Commit Graph

5638 Commits

Author SHA1 Message Date
Werner Lemberg 9c814704c0 [truetype] Code shuffling.
* src/truetype/ttgxvar.c (): Split off loading of item variation
store and delta set index mapping into...
(ft_var_load_item_variation_store,
ft_var_load_delta_set_index_mapping): ... new functions.
2017-01-06 21:13:36 +01:00
Werner Lemberg 7e1cce58b5 [truetype] Add HVAR access without advance width map.
* src/truetype/ttgxvar.c (ft_var_load_hvar): Handle case where
`offsetToAdvanceWidthMapping' is zero.
(tt_hadvance_adjust): Implement direct deltaSet access by glyph
index.
2017-01-06 20:31:22 +01:00
Werner Lemberg 8b755445bb [pcf] Revise driver.
This commit improves tracing and handling of malformed fonts.  In
particular, the changes to `pcf_get_properties' fix

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379

* src/pcf/pcfread.c (tableNames): Use long names for better
readability.
(pcf_read_TOC): Allow at most 9 tables.
(pcf_get_properties): Allow at most 256 properties.
Limit strings array length to 256 * (65536 + 1) bytes.
Better tracing.
(pcf_get_metric): Trace metric data.
(pcf_get_metrics): Allow at most 65536 metrics.
Fix comparison of `metrics->ascent' and `metrics->descent' to avoid
potential overflow.
Better tracing.
(pcf_get_bitmaps): Allow at most 65536 bitmaps.
Better tracing.
(pcf_get_encodings, pcf_get_accel): Better tracing.

* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Don't trace `format' details.
These are now shown by `pcf_get_bitmaps'.
2017-01-06 11:47:55 +01:00
Werner Lemberg 348d39c68a Comment. 2017-01-05 12:29:55 +01:00
Werner Lemberg 563ae78022 Update copyright year. 2017-01-04 20:16:34 +01:00
Werner Lemberg a7c2f44b45 * src/pcf/pcfdrivr.c (PCF_Face_Init): Trace compression format. 2017-01-04 13:12:03 +01:00
Werner Lemberg c9d477242c [cff] More consistency checks for pure CFFs.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=378

* src/cff/cffload.c (cff_font_load): Check element number and size
of Name and Top DICT indices.
2017-01-04 10:00:49 +01:00
Werner Lemberg 025226ae14 [cff, truetype] Minor tracing improvement.
* src/cff/cffobjs.c (cff_face_init), src/truetype/ttobjs.c
(tt_face_init): Indent first tracing message from SFNT driver.
2017-01-04 07:45:44 +01:00
Werner Lemberg 8982405f0c [truetype] Various minor fixes.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check instruction
size only if we do native hinting.
(TT_Load_Glyph): Trace returned error code.

* src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Trace
returned error code.
(tt_size_ready_bytecode): Don't run `prep' table if `fpgm' table is
invalid.
2017-01-03 09:46:19 +01:00
Werner Lemberg 624b680289 [sfnt] Don't fail if PCLT, EBLC (and similar tables) are invalid.
These tables are optional.

* src/sfnt/sfobjs.c (sfnt_load_face): Implement it.
2017-01-03 09:42:41 +01:00
Werner Lemberg 69414e7afd * src/cff/cffparse.c (cff_parse_num): Simplify. 2017-01-03 06:53:13 +01:00
Werner Lemberg 248eaa4f60 Various fixes for clang's undefined behaviour sanitizer.
* src/cff/cffload.c (FT_fdot14ToFixed): Fix casting.
(cff_blend_doBlend): Don't left-shift negative numbers.
Handle 5-byte numbers byte by byte to avoid alignment issues.

* src/cff/cffparse.c (cff_parse): Handle 5-byte numbers byte by byte
to avoid alignment issues.

* src/cid/cidload (cid_read_subrs): Do nothing if we don't have any
subrs.

* src/psaux/t1decode.c (t1_decode_parse_charstring): Fix tracing.

* src/tools/glnames.py (main): Put `DEFINE_PSTABLES' guard around
definition of `ft_get_adobe_glyph_index'.

* src/psnames/pstables.h: Regenerated.

* src/psnames/psmodule.c: Inlude `pstables.h' twice to get both
declaration and definition.

* src/truetype/ttgxvar.c (FT_fdot14ToFixed, FT_intToFixed): Fix
casting.
2017-01-03 00:27:07 +01:00
Werner Lemberg bdec162d92 [cff] Handle multiple `blend' operators in a row correctly.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=368

* src/cff/cffload.c (cff_blend_doBlend): Adjust `parser->stack'
pointers into `subFont->blend_stack' after reallocation.
2017-01-01 20:51:55 +01:00
Werner Lemberg 63765a8f2a [sfnt] Return correct number of named instances for TTCs.
Without this patch, requesting information for face index N returned
the data for face index N+1 (or index 0).

* src/sfnt/sfobjs.c (sfnt_init_face): Correctly adjust `face_index'
for negative `face_instance_index' values.
2017-01-01 10:43:41 +01:00
Werner Lemberg 24be60b5f1 */*: Use hex numbers for errors in tracing messages. 2017-01-01 08:20:38 +01:00
Werner Lemberg e9a154e700 [truetype] Check axis count in HVAR table.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=362

* src/truetype/ttgxvar.c (ft_var_load_hvar): Check axis count.
(ft_var_load_avar): Fix tracing message.
2016-12-31 21:41:08 +01:00
Werner Lemberg 069083cccd * Version 2.7.1 released.
=========================

Tag sources with `VER-2-7-1'.

* docs/VERSION.TXT: Add entry for version 2.7.1.

* README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj,
builds/windows/vc2005/index.html,
builds/windows/vc2008/freetype.vcproj,
builds/windows/vc2008/index.html,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.7/2.7.1/, s/27/271/.

* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.

* builds/unix/configure.raw (version_info): Set to 19:0:13.
* CMakeLists.txt (VERSION_PATCH): Set to 1.
2016-12-30 21:16:46 +01:00
Werner Lemberg 8fb9d22a6b [ftfuzzer] Replace `rand' with an xorshift algorithm.
* src/tools/ftfuzzer/ftfuzzer.cc: Don't include `stdlib.h'.
(Random): Implement and use a 32bit `xorshift' algorithm.
2016-12-30 19:51:37 +01:00
Werner Lemberg c9de4bf6ba Typo. 2016-12-30 10:07:23 +01:00
Werner Lemberg 6b21d1281e [ftfuzzer] Restrict number of tested bitmap strikes.
Malformed fonts often have large values for the number of bitmap
strikes, and FreeType doesn't check the validity of all bitmap
strikes in advance.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=353

* src/tools/ftfuzzer/ftfuzzer.cc: Include `stdlib.h' for `rand'.
(Random): Small class to provide n randomly selected numbers
(without repitition) out of the value set [0,N].
(LLVMFuzzerTestOneInput): Use it to test only up to 10 bitmap
strikes.
2016-12-30 10:00:54 +01:00
Werner Lemberg 7591bf11d1 [truetype] Variation font API stability issues.
Make some functions work before a call to `TT_Set_MM_Blend'.

* src/truetype/ttgxvar.c (tt_hadvance_adjust): Exit immediately if
we don't blend.
(TT_Get_MM_Blend, TT_Get_Var_Design): Return default values if we
don't blend.
2016-12-29 21:39:06 +01:00
Werner Lemberg 91fc3bd7c9 * src/truetype/ttgxvar.c (TT_Get_MM_Var): Check axis data.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=348
2016-12-29 21:34:46 +01:00
Werner Lemberg 180185109b [truetype] Tracing fixes.
* src/truetype/ttgxvar.c (tt_hadvance_adjust): Emit correct
information.
(TT_Set_Var_Design): Fix typo.
(TT_Get_Var_Design): Fix typos.
2016-12-29 21:30:06 +01:00
Werner Lemberg 84b0d9927b */*: Use `0.5f' for tracing 16.16 numbers. 2016-12-29 10:38:51 +01:00
Werner Lemberg 346b141762 [pcf] Protect against gzip bombs.
Fix suggested by Kostya; reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=345

* src/pcf/pcfread.c (pcf_read_TOC): Limit number of TOC entries to
1024.
2016-12-29 06:03:40 +01:00
Werner Lemberg 6fb549ddab [psnames] Only declare, not define, data in `pstables.h' (#49949).
Pdfium includes `pstables.h' a second time; moving the definition
from `pstables.h' to `psmodule.c' saves more than 60kByte data
segment space for this case.

* src/tools/glnames.py (StringTable::dump,
StringTable::dump_sublist, dump_encoding, dump_array): Emit
additional code to only define tables if `DEFINE_PS_TABLES' is set.

* src/psnames/pstables.h: Regenerated.
* src/psnames/psmodule.c (DEFINE_PS_TABLES): Define.
2016-12-28 22:23:33 +01:00
Werner Lemberg c4a1ef3c94 [cff] Catch `blend' op in non-variant fonts.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=334

* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdBLEND>: Don't
allow `blend' op for non-variant fonts.
2016-12-28 21:22:45 +01:00
Werner Lemberg c4cd34a9e0 [cff] Better check of number of blends.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdBLEND>,
src/cff/cffparse.c (cff_parse_blend): Compare number of blends with
stack size.
2016-12-28 08:33:35 +01:00
Werner Lemberg 48fd5bb2b6 Documentation updates.
* docs/CHANGES: Add missing information.

* docs/formats.txt: Rewritten and updated.
2016-12-27 10:20:23 +01:00
Werner Lemberg 0a943b6362 Formatting. 2016-12-27 07:50:22 +01:00
Werner Lemberg e5e3556fa2 [truetype, type1] Implement `FT_Get_Var_Design_Coordinates'.
* src/truetype/ttgxvar.c (TT_Get_Var_Design): Implement.
(TT_Set_Var_Design): Fix tracing.

* src/type1/t1load.c (T1_Get_Var_Design): Implement.
2016-12-27 06:49:37 +01:00
Werner Lemberg f80c4473b6 Replace `++foo' and `--foo' with `foo++' and `foo--', resp. 2016-12-26 23:57:45 +01:00
Werner Lemberg 4441f7b246 Replace `foo == NULL' and `foo != NULL' with `!foo' and `foo', resp.
Other minor formatting.
2016-12-26 17:08:17 +01:00
Werner Lemberg 37c72f66a5 Minor formatting. 2016-12-25 22:55:25 +01:00
Werner Lemberg a300c1c3af * src/truetype/ttpload.c (tt_face_load_hdmx): Ignore `version'.
Problem reported by 張俊芝 <418092625@qq.com>.
2016-12-24 09:27:15 +01:00
Werner Lemberg d1db57c284 * src/sfnt/ttsbit.c (tt_face_load_sbit): Allow more version values.
Some fonts seem to have the `version' field in the wrong byte order.

Problem reported by 張俊芝 <418092625@qq.com>.
2016-12-24 09:05:16 +01:00
Werner Lemberg fde0b78cce * src/truetype/ttpload.c (tt_face_load_loca): Sanitize table length.
This trivial fix allows us to accept more fonts.

Problem reported by 張俊芝 <418092625@qq.com>.
2016-12-24 08:17:19 +01:00
Werner Lemberg 1fecdfe346 * src/sfnt/sfobjs.c (sfnt_init_face): Fix tracing. 2016-12-24 07:50:45 +01:00
Werner Lemberg 8d37efbc79 Add missing ChangeLog entry for commit d44daf9e. 2016-12-22 20:48:28 +01:00
Werner Lemberg 18bd176a65 * CMakeLists.txt: Make it work with cmake 2.8.11.2 (#49909). 2016-12-22 12:24:23 +01:00
Werner Lemberg 06d61b487a Ensure used preprocessor symbols are defined (#49790).
* builds/unix/ftconfig.in, builds/vms/ftconfig.h,
include/freetype/config/ftconfig.h: Check `__GNUC__', `__IBMC__',
and `__SUNPRO_C' correctly.
2016-12-22 10:43:46 +01:00
Werner Lemberg 7f7333990c * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Check `count'.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=308
2016-12-22 10:12:17 +01:00
Werner Lemberg b44e6c2035 [cff] Protect against invalid `vsindex' and `blend' values.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=305

* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVSINDEX,
cf2_cmdBLEND>: Implement it.
2016-12-22 08:30:15 +01:00
Werner Lemberg ada8297175 [ftfuzzer] Always use Adobe CFF engine.
* src/tools/ftfuzzer/ftfuzzer.cc (FT_Global::FT_Global): Implement
it.
2016-12-22 08:25:42 +01:00
Werner Lemberg 7209110345 * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Thinko.
I should really stop coding late in the evening...

Thanks again to Ben for checking.
2016-12-21 23:46:29 +01:00
Werner Lemberg d44daf9e9b * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Thinko.
Don't apply deltas twice for non-phantom points.

Spotted by Ben Wagner.
2016-12-21 23:03:48 +01:00
Werner Lemberg e6a429e2c7 [cff, truetype] Another try for #49829.
* src/cff/cffdrivr.c: Don't include
`FT_SERVICE_METRICS_VARIATIONS_H'.
(cff_get_advances): Use `ttface->variation_support'.

* src/truetype/ttdriver.c (tt_get_advances): Use
`ttface->variation_support'.

* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Use `ttface->variation_support'.
2016-12-21 20:27:48 +01:00
Werner Lemberg 64a91137f1 [truetype, sfnt] Introduce font variation flags to `TT_Face'.
* include/freetype/internal/tttypes.h (TT_FACE_FLAG_VAR_XXX):
New macros describing available functionality of various OpenType
tables related to font variation.
(TT_Face): New fields `variation_support' and `mvar_support',
replacing and extending `use_fvar'.

* src/sfnt/sfobjs.c (sfnt_init_face, sfnt_load_face): Use
`variation_support'.

* src/truetype/ttgxvar.c (ft_var_load_hvar): Set `variation_support'
field.
(TT_Vary_Apply_Glyph_Deltas): Updated.
2016-12-21 19:30:33 +01:00
Werner Lemberg 57a6733dcf [base] Improve sanity check for Mac resources (#49888).
* src/base/ftobjs.c (Mac_Read_sfnt_Resource): Abort if `rlen' is not
positive.
2016-12-21 06:52:23 +01:00
Werner Lemberg ded4bdb5d0 [base] More sanity checks for Mac resources.
We use

  https://github.com/kreativekorp/ksfl/wiki/Macintosh-Resource-File-Format

and

  https://developer.apple.com/legacy/library/documentation/mac/pdf/MoreMacintoshToolbox.pdf#page=151

as references.

* include/freetype/internal/ftrfork.h (FT_RFork_Ref): Use FT_Short
for `res_id'.

* src/base/ftrfork.c (FT_Raccess_Get_HeaderInfo): Extract map length
and use it to improve sanity checks.
Follow the specification more closely;in particular, all data types
are signed, not unsigned.
(FT_Raccess_Get_DataOffsets): Follow the specification more closely;
in particular, all data types are signed, not unsigned.
Add some sanity checks.
2016-12-20 23:26:38 +01:00