Commit Graph

2410 Commits

Author SHA1 Message Date
suzuki toshiya 900e7e0cde [sfnt] Prevent overrunning in `post' table parser.
* src/sfnt/ttpost.c (load_post_names): Get the length of
`post' table and pass the limit of `post' table to
load_format_20() and load_format_25().
(load_format_20): Stop the parsing when we reached at the
limit of `post' table.  If more glyph names are required,
they are filled by NULL names.  See Savannah bug #31040.
2010-09-20 01:05:26 +09:00
suzuki toshiya db053ec9a5 [truetype] Don't duplicate size->twilight structure to be freed.
* src/truetype/ttinterp.c (free_buffer_in_size): Don't duplicate
FT_GlyphZoneRec size->twilight to be freed.  If duplicated,
FT_FREE() erases the duplicated pointers only and leave original
pointers.  They can cause the double-free crash when the burst
errors occur in TrueType interpreter and free_buffer_in_size()
is invoked repeatedly.  See Savannah bug #31040 for detail.
2010-09-17 23:20:00 +09:00
Werner Lemberg afd89d309d Make bytecode debugging with FontForge work again.
* src/truetype/ttinterp.c (TT_RunIns): Don't call
`free_buffer_in_size' in case of error if a debugger is active.
2010-09-15 13:02:35 +02:00
Werner Lemberg 6abb9232b6 Improve tracing messages.
* src/truetype/ttinterp.c (TT_RunIns): Improve wording of tracing
message.
* src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Add
tracing message.
* src/truetype/ttgload.c (tt_loader_init): Add tracing message.
* src/cache/ftcsbits.c (ftc_snode_load): Emit tracing message if
glyph doesn't fit into a small bitmap container.
2010-09-14 09:02:10 +02:00
Werner Lemberg 5220ef58c5 Fix minor issues reported by <muktha.narayan@wipro.com>.
* src/autofit/aflatin.c (af_latin_compute_stem_width): Remove
redundant conditional check.
* src/base/ftsynth.c (FT_GlyphSlot_Embolden): Ditto.
* src/cff/cffload.c (cff_encoding_load): Remove conditional check
which always evaluates to `true'.
* src/pshinter/pshalgo.c (ps_glyph_interpolate_strong_points):
Ditto.
* src/truetype/ttinterp.c (Ins_IUP): Ditto.
* src/cid/cidgload.c (cid_slot_load_glyph): Don't check for NULL if
value is already dereferenced.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Fix check of `face'.
2010-09-13 07:32:22 +02:00
suzuki toshiya 0eb657b0aa [truetype] Decrease the trace level catching the interpreter error.
* src/truetype/ttinterp.c (TT_RunIns): Decrease the trace level
showing the error when the interpreter returns with an error,
from FT_TRACE7() to FT_TRACE1().
2010-08-31 13:29:05 +09:00
suzuki toshiya 29e044a4af [truetype] Prevent bytecode reuse after the interpretation error.
* src/truetype/ttinterp.c (free_buffer_in_size): New function to
free the buffer allocated during the interpretation of this glyph.
(TT_RunIns): Unset FT_Face->size->{cvt_ready,bytecode_ready} if
an error occurs in the bytecode interpretation.  The interpretation
of invalid bytecode may break the function definitions and referring
them in later interpretation is danger.  By unsetting these flags,
`fpgm' and `prep' tables are executed again in next interpretation.

Fix Savannah bug #30798, reported by Robert Swiecki.
2010-08-31 01:23:30 +09:00
Werner Lemberg 12cf031644 [ftraster] Pacify compiler.
* src/raster/ftraster.c (ft_black_new) [_STANDALONE_]: `memory' is
not used.
2010-08-29 17:24:30 +02:00
Werner Lemberg 0e95b3d15c [cff] Allow SIDs >= 65000.
* src/cff/cffload.c (cff_charset_load): Fix change from 2009-03-20:
The threshold for SIDs is not applicable here.  I misinterpreted the
`SID values 65000 and above are available for implementation use'
sentence in the CFF specification.

Problem reported by Ivan Ninčić <inincic@pdftron.com>.
2010-08-29 17:24:30 +02:00
suzuki toshiya 0eb9b1f571 Force hinting when the font lacks its familyname.
In Type42 or Type11 font embedded in PostScript & PDF, TrueType
sfnt stream may lack `name' table because they are not required.
Hinting for nameless fonts is safer for PDFs including embedded
Chinese fonts. Written by David Bevan, see:

http://lists.gnu.org/archive/html/freetype-devel/2010-08/msg00021.html
http://lists.freedesktop.org/archives/poppler/2010-August/006310.html

* src/truetype/ttobjs.c (tt_check_trickyness): If a NULL pointer
by nameless font is given, TRUE is returned to enable hinting.
2010-08-28 21:42:28 +09:00
suzuki toshiya 8b05b5d801 Register yet another tricky TrueType font.
* src/truetype/ttobjs.c (tt_check_trickyness): Add `HuaTianKaiTi?',
a Kaishu typeface paired with `HuaTianSongTi?' by Huatian
Information Industry.
2010-08-28 21:16:26 +09:00
Teijo Kinnunen ebaeb6425e Fix Savannah bug #30788.
* src/cache/ftccache.c (FTC_Cache_Clear): Check `cache->buckets' for
NULL too.
2010-08-17 07:40:55 +02:00
Werner Lemberg a205b3ca85 Try to fix Savannah bug #30717 (and probably #30719 too).
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Add another
overflow test for `width' and `height'.
2010-08-10 02:59:12 +02:00
Werner Lemberg ba95440cd1 Minor doc fixes, formatting. 2010-08-06 20:07:36 +02:00
suzuki toshiya 445241589d Fix Savannah bug #30648.
* src/base/ftobjs.c (FT_Done_Library): Specify the order of font
drivers in face closing process. Type42 faces should be closed
before TrueType faces, because a Type42 face refers another
internal TrueType face which is created from sfnt[] array on the
memory.
2010-08-07 01:46:56 +09:00
Yuriy Kaminskiy c9de9cbd56 [raster] Fix valgrind warning.
* src/raster/ftraster.c (Decompose_Curve) <default>: Access point[0]
only if we don't hit `limit'.
2010-08-06 08:20:28 +02:00
suzuki toshiya 81f3472c0b Fix Savannah bug #30658.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check the total
length of collected POST segments does not overrun the allocated
buffer.
2010-08-06 14:11:54 +09:00
Werner Lemberg 223cb1b57c [cff] Add comment to clarify current implementation of `pop' operator. 2010-08-06 06:55:09 +02:00
Werner Lemberg 346f1867fd Fix Savannah bug #30657.
* src/truetype/ttinterp.c (BOUNDSL): New macro.
Change `BOUNDS' to `BOUNDSL' where appropriate.

* src/truetype/ttinterp.h (TT_ExecContextRec): Fix type of
`cvtSize'.
2010-08-06 00:47:57 +02:00
Werner Lemberg c06da1ad34 Fix Savannah bug #30656.
* src/type42/t42parse.c (t42_parse_sfnts): Protect against negative
string_size.
Fix comparison.
2010-08-05 23:15:26 +02:00
suzuki toshiya d9b3e39484 [cff] Don't use any values in decoder after parsing error.
* src/cff/cffgload.c (cff_slot_load): Skip the evaluations
of the values in decoder, if cff_decoder_parse_charstrings()
returns any error.
2010-08-05 17:10:32 +09:00
Werner Lemberg 45a3c76b54 Fix Savannah bug #30644.
* src/base/ftstream.c (FT_Stream_EnterFrame): Fix comparison.
2010-08-04 15:54:55 +02:00
Suzuki, Toshiya (鈴木俊哉) 11d65e8a1f [cff] Improve stack overflow test.
* src/cff/cffgload.c (cff_decoder_parse_charstrings): Check stack
after execution of operations too.
2010-08-04 14:43:29 +02:00
Werner Lemberg fe3433c736 Add reference counters and to FT_Library and FT_Face objects.
* include/freetype/freetype.h (FT_Reference_Face): New function.
* include/freetype/ftmodapi.h (FT_Rererence_Library): New function.

* include/freetype/internal/ftobjs.h (FT_Face_InternalRec,
FT_LibraryRec): New field `refcount'.

* src/base/ftobjs.c (FT_Open_Face, FT_New_Library): Handle
`refcount'.
(FT_Reference_Face, FT_Reference_Library): Implement new functions.
(FT_Done_Face, FT_Done_Library): Handle `refcount'.

* docs/CHANGES: Updated.
2010-07-18 18:41:47 +02:00
Werner Lemberg 2de6b8a3db [cff] Final try to fix `hintmask' and `cntrmask' limit check.
Problem reported by Tobias Wolf <towolf@gmail.com>.

* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Sigh.  I'm apparently too silly to fix this
correctly in less than three tries.
2010-07-17 13:39:50 +02:00
Werner Lemberg c8f5b98be2 Remove C++ warnings.
*/*: Initialize pointers where necessary to make g++ happy.
2010-07-12 21:13:22 +02:00
Werner Lemberg ebfd454a60 Fix C++ compilation issue.
* src/tools/apinames.c (names_dump) <OUTPUT_WATCOM_LBC>: Fix
typo of `dot' variable.
2010-07-11 09:28:21 +02:00
suzuki toshiya d594202ebb Fix another case reported in Savannah bug #30373.
Permit a face for Type1, Type42 and CFF without charmap,
patch by Tor Andersson.

* src/type1/t1objs.c (T1_Face_Init): Reset the error if it
is FT_Err_No_Unicode_Glyph_Name.
* src/type42/t42objs.c (T42_Face_Init): Ditto.
* src/cff/cffobjs.c (cff_face_init): Ditto.
2010-07-11 00:31:17 +09:00
suzuki toshiya 84fa62e0d7 Fix a mistake in t42objs.c in previous commit. 2010-07-09 23:43:14 +09:00
suzuki toshiya 840f208df4 Use defined macros to set {platform,encoding}_id.
* src/bdf/bdfdrivr.c: Include ttnameid.h and use macros to
set charmap.{platfom,encoding}_id.
* src/pcf/pcfdrivr.c: Ditto.
* src/winfonts/winfnt.c: Ditto.
* src/type1/t1objs.c: Ditto.
* src/type42/t42objs.c: Ditto.
* src/cff/cffobjs.c: Ditto.
* src/pfr/pfrobjs.c: Ditto.
2010-07-09 22:51:49 +09:00
suzuki toshiya 1e2a446d55 Capitalize ISO. 2010-07-09 22:14:35 +09:00
suzuki toshiya dfba8cfe56 Apple Unicode is not deprecated now. 2010-07-09 22:14:35 +09:00
suzuki toshiya b8ca6de365 Fix Savannah bug #30373.
Too serious check of errors by `FT_CMap_New' since 2010-07-04
is fixed. Reported by Tor Andersson.

* include/freetype/fterrdef.h
(PSnames_Err_No_Unicode_Glyph_Name): New error code to
indicate the Unicode charmap synthesis failed because
no Unicode glyph name is found.

* src/psnames/psmodule.c (ps_unicodes_init): Return
PSnames_Err_No_Unicode_Glyph_Name when no Unicode glyph name
is found in the font.
* src/cff/cffcmap.c (cff_cmap_unicode_init): Return
CFF_Err_No_Unicode_Glyph_Name when no SID is available.

* src/type1/t1objs.c (T1_Face_Init): Proceed if `FT_CMap_New'
is failed by the lack of Unicode glyph name.
* src/type42/t42objs.c (T42_Face_Init): Ditto.
* src/cff/cffobjs.c (cff_face_init): Ditto.
2010-07-09 20:50:34 +09:00
Ken Sharp 603d121872 Make ftraster.c compile in stand-alone mode with MSVC compiler.
* src/raster/ftmisc.h (FT_Int64) [_WIN32, _WIN64]: Fix typedef
since there is no `inttypes.h' for MSVC.
2010-07-09 09:55:29 +02:00
Werner Lemberg 888cd1843e Fix Savannah bug #30361.
* src/truetype/ttinterp.c (Ins_IUP): Fix bounds check.
2010-07-08 07:29:42 +02:00
Werner Lemberg c73e160517 Pacify compiler.
* src/cff/cffload.c (cff_index_get_pointers): Initialize
`new_bytes'.
2010-07-06 10:44:56 +02:00
Eugene A. Shatokhin b33b856a27 Fix Savannah bug #27648.
* src/base/ftobjs.c (ft_remove_renderer, FT_Add_Module): Call
`raster_done' only if we have an outline glyph format.

Fix comment typo.
2010-07-05 22:36:30 +02:00
Werner Lemberg 2dc76a4650 [cff] Next try to fix `hintmask' and `cntrmask' limit check.
Problem reported by malc <av1474@comtv.ru>.

* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: It is possible that there is just a single byte
after the `hintmask' or `cntrmask', e.g., a `return' instruction.
2010-07-05 06:40:02 +02:00
suzuki toshiya 0ae3271814 Restrict the number of the charmaps in a rogue-compatible mode.
Fix for Savannah bug #30059.

* src/cache/ftccmap.c (FTC_CMapCache_Lookup): Replace `16' the
minimum character code passed by a legacy rogue client by...
* include/freetype/config/ftoption.h (FT_MAX_CHARMAP_CACHEABLE):
This.  It is undefined when FT_CONFIG_OPTION_OLD_INTERNALS is
undefined (thus the rogue client compatibility is not required).

* src/cff/cffobjs.c (cff_face_init): Abort the automatic
selection or synthesis of Unicode cmap subtable when the charmap
index exceeds FT_MAX_CHARMAP_CACHEABLE.
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Issue error message
when the charmap index exceeds FT_MAX_CHARMAP_CACHEABLE.

* src/base/ftobjs.c (find_unicode_charmap): When Unicode charmap
is found after FT_MAX_CHARMAP_CACHEABLE, ignore it and search
earlier one.
(find_variant_selector_charmap): When UVS charmap is found after
FT_MAX_CHARMAP_CACHEABLE, ignore it and search earlier one.
(FT_Select_Charmap): When a charmap matching with requested
encoding but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Set_Charmap): When a charmap matching with requested
charmap but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Get_Charmap_Index): When a requested charmap is found
after FT_MAX_CHARMAP_CACHEABLE, return the inverted charmap
index.
2010-07-05 09:59:03 +09:00
suzuki toshiya a874c7ecca Check error value by `FT_CMap_New'.
* src/cff/cffobjs.c (cff_face_init): Check error value by
`FT_CMap_New'.
* src/pfr/pfrobjs.c (pfr_face_init): Ditto.
* src/type1/t1jobjs.c (T1_Face_Init): Ditto.
* src/type42/t42jobjs.c (T42_Face_Init): Ditto.
2010-07-04 12:08:41 +09:00
Werner Lemberg e017639710 Make ftgrays.c compile stand-alone again.
* src/smooth/ftgrays.c [_STANDALONE_]: Include `stddef.h'.
(FT_INT_MAX, FT_PtrDist)[_STANDALONE_]: Define.
2010-07-03 15:31:38 +02:00
suzuki toshiya b2ea64bcc6 Additional fix for Savannah bug #30306.
* src/base/ftobjs.c (Mac_Read_POST_Resource): If the type
of the POST fragment is 0, the segment is completely ignored.
The declared length of the segment is not cared at all.
According to Adobe Technical Note 5040, type 0 segment is
comment only and should not be loaded for the interpreter.
Reported by Robert Swiecki.
2010-07-02 18:19:39 +09:00
Werner Lemberg c2dabdeed0 Merge branch 'master' of git.sv.gnu.org:/srv/git/freetype/freetype2
Conflicts:
	ChangeLog
2010-07-02 01:27:49 +02:00
suzuki toshiya 5ef20c8c1d Initial fix for Savannah bug #30306.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check `rlen'
the length of fragment declared in the POST fragment header
and prevent an underflow in length calculation. Some fonts
set the length to zero in spite of the exist of following
16bit `type'. Reported by Robert Swiecki.
2010-07-01 18:39:04 +09:00
Werner Lemberg a2d225e322 [truetype] Protect against code range underflow.
* src/truetype/ttinterp.c (DO_JROT, DO_JMPR, DO_JROF): Don't allow
negative IP values.
2010-07-01 11:37:09 +02:00
Werner Lemberg 462ddb4072 [truetype] Add rudimentary tracing for bytecode instructions.
* src/truetype/ttinterp.c (opcode_name) [FT_DEBUG_LEVEL_TRACE]: New
array.
(TT_RunIns): Trace opcodes.
2010-07-01 11:28:43 +02:00
suzuki toshiya f29f741efb Additional fix for Savannah bug #30248 and #30249.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check the buffer
size during gathering PFB fragments embedded in LaserWriter PS
font for Macintosh. Reported by Robert Swiecki.
2010-07-01 17:32:40 +09:00
Werner Lemberg 6305b869d8 Fix Savannah bug #30263.
* src/smooth/ftgrays.c (gray_render_span): Use cast to `unsigned
int' to avoid integer overflow.

* src/smooth/ftsmooth.c (ft_smooth_render_generic): Use smaller
threshold values for `width' and `height'.  This is not directly
related to the bug fix but makes sense anyway.
2010-06-30 18:24:33 +02:00
Werner Lemberg 0ae6cf214f Minor optimizations by avoiding divisions.
* src/sfnt/ttkern.c (tt_face_load_kern, tt_face_get_kerning):
Replace divisions with multiplication in comparisons.
2010-06-30 10:26:48 +02:00
Werner Lemberg ae425e5189 Fix minor tracing issues.
* src/cff/cffgload.c, src/truetype/ttgload.c: Adjust tracing levels.
2010-06-29 12:31:08 +02:00