Commit 22befeef82ff8ab7100c0e40f93f748597674b31

Alexei Podtelezhnikov 2021-10-07T22:41:56

Signedness revisions. This eliminates explicit casting by switching to unsigned fields. The revisions mostly impact the handling of CID fonts. * include/freetype/fttypes.h (FT_Data): Change to unsigned `length`. * include/freetype/t1tables.h (CID_FaceDictRec): Ditto for `sd_bytes`. (CID_FaceInfoRec): Ditto for `gd_bytes` and `gd_bytes`. * include/freetype/internal/tttypes.h (TT_LoaderRec): Ditto for `byte_len`. * src/cid/cidgload.c (cid_load_glyph): Updated. * src/cid/cidload.h (cid_get_offset): Update argument. * src/cid/cidload.c (cid_get_offset, cid_read_subrs, cid_face_open): Updated. * src/cff/cffgload.c (cff_get_glyph_data, cff_free_glyph_data): Updated. * src/psaux/psft.c (cf2_getT1SeacComponent): Updated. * src/truetype/ttgload.c (TT_Process_Composite_Glyph, load_truetype_glyph): Updated.

diff --git a/docs/CHANGES b/docs/CHANGES
index 7dab3e7..9588451 100644
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -1,3 +1,15 @@
+CHANGES BETWEEN 2.11.0 and 2.11.1
+
+  I. IMPORTANT CHANGES
+
+    - Some  fields  in  the  `CID_FaceDictRec`, `CID_FaceInfoRec`, and
+      `FT_Data` structures  have been changed  from signed to unsigned
+      type,  which  better reflects  the actual usage.  It is also  an
+      additional means to protect against malformed input.
+
+
+======================================================================
+
 CHANGES BETWEEN 2.10.4 and 2.11.0
 
   I. IMPORTANT CHANGES
diff --git a/include/freetype/fttypes.h b/include/freetype/fttypes.h
index d5ca1c4..37f7353 100644
--- a/include/freetype/fttypes.h
+++ b/include/freetype/fttypes.h
@@ -413,7 +413,7 @@ FT_BEGIN_HEADER
   typedef struct  FT_Data_
   {
     const FT_Byte*  pointer;
-    FT_Int          length;
+    FT_UInt         length;
 
   } FT_Data;
 
diff --git a/include/freetype/internal/tttypes.h b/include/freetype/internal/tttypes.h
index d0e9eeb..651131c 100644
--- a/include/freetype/internal/tttypes.h
+++ b/include/freetype/internal/tttypes.h
@@ -1734,7 +1734,7 @@ FT_BEGIN_HEADER
     FT_UInt          glyph_index;
 
     FT_Stream        stream;
-    FT_Int           byte_len;
+    FT_UInt          byte_len;
 
     FT_Short         n_contours;
     FT_BBox          bbox;
diff --git a/include/freetype/t1tables.h b/include/freetype/t1tables.h
index 546ec1c..1f5bc15 100644
--- a/include/freetype/t1tables.h
+++ b/include/freetype/t1tables.h
@@ -360,7 +360,7 @@ FT_BEGIN_HEADER
 
     FT_UInt        num_subrs;
     FT_ULong       subrmap_offset;
-    FT_Int         sd_bytes;
+    FT_UInt        sd_bytes;
 
   } CID_FaceDictRec;
 
@@ -415,8 +415,8 @@ FT_BEGIN_HEADER
     FT_ULong        xuid[16];
 
     FT_ULong        cidmap_offset;
-    FT_Int          fd_bytes;
-    FT_Int          gd_bytes;
+    FT_UInt         fd_bytes;
+    FT_UInt         gd_bytes;
     FT_ULong        cid_count;
 
     FT_Int          num_dicts;
diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c
index 831b3ae..97e8f9c 100644
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -59,7 +59,7 @@
 
 
       *pointer = (FT_Byte*)data.pointer;
-      *length  = (FT_ULong)data.length;
+      *length  = data.length;
 
       return error;
     }
@@ -94,7 +94,7 @@
 
 
       data.pointer = *pointer;
-      data.length  = (FT_Int)length;
+      data.length  = (FT_UInt)length;
 
       face->root.internal->incremental_interface->funcs->free_glyph_data(
         face->root.internal->incremental_interface->object, &data );
diff --git a/src/cid/cidgload.c b/src/cid/cidgload.c
index bd0a7e7..e3e6832 100644
--- a/src/cid/cidgload.c
+++ b/src/cid/cidgload.c
@@ -63,7 +63,7 @@
 #endif
 
 
-    FT_TRACE1(( "cid_load_glyph: glyph index %d\n", glyph_index ));
+    FT_TRACE1(( "cid_load_glyph: glyph index %u\n", glyph_index ));
 
 #ifdef FT_CONFIG_OPTION_INCREMENTAL
 
@@ -80,11 +80,11 @@
         goto Exit;
 
       p         = (FT_Byte*)glyph_data.pointer;
-      fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
+      fd_select = cid_get_offset( &p, cid->fd_bytes );
 
       if ( glyph_data.length != 0 )
       {
-        glyph_length = (FT_ULong)( glyph_data.length - cid->fd_bytes );
+        glyph_length = glyph_data.length - cid->fd_bytes;
 
         if ( !FT_QALLOC( charstring, glyph_length ) )
           FT_MEM_COPY( charstring, glyph_data.pointer + cid->fd_bytes,
@@ -104,7 +104,7 @@
     /* For ordinary fonts read the CID font dictionary index */
     /* and charstring offset from the CIDMap.                */
     {
-      FT_UInt   entry_len = (FT_UInt)( cid->fd_bytes + cid->gd_bytes );
+      FT_UInt   entry_len = cid->fd_bytes + cid->gd_bytes;
       FT_ULong  off1, off2;
 
 
@@ -114,10 +114,10 @@
         goto Exit;
 
       p         = (FT_Byte*)stream->cursor;
-      fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
-      off1      = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
+      fd_select = cid_get_offset( &p, cid->fd_bytes );
+      off1      = cid_get_offset( &p, cid->gd_bytes );
       p        += cid->fd_bytes;
-      off2      = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
+      off2      = cid_get_offset( &p, cid->gd_bytes );
       FT_FRAME_EXIT();
 
       if ( fd_select >= (FT_ULong)cid->num_dicts ||
diff --git a/src/cid/cidload.c b/src/cid/cidload.c
index 768509a..ed5fb1a 100644
--- a/src/cid/cidload.c
+++ b/src/cid/cidload.c
@@ -41,7 +41,7 @@
   /* read a single offset */
   FT_LOCAL_DEF( FT_ULong )
   cid_get_offset( FT_Byte*  *start,
-                  FT_Byte    offsize )
+                  FT_UInt    offsize )
   {
     FT_ULong  result;
     FT_Byte*  p = *start;
@@ -275,7 +275,7 @@
     if ( (FT_ULong)num_dicts > stream->size / 100 )
     {
       FT_TRACE0(( "parse_fd_array: adjusting FDArray size"
-                  " (from %ld to %ld)\n",
+                  " (from %ld to %lu)\n",
                   num_dicts,
                   stream->size / 100 ));
       num_dicts = (FT_Long)( stream->size / 100 );
@@ -560,12 +560,12 @@
 
       /* read the subrmap's offsets */
       if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset )     ||
-           FT_FRAME_ENTER( ( num_subrs + 1 ) * (FT_UInt)dict->sd_bytes ) )
+           FT_FRAME_ENTER( ( num_subrs + 1 ) * dict->sd_bytes ) )
         goto Fail;
 
       p = (FT_Byte*)stream->cursor;
       for ( count = 0; count <= num_subrs; count++ )
-        offsets[count] = cid_get_offset( &p, (FT_Byte)dict->sd_bytes );
+        offsets[count] = cid_get_offset( &p, dict->sd_bytes );
 
       FT_FRAME_EXIT();
 
@@ -805,7 +805,7 @@
              face->root.stream->size - parser->data_offset )
       {
         FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" ));
-        FT_TRACE0(( "               (from %ld to %ld bytes)\n",
+        FT_TRACE0(( "               (from %lu to %lu bytes)\n",
                     parser->binary_length,
                     face->root.stream->size - parser->data_offset ));
         parser->binary_length = face->root.stream->size -
@@ -833,10 +833,10 @@
 
     /* sanity tests */
 
-    if ( cid->fd_bytes < 0 || cid->gd_bytes < 1 )
+    if ( cid->gd_bytes == 0 )
     {
       FT_ERROR(( "cid_face_open:"
-                 " Invalid `FDBytes' or `GDBytes' value\n" ));
+                 " Invalid `GDBytes' value\n" ));
       error = FT_THROW( Invalid_File_Format );
       goto Exit;
     }
@@ -853,7 +853,7 @@
     }
 
     binary_length = face->cid_stream->size - cid->data_offset;
-    entry_len     = (FT_ULong)( cid->fd_bytes + cid->gd_bytes );
+    entry_len     = cid->fd_bytes + cid->gd_bytes;
 
     for ( n = 0; n < cid->num_dicts; n++ )
     {
@@ -879,8 +879,7 @@
         dict->private_dict.blue_fuzz = 1;
       }
 
-      if ( dict->sd_bytes < 0                        ||
-           ( dict->num_subrs && dict->sd_bytes < 1 ) )
+      if ( dict->num_subrs && dict->sd_bytes == 0 )
       {
         FT_ERROR(( "cid_face_open: Invalid `SDBytes' value\n" ));
         error = FT_THROW( Invalid_File_Format );
@@ -907,7 +906,7 @@
       if ( (FT_Int)dict->num_subrs < 0                                     ||
            ( dict->sd_bytes                                              &&
              dict->num_subrs > ( binary_length - dict->subrmap_offset ) /
-                                 (FT_UInt)dict->sd_bytes                 ) )
+                                 dict->sd_bytes                          ) )
       {
         FT_ERROR(( "cid_face_open: Invalid `SubrCount' value\n" ));
         error = FT_THROW( Invalid_File_Format );
diff --git a/src/cid/cidload.h b/src/cid/cidload.h
index 456685c..ee1d486 100644
--- a/src/cid/cidload.h
+++ b/src/cid/cidload.h
@@ -37,7 +37,7 @@ FT_BEGIN_HEADER
 
   FT_LOCAL( FT_ULong )
   cid_get_offset( FT_Byte**  start,
-                  FT_Byte    offsize );
+                  FT_UInt    offsize );
 
   FT_LOCAL( FT_Error )
   cid_face_open( CID_Face  face,
diff --git a/src/psaux/psft.c b/src/psaux/psft.c
index 41c1654..ac72d82 100644
--- a/src/psaux/psft.c
+++ b/src/psaux/psft.c
@@ -742,13 +742,13 @@
     /* For ordinary fonts get the character data stored in the face record. */
     {
       glyph_data.pointer = type1->charstrings[glyph_index];
-      glyph_data.length  = (FT_Int)type1->charstrings_len[glyph_index];
+      glyph_data.length  = type1->charstrings_len[glyph_index];
     }
 
     if ( !error )
     {
       FT_Byte*  charstring_base = (FT_Byte*)glyph_data.pointer;
-      FT_ULong  charstring_len  = (FT_ULong)glyph_data.length;
+      FT_ULong  charstring_len  = glyph_data.length;
 
 
       FT_ASSERT( charstring_base + charstring_len >= charstring_base );
@@ -778,7 +778,7 @@
     face = (T1_Face)decoder->builder.face;
 
     data.pointer = buf->start;
-    data.length  = (FT_Int)( buf->end - buf->start );
+    data.length  = (FT_UInt)( buf->end - buf->start );
 
     if ( face->root.internal->incremental_interface )
       face->root.internal->incremental_interface->funcs->free_glyph_data(
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index bb948e4..9136c17 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1392,7 +1392,7 @@
            FT_READ_USHORT( n_ins )           )
         return error;
 
-      FT_TRACE5(( "  Instructions size = %d\n", n_ins ));
+      FT_TRACE5(( "  Instructions size = %hu\n", n_ins ));
 
       /* check it */
       max_ins = loader->face->max_profile.maxSizeOfInstructions;
@@ -1400,10 +1400,10 @@
       {
         /* don't trust `maxSizeOfInstructions'; */
         /* only do a rough safety check         */
-        if ( (FT_Int)n_ins > loader->byte_len )
+        if ( n_ins > loader->byte_len )
         {
           FT_TRACE1(( "TT_Process_Composite_Glyph:"
-                      " too many instructions (%d) for glyph with length %d\n",
+                      " too many instructions (%hu) for glyph with length %u\n",
                       n_ins, loader->byte_len ));
           return FT_THROW( Too_Many_Hints );
         }
@@ -1686,7 +1686,7 @@
       FT_ZERO( &inc_stream );
       FT_Stream_OpenMemory( &inc_stream,
                             glyph_data.pointer,
-                            (FT_ULong)glyph_data.length );
+                            glyph_data.length );
 
       loader->stream = &inc_stream;
     }
@@ -1694,8 +1694,7 @@
 
 #endif /* FT_CONFIG_OPTION_INCREMENTAL */
 
-      offset = tt_face_get_location( face, glyph_index,
-                                     (FT_UInt*)&loader->byte_len );
+      offset = tt_face_get_location( face, glyph_index, &loader->byte_len );
 
     if ( loader->byte_len > 0 )
     {
@@ -1714,7 +1713,7 @@
 
       error = face->access_glyph_frame( loader, glyph_index,
                                         face->glyf_offset + offset,
-                                        (FT_UInt)loader->byte_len );
+                                        loader->byte_len );
       if ( error )
         goto Exit;
 
@@ -1849,7 +1848,7 @@
     /* (which consists of 10 bytes)                            */
     error = face->access_glyph_frame( loader, glyph_index,
                                       face->glyf_offset + offset + 10,
-                                      (FT_UInt)loader->byte_len - 10 );
+                                      loader->byte_len - 10 );
     if ( error )
       goto Exit;
 
@@ -2105,7 +2104,7 @@
         FT_UInt      num_base_subgs = gloader->base.num_subglyphs;
 
         FT_Stream    old_stream     = loader->stream;
-        FT_Int       old_byte_len   = loader->byte_len;
+        FT_UInt      old_byte_len   = loader->byte_len;
 
 
         FT_GlyphLoader_Add( gloader );