Commit Graph

3682 Commits

Author SHA1 Message Date
Werner Lemberg 2dc76a4650 [cff] Next try to fix `hintmask' and `cntrmask' limit check.
Problem reported by malc <av1474@comtv.ru>.

* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: It is possible that there is just a single byte
after the `hintmask' or `cntrmask', e.g., a `return' instruction.
2010-07-05 06:40:02 +02:00
suzuki toshiya 0ae3271814 Restrict the number of the charmaps in a rogue-compatible mode.
Fix for Savannah bug #30059.

* src/cache/ftccmap.c (FTC_CMapCache_Lookup): Replace `16' the
minimum character code passed by a legacy rogue client by...
* include/freetype/config/ftoption.h (FT_MAX_CHARMAP_CACHEABLE):
This.  It is undefined when FT_CONFIG_OPTION_OLD_INTERNALS is
undefined (thus the rogue client compatibility is not required).

* src/cff/cffobjs.c (cff_face_init): Abort the automatic
selection or synthesis of Unicode cmap subtable when the charmap
index exceeds FT_MAX_CHARMAP_CACHEABLE.
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Issue error message
when the charmap index exceeds FT_MAX_CHARMAP_CACHEABLE.

* src/base/ftobjs.c (find_unicode_charmap): When Unicode charmap
is found after FT_MAX_CHARMAP_CACHEABLE, ignore it and search
earlier one.
(find_variant_selector_charmap): When UVS charmap is found after
FT_MAX_CHARMAP_CACHEABLE, ignore it and search earlier one.
(FT_Select_Charmap): When a charmap matching with requested
encoding but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Set_Charmap): When a charmap matching with requested
charmap but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Get_Charmap_Index): When a requested charmap is found
after FT_MAX_CHARMAP_CACHEABLE, return the inverted charmap
index.
2010-07-05 09:59:03 +09:00
Werner Lemberg 8a6f3280f5 Version number update. 2010-07-04 07:49:03 +02:00
Werner Lemberg 6bbbbc1523 TrueType hinting is no longer patented.
* include/freetype/config/ftoption.h, devel/ftoption.h
(TT_CONFIG_OPTION_BYTECODE_INTERPRETER): Define.
(TT_CONFIG_OPTION_UNPATENTED_HINTING): Undefine.

* docs/CHANGES, docs/INSTALL, include/freetype/freetype.h: Updated.
* docs/TRUETYPE, docs/PATENTS: Removed.
2010-07-04 07:37:56 +02:00
Werner Lemberg ce27fd56fa Cosmetic changes. 2010-07-04 07:09:10 +02:00
suzuki toshiya a874c7ecca Check error value by `FT_CMap_New'.
* src/cff/cffobjs.c (cff_face_init): Check error value by
`FT_CMap_New'.
* src/pfr/pfrobjs.c (pfr_face_init): Ditto.
* src/type1/t1jobjs.c (T1_Face_Init): Ditto.
* src/type42/t42jobjs.c (T42_Face_Init): Ditto.
2010-07-04 12:08:41 +09:00
Werner Lemberg e017639710 Make ftgrays.c compile stand-alone again.
* src/smooth/ftgrays.c [_STANDALONE_]: Include `stddef.h'.
(FT_INT_MAX, FT_PtrDist)[_STANDALONE_]: Define.
2010-07-03 15:31:38 +02:00
suzuki toshiya b2ea64bcc6 Additional fix for Savannah bug #30306.
* src/base/ftobjs.c (Mac_Read_POST_Resource): If the type
of the POST fragment is 0, the segment is completely ignored.
The declared length of the segment is not cared at all.
According to Adobe Technical Note 5040, type 0 segment is
comment only and should not be loaded for the interpreter.
Reported by Robert Swiecki.
2010-07-02 18:19:39 +09:00
Werner Lemberg c2dabdeed0 Merge branch 'master' of git.sv.gnu.org:/srv/git/freetype/freetype2
Conflicts:
	ChangeLog
2010-07-02 01:27:49 +02:00
suzuki toshiya 5ef20c8c1d Initial fix for Savannah bug #30306.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check `rlen'
the length of fragment declared in the POST fragment header
and prevent an underflow in length calculation. Some fonts
set the length to zero in spite of the exist of following
16bit `type'. Reported by Robert Swiecki.
2010-07-01 18:39:04 +09:00
Werner Lemberg a2d225e322 [truetype] Protect against code range underflow.
* src/truetype/ttinterp.c (DO_JROT, DO_JMPR, DO_JROF): Don't allow
negative IP values.
2010-07-01 11:37:09 +02:00
Werner Lemberg 462ddb4072 [truetype] Add rudimentary tracing for bytecode instructions.
* src/truetype/ttinterp.c (opcode_name) [FT_DEBUG_LEVEL_TRACE]: New
array.
(TT_RunIns): Trace opcodes.
2010-07-01 11:28:43 +02:00
suzuki toshiya f29f741efb Additional fix for Savannah bug #30248 and #30249.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check the buffer
size during gathering PFB fragments embedded in LaserWriter PS
font for Macintosh. Reported by Robert Swiecki.
2010-07-01 17:32:40 +09:00
Werner Lemberg 6305b869d8 Fix Savannah bug #30263.
* src/smooth/ftgrays.c (gray_render_span): Use cast to `unsigned
int' to avoid integer overflow.

* src/smooth/ftsmooth.c (ft_smooth_render_generic): Use smaller
threshold values for `width' and `height'.  This is not directly
related to the bug fix but makes sense anyway.
2010-06-30 18:24:33 +02:00
Werner Lemberg 0ae6cf214f Minor optimizations by avoiding divisions.
* src/sfnt/ttkern.c (tt_face_load_kern, tt_face_get_kerning):
Replace divisions with multiplication in comparisons.
2010-06-30 10:26:48 +02:00
Werner Lemberg ae425e5189 Fix minor tracing issues.
* src/cff/cffgload.c, src/truetype/ttgload.c: Adjust tracing levels.
2010-06-29 12:31:08 +02:00
Werner Lemberg 18b552f6ae [cff] Really fix `hintmask' and `cntrmask' limit check.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Fix thinko and handle tracing also.
2010-06-27 15:41:02 +02:00
Werner Lemberg 8bebaa74cc Fix valgrind warning.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Initialize
`result' array.
2010-06-27 15:10:15 +02:00
Werner Lemberg 4f7851e3d2 [cff] Fix memory leak.
* src/cff/cffgload.c (cff_operator_seac): Free charstrings even in
case of errors.
2010-06-27 13:03:54 +02:00
Werner Lemberg e9f0cdb6c0 [cff] Protect against invalid `hintmask' and `cntrmask' operators.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Ensure that we don't exceed `limit' while parsing
the bit masks of the `hintmask' and `cntrmask' operators.
2010-06-27 12:34:19 +02:00
Werner Lemberg 1c70fcbc0a Fix PFR change 2010-06-24.
* src/pfr/pfrgload.c (pfr_glyph_load_simple): Really protect against
invalid indices.
2010-06-27 00:43:23 +02:00
Werner Lemberg 91ea0bf80d Improve PFR tracing messages.
* src/pfr/pfrgload.c (pfr_glyph_load_rec): Emit tracing messages for
simple and compound glyph offsets.
2010-06-26 22:46:38 +02:00
Werner Lemberg 82ad8ab242 Fix last PFR change.
* src/pfr/pfrobjs.c (pfr_face_init): Fix rejection logic.
2010-06-26 09:45:41 +02:00
Werner Lemberg 7d91173643 Fix Savannah bug #30262.
* src/sfnt/ttload.c (tt_face_load_maxp): Limit `maxComponentDepth'
arbitrarily to 100 to avoid stack exhaustion.
2010-06-26 09:29:51 +02:00
Werner Lemberg 75787c19ea Add some memory checks (mainly for debugging).
* src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error
if the frame size is larger than the stream size.

* src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if
seeking a position larger than the stream size.
2010-06-26 09:24:08 +02:00
Werner Lemberg ea5babaa67 Fix Savannah bug #30261.
* src/pfr/pfrobjs.c (pfr_face_init): Reject fonts which contain
neither outline nor bitmap glyphs.
2010-06-25 22:44:37 +02:00
Werner Lemberg e23ba91af7 Fix Savannah bug #30254.
* src/cff/cffload.c (cff_index_get_pointers): Do sanity check for
first offset also.
2010-06-25 21:55:14 +02:00
suzuki toshiya c69891a134 Initial fix for Savannah bug #30248 and #30249.
* src/base/ftobjs.c (Mac_Read_POST_Resource): Check the error during
reading a PFB fragment embedded in LaserWriter PS font for Macintosh.
Reported by Robert Swiecki.
2010-06-25 10:48:12 +09:00
Werner Lemberg 6fc12943e9 Fix Savannah bug #30247.
* src/pcf/pcfread.c (pcf_get_metrics): Disallow (invalid) fonts with
zero metrics.
2010-06-24 20:20:26 +02:00
Graham Asher e419f48b40 * src/smooth/ftgrays.c (gray_render_cubic): Fix algorithm.
The previous version was too aggressive, as demonstrated in
http://lists.gnu.org/archive/html/freetype-devel/2010-06/msg00020.html.
2010-06-24 12:50:46 +02:00
Werner Lemberg f765e4403c */*: Use module specific error names where appropriate. 2010-06-24 10:34:29 +02:00
Werner Lemberg 8b1c34da4c Fix Savannah bug #30236.
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Improve check for pointer
to `cmap_table'.
2010-06-24 08:48:10 +02:00
Werner Lemberg 3cf87f4d27 Fix Savannah bug #30235.
* src/pfr/pfrgload.c (pfr_glyph_load_simple): Protect against
invalid indices if there aren't any coordinates for indexing.
2010-06-24 08:20:56 +02:00
Werner Lemberg b21d7bc567 [bdf]: Font properties are optional.
* src/bdf/bdflib.c (_bdf_readstream): Use special error code to
indicate a redo operation.
(_bdf_parse_start): Handle `CHARS' keyword here too and pass current
input line to `_bdf_parse_glyph'.
2010-06-24 07:40:49 +02:00
Werner Lemberg 8c2c2556af Whitespace. 2010-06-24 07:36:21 +02:00
Werner Lemberg fb69029a7a Fix Savannah bug #30220.
* include/freetype/fterrdef.h
(BDF_Err_Missing_Fontboundingbox_Field): New error code.

* src/bdf/bdflib.c (_bdf_parse_start): Check for missing
`FONTBOUNDINGBOX' field.
Avoid memory leak if there are multiple `FONT' lines (which is
invalid but doesn't hurt).
2010-06-23 10:00:52 +02:00
Werner Lemberg ddc4b136d6 Fix Savannah bug #30168.
* src/pfr/pfrgload.c (pfr_glyph_load_compound): Limit the number of
subglyphs to avoid endless recursion.
2010-06-21 09:28:32 +02:00
Werner Lemberg 90b07bd541 Fix Savannah bug #30145.
* src/psaux/psobjs.c (t1_builder_add_contour): Protect against
`outline == NULL' which might happen in invalid fonts.
2010-06-20 16:27:36 +02:00
Werner Lemberg f4c94d4b5f Fix Savannah bug #30135.
* src/bdf/bdflib.c (_bdf_list_join): Don't modify value in static
string `empty'.
(_bdf_parse_glyph): Avoid memory leak in case of error.
2010-06-19 16:08:31 +02:00
Werner Lemberg 5d86cdce7e Fix Savannah bug #30108.
* src/autofit/afglobal.c (af_face_globals_compute_script_coverage):
Properly mask AF_DIGIT bit in comparison.
2010-06-15 08:29:30 +02:00
Werner Lemberg 8d22746c9e Fix Savannah bug #30106.
Point numbers for FreeType's implementation of hinting masks are
collected before the final number of points of a glyph has been
determined; in particular, the code for handling the `endchar'
opcode can reduce the number of points.

* src/pshinter/pshalgo.c (psh_glyph_find_strong_points): Assure that
`end_point' is not larger than `glyph->num_points'.
2010-06-12 01:32:20 +02:00
Werner Lemberg 3624110cc2 [cff]: Improve debugging output.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Implement it.
2010-06-11 23:00:22 +02:00
Graham Asher 7fb3ef64a2 ftgrays: Speed up rendering of small cubic splines.
* src/smooth/ftgrays.c (gray_render_cubic): Implement new,
simplified algorithm to find out whether the spline can be replaced
with two straight lines.  See this thread for more:

  http://lists.gnu.org/archive/html/freetype-devel/2010-06/msg00000.html
2010-06-10 08:10:57 +02:00
Werner Lemberg ad61f178e2 Oops, revert unwanted previous commit for ftgrays.c. 2010-06-09 15:18:57 +02:00
Werner Lemberg 7d3d2cc4fe Fix Savannah bug #30082.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_callothersubr>: Protect against stack underflow.
2010-06-09 09:14:09 +02:00
Werner Lemberg a4124bf088 Fix Savannah bug #30053.
* src/cff/cffparse (cff_parse_real): Handle border case where
`fraction_length' has value 10.
2010-06-08 09:21:39 +02:00
Werner Lemberg 370aea802c Formatting. 2010-06-08 08:37:11 +02:00
Werner Lemberg d087199f2c Fix Savannah bug #30052.
This bug has been introduced with commit 2415cbf3.

* src/base/ftobjs.c (FT_Get_First_Char, FT_Get_Next_Char): Protect
against endless loop in case of corrupted font header data.
2010-06-07 08:46:01 +02:00
Werner Lemberg c217bf19f0 Remove unused variable.
Found by Graham.

* src/autofit/afhints.c (af_glyph_hints_reload): Remove unused
variable `first' in first block.
2010-05-26 16:16:34 +02:00
Werner Lemberg e30de299f2 Fix various memory problems found by linuxtesting.org.
* src/base/ftgxval.c (FT_TrueTypeGX_Free, FT_ClassicKern_Free),
src/base/ftotval.c (FT_OpenType_Free), src/base/ftpfr.c
(ft_pfr_check): Check `face'.

* src/base/ftobjs.c (FT_Get_Charmap_Index): Check `charmap' and
`charmap->face'.
(FT_Render_Glyph): Check `slot->face'.
(FT_Get_SubGlyph_Info): Check `glyph->subglyphs'.

Improve API documentation.
2010-05-22 20:03:41 +02:00