (96 bits).
2015-10-21 14:07:25 +02:00
Dave Arnold 748e368173 [cff] Remove an assert (#46107).
* src/cff/cf2hints.c (cf2_hintmap_insertHint): Ignore paired edges
in wrong order.
2015-10-21 13:58:43 +02:00
Werner Lemberg e6593389cf [sfnt] Avoid unnecessarily large allocation for WOFFs (#46257).
* src/sfnt/sfobjs.c (woff_open_font): Use WOFF's `totalSfntSize'
only after thorough checks.
Add tracing messages.
2015-10-21 08:04:29 +02:00
Werner Lemberg 649ca5562d [type42] Better check invalid `sfnts' array data (#46255).
* src/type42/t42parse.c (t42_parse_sfnts): Table lengths must be
checked individually against available data size.
2015-10-21 07:01:45 +02:00
Werner Lemberg 3eccc3a3f8 [cid] Add a bunch of safety checks.
* src/cid/cidload.c (parse_fd_array): Check `num_dicts' against
stream size.
(cid_read_subrs): Check largest offset against stream size.
(cid_parse_dict): Move safety check to ...
(cid_face_open): ... this function.
Also test length of binary data and values of `SDBytes',
`SubrMapOffset', `SubrCount', `CIDMapOffset', and `CIDCount'.
2015-10-20 22:31:57 +02:00
Werner Lemberg d47d372c96 [cid] Avoid segfault with malformed input (#46250).
* src/cid/cidload.c (cid_read_subrs): Return a proper error code for
unsorted offsets.
2015-10-20 12:24:36 +02:00
StudioEtrange 5cf83a5335 * CMakeLists.txt: Enable shared library builds on MinGW (#46233). 2015-10-20 07:19:44 +02:00
Werner Lemberg 3c582060b2 * src/type1/t1afm.c (T1_Read_Metrics): Fix memory leak (#46229). 2015-10-20 06:57:28 +02:00
Bungeman ba8a528b19 [cid] Better handle invalid glyph stream offsets (#46221).
* src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph
length.
2015-10-19 23:27:06 +02:00
Werner Lemberg 24cee3a8a3 [psaux] Fix tracing of negative numbers.
Due to incorrect casting negative numbers were shown as very large
(positive) integers on 64bit systems.

* src/psaux/t1decode.c (t1_decoder_parse_charstrings) <op_none>:
Use division instead of shift.
2015-10-19 23:00:28 +02:00
Werner Lemberg 14213b5409 [truetype] Improve TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46223).
* devel/ftoption.h, include/freetype/config/ftoption.h: Surround it
with #ifndef ... #endif, as suggested in the tracker issue.
2015-10-18 18:15:04 +02:00
Werner Lemberg dcfc4d9c21 [truetype] Better protection against malformed `fpgm' (#46223).
* src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a
malformed `fpgm' table more than once.
2015-10-18 16:47:06 +02:00
Werner Lemberg 7643b5839b * src/cid/cidgload.c (cid_load_glyph): Fix memory leak.
Reported by Kostya Serebryany <kcc@google.com>.
2015-10-17 15:51:29 +02:00
Werner Lemberg b185747dd6 [bdf] Prevent memory leak (#46217).
* src/bdf/bdflib.c (_bdf_parse_glyphs) <STARTCHAR>: Check
_BDF_GLYPH_BITS.
2015-10-17 14:21:41 +02:00
Werner Lemberg e1ca18d449 [bdf] Use stream size to adjust number of glyphs.
* src/bdf/bdflib.c (ACMSG17): New message macro.
(_bdf_parse_t): Add member `size'.
(bdf_load_font): Set `size'.
(_bdf_parse_glyphs): Adjust `cnt' if necessary.
2015-10-17 11:51:27 +02:00
Werner Lemberg 0af21dcf13 * src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size. 2015-10-17 09:29:52 +02:00
Werner Lemberg 0ba98da472 * src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222). 2015-10-17 09:11:02 +02:00
Werner Lemberg 8edfcbed53 [psaux] Fix heap buffer overflow (#46221).
* src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>:
Fix limit check.
2015-10-17 08:11:16 +02:00
Werner Lemberg a5ecfb4ce6 * src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220). 2015-10-17 06:15:55 +02:00
Kostya Serebryany 266976b163 add src/tools/ftfuzzer/README 2015-10-15 22:15:53 -07:00
Bungeman 65d8980491 [bdf] Fix memory leak (#46213).
* src/bdf/bdflib.c (bdf_load_font): Always go to label `Fail' in
case of error.
2015-10-15 23:50:16 +02:00
Werner Lemberg 24a1fcdfce [truetype] Add TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46208).
* devel/ftoption.h, include/freetype/config/ftoption.h
(TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES): New configuration macro.

* src/truetype/ttinterp.c (MAX_RUNNABLE_OPCODES): Removed.
(TT_RunIns): Updated.
2015-10-15 21:50:15 +02:00
Werner Lemberg 837ad9d411 * src/truetype/ttinterp.c (TT_RunIns): Fix bytecode stack tracing.
The used indices were off by 1.
2015-10-15 21:15:45 +02:00
Werner Lemberg 8b76eaf092 * src/tools/ftfuzzer/ftfuzzer.cc: Handle fixed sizes (#46211). 2015-10-15 18:28:43 +02:00
Werner Lemberg e03214e166 [base] Compute MD5 checksums only if explicitly requested.
This improves profiling accuracy.

* src/base/ftobjs.c (FT_Render_Glyph_Internal): Implement it.
2015-10-15 16:58:13 +02:00
Werner Lemberg 2a20c92c4b [base] Use `FT_' namespace for MD5 functions (#42366).
* src/base/ftobjs.c (MD5_*): Define as `FT_MD5_*'.
Undefine HAVE_OPENSSL.
2015-10-14 15:23:15 +02:00
Werner Lemberg 8539915d18 [type1] Correctly handle missing MM axis names (#46202).
* src/type1/t1load.c (T1_Get_MM_Var): Implement it.
2015-10-13 20:43:19 +02:00
Werner Lemberg 58b61b6e05 [pcf] Quickly exit if font index < 0.
Similar to other font formats, this commit makes the parser no
longer check the whole PCF file but only the header and the TOC if
we just want to get the number of available faces (and a proper
recognition of the font format).

* src/pcf/pcfdrivr.c (PCF_Face_Init): Updated.
Exit quickly if face_index < 0.

* src/pcfread.c (pcf_load_font): Add `face_index' argument.
Exit quickly if face_index < 0.

* src/pcf/pcf.h: Updated.
2015-10-13 18:26:18 +02:00
Werner Lemberg bdb56bba86 [ftfuzzer] Handle TTCs and MM/GX variations.
This patch also contains various other improvements.

* src/tools/ftfuzzer/ftfuzzer.cc: Add preprocessor guard to reject
pre-C++11 compilers.
(FT_Global): New class.  Use it to provide a global constructor and
destructor for the `FT_Library' object.
(setIntermediateAxis): New function to select an (arbitrary)
instance.
(LLVMFuzzerTestOneInput): Loop over all faces and named instances.
Also call `FT_Set_Char_Size'.
2015-10-13 11:51:13 +02:00
Werner Lemberg 43a96eb26f [truetype] Refine some GX sanity tests.
Use the `gvar' table size instead of the remaining bytes in the
stream.

* src/truetype/ttgxvar.h (GX_BlendRec): New field `gvar_size'.

* src/truetype/ttgxvar.c (ft_var_load_gvar): Set `gvar_size'.
(ft_var_readpackedpoints, ft_var_readpackeddeltas: New argument
`size'.
(tt_face_vary_cvt, TT_Vary_Apply_Glyph_Deltas): Updated.
2015-10-13 11:18:55 +02:00
Werner Lemberg 052f6c5649 [truetype] Another GX sanity test.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Check
`tupleCount'.
Add tracing message.
2015-10-13 08:24:32 +02:00
Werner Lemberg 7ef0d8661a [truetype] Fix memory leak for broken GX fonts (#46188).
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Fix scope of
deallocation.
2015-10-13 08:14:20 +02:00
Werner Lemberg f96094eef0 [truetype] Fix commit from 2015-10-10.
* src/truetype/ttgxvar.c (ft_var_load_gvar): Add missing error
handling body to condition.
2015-10-13 07:13:56 +02:00
Werner Lemberg b9880aa0f8 [unix] Make MKDIR_P actually work.
* builds/unix/configure.raw: Fix underquoting of `INSTALL' and
`MKDIR_P'.

Problem reported by Dan Liddell <lddll@yahoo.com>.
2015-10-12 10:13:26 +02:00
Werner Lemberg 4f7f6f6e47 [sfnt] Improve extraction of number of named instances.
* src/sfnt/sfobjs.c (sfnt_init_face)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Check number of instances against
`fvar' table size.
2015-10-11 07:55:25 +02:00
Werner Lemberg a724dcf5c3 Split off ChangeLog.25. 2015-10-11 05:50:07 +02:00
Alexei Podtelezhnikov c14ae9c5fd * src/base/ftoutln.c (FT_Outline_Get_Orientation): Fix overflow (#46149). 2015-10-10 22:28:26 -04:00
Werner Lemberg 8de39a7919 [sfnt] Fix infinite loops with broken cmaps (#46167).
* src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next): Take care
of border condidions (i.e., if the loops exit naturally).
2015-10-10 13:34:11 +02:00
Werner Lemberg da34673e54 [truetype] More sanity tests for GX handling.
These tests should mainly help avoid unnecessarily large memory
allocations in case of malformed fonts.

* src/truetype/ttgxvar.c (ft_var_readpackedpoints,
ft_var_readpackeddeltas): Check number of points against stream
size.
(ft_var_load_avar): Check `pairCount' against table length.
(ft_var_load_gvar): Check `globalCoordCount' and `glyphCount'
against table length.
(tt_face_vary_cvt): Check `tupleCount' and `offsetToData'.
Fix trace.
(TT_Vary_Apply_Glyph_Deltas): Fix trace.
Free `sharedpoints' to avoid memory leak.
2015-10-10 10:21:27 +02:00
Werner Lemberg c220d8b498 [truetype] Better protection against malformed GX data (#46166).
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Correctly
handle empty `localpoints' array.
2015-10-10 08:13:04 +02:00
Werner Lemberg d353f6e012 * src/pcf/pcfread.c (pcf_read_TOC): Check stream size (#46162). 2015-10-10 06:54:46 +02:00
Werner Lemberg c12956e700 * src/gzip/ftgzip.c (FT_Stream_OpenGzip): Use real stream size. 2015-10-09 09:38:32 +02:00
Werner Lemberg d98053c997 [pcf] Protect against invalid number of TOC entries (#46159).
* src/pcf/pcfread.c (pcf_read_TOC): Check number of TOC entries
against size of data stream.
2015-10-08 23:17:41 +02:00
Werner Lemberg 06c2d3324e [type42] Protect against invalid number of glyphs (#46159).
* src/type42/t42parse.c (t42_parse_charstrings): Check number of
`CharStrings' dictionary entries against size of data stream.
2015-10-08 21:31:57 +02:00
Werner Lemberg 983b00ec86 [sfnt] Fix some signed overflows (#46149).
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics)
<TT_SBIT_TABLE_TYPE_SBIX>: Use `FT_MulDiv'.
2015-10-08 18:44:45 +02:00
Werner Lemberg 121122416d [type1] Protect against invalid number of subroutines (#46150).
* src/type1/t1load.c (parse_subrs): Check number of
`Subrs' dictionary entries against size of data stream.
2015-10-08 08:55:15 +02:00
Kostya Serebryany dde84f2539 [ftfuzzer] Add support for LLVM's LibFuzzer.
* src/tools/ftfuzzer/ftfuzzer.cc, src/tools/runinput.cc: New files.
2015-10-07 22:18:22 +02:00
Alexei Podtelezhnikov 6eb6158dd7 [smooth] Faster alternative line renderer.
This implementation renders the entire line segment at once without
subdividing it into scanlines.  The main speed improvement comes from
reducing the number of divisions to just two per line segment, which
is a bare minimum to calculate cell coverage in a smooth rasterizer.
Notably, the progression from cell to cell does not itself require any
divisions at all.  The speed improvement is more noticeable at larger
sizes.

* src/smooth/ftgrays.c (gray_render_line): New implementation.
2015-10-06 22:39:54 -04:00
Werner Lemberg 066a49139b [cff] Return correct PS names from pure CFF (#46130).
* src/cff/cffdrivr.c (cff_get_ps_name): Use SFNT service only for
SFNT.
2015-10-06 07:55:32 +02:00
Werner Lemberg 30fe5e762e [base] Replace left shifts with multiplication (#46118).
* src/base/ftglyph.c (ft_bitmap_glyph_bbox, FT_Get_Glyph): Do it.
2015-10-04 13:08:08 +02:00
Werner Lemberg 8cabd919ca * Version 2.6.1 released.
=========================

Tag sources with `VER-2-6-1'.

* docs/VERSION.DLL: Update documentation and bump version number to
2.6.1.

* README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj,
builds/windows/vc2005/index.html,
builds/windows/vc2008/freetype.vcproj,
builds/windows/vc2008/index.html,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.6/2.6.1/, s/26/261/.

* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.

* builds/unix/configure.raw (version_info): Set to 18:1:12.
* CMakeLists.txt (VERSION_PATCH): Set to 1.

* src/autofit/afmodule.c [AF_DEBUG_AUTOFIT]: Ensure C linking for
dumping functions.
2015-10-04 08:18:01 +02:00
Werner Lemberg b260dc9fab [bzip2, gzip] Avoid access of unitialized memory (#46109).
* src/bzip2/ftbzip2.c (ft_bzip2_file_fill_input), src/gzip/ftgzip.c
(ft_gzip_file_fill_input): In case of an error, adjust the limit to
avoid copying uninitialized memory.
2015-10-04 07:39:22 +02:00
Werner Lemberg 53838ce016 [bzip2, gzip] Avoid access of unitialized memory (#46109).
* src/bzip2/ftbzip2.c (ft_bzip2_file_fill_output), src/gzip/ftgzip.c
(ft_gzip_file_fill_output): In case of an error, adjust the limit to
avoid copying uninitialized memory.
2015-10-03 21:12:25 +02:00
Alexei Podtelezhnikov e2dae8fead [smooth] Clean up worker.
* src/smooth/ftgrays.c (gray_TWorker): Remove never used fields.
2015-10-01 22:03:34 -04:00
Werner Lemberg 90e437e3cd [sfnt] Make `tt_cmap4_char_map_linear' more robust (#46078).
* src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Take care of
border conditions (i.e., if the loop exits naturally).
2015-10-01 20:00:27 +02:00
Werner Lemberg fab67b85ec * src/autofit/afranges.c (af_deva_nonbase_uniranges): Fix ranges.
They should be a subset of `af_deva_uniranges'.
2015-10-01 16:47:05 +02:00
Werner Lemberg 5f8f44d218 [sfnt] Make `tt_cmap4_char_map_linear' faster (#46078).
* src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Use inner loop to
reject too large glyph indices.
2015-10-01 14:16:03 +02:00
Alexei Podtelezhnikov 8bbcfb2c2f [smooth] Clean up worker.
* src/smooth/ftgrays.c (gray_TWorker): Remove lightly used `last_ey'.
(gray_start_cell, gray_render_line): Update.
2015-09-30 23:08:53 -04:00
Werner Lemberg dbd04269dc [autofit] Replace `no-base' with `non-base'.
* src/autofit/*: Do it.
2015-09-30 17:52:42 +02:00
Werner Lemberg 2ff83a5c99 [sfnt] Rewrite `tt_cmap4_char_map_linear' (#46078).
* src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Add code to better
skip invalid segments.
If searching the next character, provide a more efficient logic to
speed up the code.
2015-09-30 14:44:29 +02:00
Werner Lemberg 8651f37ad5 [truetype] Adjust number of glyphs for malformed `loca' tables.
* src/truetype/ttpload.c (tt_face_load_loca): Implement it.
2015-09-30 10:26:10 +02:00
Werner Lemberg 483007fcd9 [pshinter] Avoid harmless overflow (#45984).
* src/pshinter/pshglob.c (psh_blues_set_zones): Fix it.
2015-09-29 11:22:15 +02:00
Werner Lemberg a3046567bc [autofit] Add support for Lao script.
Thanks to Danh Hong <danhhong@gmail.com> for guidance with blue zone
characters!

* src/autofit/afblue.dat: Add blue zone data for Lao.

* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.

* src/autofit/afscript.h: Add Lao standard characters.

* src/autofit/afranges.c: Add Lao data.

* src/autofit/afstyles.h: Add Lao data.
2015-09-28 09:45:56 +02:00
suzuki toshiya fb5268cf7b [base] Fix a leak by broken sfnt-PS or resource fork (#46028).
open_face_from_buffer() frees passed buffer if valid font
is not found.  But if copying to the buffer is failed,
the allocated buffer should be freed within the caller.

* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free
the buffer `sfnt_ps' if an error caused before calling
open_face_from_buffer().
(Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if
an error caused before calling open_face_from_buffer();
2015-09-28 02:01:43 +09:00
suzuki toshiya 8a05d250df [mac] Fix buffer size calculation for LWFN font.
* src/base/ftmac.c (read_lwfn): Cast post_size to FT_ULong
to prevent confused copy by too large chunk size.
2015-09-28 01:40:21 +09:00
Alexei Podtelezhnikov 3dffe8ef16 Add ChangeLog entry. 2015-09-27 11:30:17 -04:00
Werner Lemberg 19188a9a19 [autofit] Minor tracing improvement.
* src/autofit/aflatin.c (af_latin_metrics_scale_dim): Don't emit
blue zones header line if there are no blue zones.
2015-09-26 16:57:17 +02:00
Werner Lemberg 4187753970 [bzip2, gzip, lzw] Harmonize function signatures with prototype.
Suggested by Hin-Tak Leung.

* src/bzip2/ftbzip2.c (ft_bzip2_stream_io), src/gzip/ftgzip.c
(ft_gzip_stream_io), src/lzw/ftlzw.c (ft_lzw_stream_io): Do it.
2015-09-26 15:19:54 +02:00
Hin-Tak Leung 265ade8e80 Add new FT_LOAD_COMPUTE_METRICS load flag.
* include/freetype/freetype.h (FT_LOAD_COMPUTE_METRICS): New macro.
* src/truetype/ttgload.c (compute_glyph_metrics): Usage.
2015-09-26 14:51:30 +02:00
Werner Lemberg d57f227121 * src/base/ftobjs.c (Mac_Read_sfnt_Resource): Add cast. 2015-09-26 08:44:26 +02:00
Werner Lemberg d7f456ee17 Formatting, minor comment corrections. 2015-09-26 08:37:14 +02:00
Werner Lemberg 2439c515a7 [type1] Protect against invalid number of glyphs (#46029).
* src/type1/t1load.c (parse_charstrings): Check number of
`CharStrings' dictionary entries against size of data stream.
2015-09-25 16:54:28 +02:00
Werner Lemberg 5339c75ee6 [sfnt] Better checks for invalid cmaps (2/2) (#46019).
While the current code in `FT_Get_Next_Char' correctly rejects
out-of-bounds glyph indices, it can be extremely slow for malformed
cmaps that use 32bit values.  This commit tries to improve that.

* src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next,
tt_cmap12_char_map_binary, tt_cmap13_next,
tt_cmap13_char_map_binary): Reject glyph indices larger than or
equal to the number of glyphs.
2015-09-24 13:39:44 +02:00
Werner Lemberg c409eb18ae [base, sfnt] Better checks for invalid cmaps (1/2).
* src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds
glyph indices.
(FT_Get_First_Char): Updated.

* src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character
codes greater than 0xFFFF.

(tt_cmap8_char_index): Avoid integer overflow in computation of
glyph index.
(tt_cmap8_char_next): Avoid integer overflows in computation of
both next character code and glyph index.

(tt_cmap10_char_index): Fix unsigned integer logic.
(tt_cmap10_char_next): Avoid integer overflow in computation of
next character code.

(tt_cmap12_next): Avoid integer overflows in computation of both
next character code and glyph index.
(tt_cmap12_char_map_binary): Ditto.
(tt_cmap12_char_next): Simplify.

(tt_cmap13_char_map_binary): Avoid integer overflow in computation
of next character code.
(tt_cmap13_char_next): Simplify.
2015-09-24 12:39:38 +02:00
suzuki toshiya e982f5b78a [base] Check too long POST and sfnt resource (#45919).
* src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length
of the resource fork for Mac OS.  The resource fork larger
than 16 MB can be written but could not be handled
correctly, at least in Carbon routine.
See https://support.microsoft.com/en-us/kb/130437

* src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x'
for `%p' formatter.

* src/base/ftbase.c (Mac_Read_POST_Resource): Check the
fragment and total size of the concatenated POST resource
before buffer allocation.
(Mac_Read_sfnt_Resource): Check the declared size of
sfnt resource before buffer allocation.

* src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT):
Check the total resource size before buffer allocation.
2015-09-21 23:12:09 +09:00
Werner Lemberg 730b6d7468 [sfnt] Improve handling of invalid SFNT table entries (#45987).
This patch fixes weaknesses in function `tt_face_load_font_dir'.

- It incorrectly assumed that valid tables are always at the
  beginning.  As a consequence, some valid tables after invalid
  entries (which are ignored) were never seen.

- Duplicate table entries (this is, having the same tag) were not
  rejected.

- The number of valid tables was sometimes too large, leading to
  access of invalid tables.

* src/sfnt/ttload.c (check_table_dir): Add argument to return number
of valid tables.
Add another tracing message.
(tt_face_load_font_dir): Only allocate table array for valid
entries as returned by `check_table_dir'.
Reject duplicate tables and adjust number of valid tables
accordingly.
2015-09-19 12:41:12 +02:00
Werner Lemberg cb7a5122e1 [pcf] Improve `FT_ABS' fix from 2015-09-17 (#45999).
* src/pcf/pcfread.c (pcf_load_font): Do first the cast to FT_Short,
then take the absolute value.
Also apply FT_ABS to `height'.
2015-09-19 07:58:03 +02:00
Werner Lemberg f28c95c4a4 [type42] Fix memory leak (#45989).
* src/type42/t42parse.c (t42_parse_charstrings): Allow only a single
`CharStrings' array.
2015-09-17 19:30:26 +02:00
Werner Lemberg 4942c2bb72 [psaux] Fix memory leak (#45986).
* src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_MM_BBOX>:
Free `temp' in case of error.
2015-09-17 17:56:53 +02:00
Werner Lemberg 7d364b7e51 [psaux] Improve tracing message.
* src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_MM_BBOX>:
Handle plural correctly.
2015-09-17 16:31:58 +02:00
Werner Lemberg c838c4f7b5 [pcf] Fix integer overflows (#45985).
* src/pcf/pcfread.c (pcf_load_font): Use FT_MulDiv.
2015-09-17 16:22:40 +02:00
Werner Lemberg 9db9adda0f [pcf] Use FT_ABS for some property values (#45893).
* src/pcf/pcfread.c (pcf_load_font): Take absolute values for
AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and
RESOLUTION_Y.  In tracing mode, add warnings.
2015-09-17 13:42:59 +02:00
Werner Lemberg bd0438a461 Minor fixes for some clang warnings.
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Cast, possible missing
initialization.

* src/truetype/ttgload.c (TT_Process_Composite_Component): Cast.
2015-09-16 18:05:43 +02:00
Werner Lemberg 19cb1127d4 [type1, type42] Fix memory leaks (#45966).
* src/type1/t1load.c (parse_blend_axis_types): Handle multiple axis
names.
(parse_blend_design_map): Allow only a single design map.
(parse_encoding): Handle multiple encoding vectors.

* src/type42/t42parse.c (t42_parse_encoding): Handle multiple
encoding vectors.
2015-09-15 08:52:36 +02:00
Werner Lemberg 7f0f40116d [truetype] Fix integer type (#45965).
* src/truetype/ttobjs.c (tt_synth_sfnt_checksum): Implement it.
2015-09-15 07:23:53 +02:00
Werner Lemberg 577daf1c30 * src/pcf/pcfread.c (pcf_load_font): Fix integer overflow (#45964). 2015-09-15 07:10:16 +02:00
Werner Lemberg 581c7e2a51 [type1, type42] Check encoding array size (#45961).
* src/type1/t1load.c (parse_encoding), src/type42/t42parse.c
(t42_parse_encoding): Do it.
2015-09-15 06:49:06 +02:00