kc3-lang/freetype
Branch :
Log
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
 |
0683f0df | 2017-09-09 13:01:11 | Warping CHANGES. | |
 |
0ab2b62d | 2017-09-09 08:08:47 | [autofit] Improve communication with ftgrid. * src/autofit/afhints.c (af_glyph_hints_get_segment_offset): Provide values in font units. | |
|
e2e56f9d | 2017-09-09 06:31:03 | Officially announce end of 16bit compiler support. | |
|
33b390a6 | 2017-09-08 21:34:47 | Warping documentation updates. | |
 |
3ef59e59 | 2017-09-09 01:28:24 | [base] Remove a check for resource ID in the resource fork driver. LastResort.dfont has a marginal resource ID 0xFFFF for sfnt resource. Inside Macintosh: More Macintosh Toolbox, `Resource IDs' (1-46), tells that some IDs are reserved and should not be used. FreeType2 just uses resource ID to sort the fragmented resource. To accept the marginal fonts, the checking is removed. * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Remove res_id validity check, fix a trace message format. | |
|
71f66180 | 2017-09-09 01:05:44 | ChangeLog for last commit. | |
|
5c4e40d7 | 2017-09-09 00:59:33 | [sfnt, truetype] Register the tags for marginal fonts. The first 32bit of standard TrueType variants is 0x00010000, `OTTO', `ttcf', `true' or `typ1'. 2 marginal dfonts on legacy Mac OS X, Keyboard.dfont and LastResort.dfont, have the sfnt resources starting 0xA5 followed by `kbd' or `lst'. Considering the following data could be parsed as conventional TrueType fonts, the header checking is updated to allow these tags. It seems that recent Mac OS X has already switched to normal TTF for these fonts. See the discussion at http://u88.n24.queensu.ca/exiftool/forum/index.php?topic=3931.0 * include/freetype/tttags.h (TTAG_0xA5kbd, TTAG_0xA5lst): New header tags for Keyboard.dfont and LastResort.dfont. * src/sfnt/sfobjs.c (sfnt_open_font): Accept the sfnt resource starts with TTAG_0xA5kbd or TTAG_0xA5lst. * src/truetype/ttobjs.c (tt_face_init): Accept the face with the format tag is TTAG_0xA5kbd or TTAG_0xA5lst. | |
|
22a7f5b8 | 2017-09-07 22:36:02 | Branding fixes. | |
|
e0b480d1 | 2017-09-06 21:21:14 | s/ /~/ | |
|
a3dd6d99 | 2017-09-05 23:02:04 | Fix multiple calls of `FT_Bitmap_Convert'. The documentation of `FT_Bitmap_Convert' says that multiple calls do proper reallocation of the target FT_Bitmap object. However, this failed for the sequence non-empty bitmap empty bitmap non-empty bitmap Reason was that `FT_Bitmap_Convert' only reallocated the bitmap buffer if it became too small; it didn't make the buffer smaller. For an empty bitmap following a non-empty one, only the buffer dimension got set to zero, without deallocation. If the next call was a non-empty buffer again, an assertion in `ft_mem_qrealloc' was triggered. * src/base/ftbitmap.c (FT_Bitmap_Convert): Always reallocate target buffer to the correct size. * docs/CHANGES: Document it. | |
|
7d017ba8 | 2017-09-05 15:28:21 | [bdf] Fix size and resolution handling. * src/bdf/bdfdrivr.c (BDF_Face_Init): Use `SIZE' values if `POINT_SIZE', `RESOLUTION_X', or `RESOLUTION_Y' properties are missing. * docs/CHANGES: Document it. | |
|
f0898b92 | 2017-08-25 21:40:01 | Swap `ALLOC_MULT' arguments (#51833). * src/base/ftbitmap.c (ft_bitmap_assure_buffer): Updated. * src/winfonts/winfnt.c (FNT_Load_Glyph): Updated. * src/raster/ftrend1.c (ft_raster1_render): Updated. | |
|
587264cf | 2017-08-23 09:14:14 | Typo. | |
|
e1d0249e | 2017-08-23 08:18:22 | [sfnt] Fix clang compilation (#51788). * src/sfnt/pngshim.c (premultiply_data): Use vectors instead of scalars. (vector_shuffle): New macro to take of a different built-in function name on clang. | |
|
bd28952e | 2017-08-22 08:41:03 | [base] Don't zero out allocated memory twice (#51816). Patch applied from bug report. * src/base/ftutil.c (ft_mem_qrealloc): Use low-level allocation to avoid unnecessary overhead. | |
|
0aca17cf | 2017-08-22 08:25:14 | [truetype] Integer overflow. Changes triggered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3107 * src/truetype/ttinterp.c (Ins_MDRP, Ins_MIRP, Ins_ALIGNPTS): Use NEG_LONG. | |
|
7653c765 | 2017-08-17 21:28:32 | [sfnt] Avoid synthetic unicode for symbol fonts with PUA. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=754574 * src/sfnt/sfobjs.c (sfnt_load_face): Check for FT_ENCODING_MS_SYMBOL. | |
|
cadd29de | 2017-08-16 13:32:17 | * src/sfnt/pngshim.c (premultiply_data): Fix compiler warnings. | |
 |
c9d7c03f | 2017-08-15 08:48:17 | [sfnt] Speed up PNG image loading. This reduces the overhead of `premultiply_data' by 60%. * src/sfnt/pngshim.c (premultiply_data): Provide code which uses gcc's (and clang's) `vector_byte' attribute to process 4 pixels at a time. | |
|
f53ccf6f | 2017-08-15 07:17:42 | Minor comment fix. | |
|
10ad11ab | 2017-08-13 23:08:39 | Harmony CHANGES. | |
|
9f5783bb | 2017-08-13 09:40:18 | Minor. | |
|
b45043c4 | 2017-08-11 09:34:20 | [sfnt, truetype] Improve handling of missing sbits. Requested by Behdad. Modern bitmap-only SFNTs like `NotoColorEmoji.ttf' don't contain entries in the bitmap strike(s) for empty glyphs. Instead, they rely that a space glyph gets created from the font's metrics data. This commit makes FreeType behave accordingly. * include/freetype/fterrdef.h (FT_Err_Missing_Bitmap): New error code. * src/sfnt/ttsbit.c (tt_sbit_decoder_load_image): Change error codes to make a distinction between a missing bitmap in a composite and a simple missing bitmap. * src/truetype/ttgload.c (TT_Load_Glyph): For a missing bitmap (in a bitmap-only font), synthesize an empty bitmap glyph if metrics are available. | |
|
e77ee789 | 2017-08-11 07:11:43 | CHANGES: Minor update. | |
|
f2e121ab | 2017-08-10 12:56:50 | [base] Minor API improvement for default variation axis setting. * src/base/ftmm.c (FT_Set_MM_Design_Coordinates, FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Allow coords==NULL if num_coords==0. * docs/CHANGES: Updated. | |
|
c87fec02 | 2017-08-09 07:45:12 | [psnames] Really fix issue #49949. We now use a separate preprocessor macro to handle both definition and declaration of the glyph name arrays. * src/psnames/psmodule.c (DEFINE_PS_TABLE_DATA): New macro. * src/tools/glnames.py (StringTable::dump, StringTable::dump_sublist): Use `DEFINE_PS_TABLE_DATA'. (dump_encoding): Ditto. (main): Use `wb' mode for writing the output file, which works on Windows also. * src/psnames/pstables.h: Regenerated. | |
|
410f3799 | 2017-03-09 00:08:38 | [smooth] Harmony LCD rendering. This is a new technology for LCD-optimized rendering. It capitalizes on the fact that each color channel grid is shifted by a third of a pixel. Therefore it is logical to render 3 separate monochrome bitmaps shifting the outline by 1/3 pixel, and then combine them. Importantly, the resulting output does not require additional LCD filtering. * src/smooth/ftsmooth.c (ft_smooth_render_generic) [!FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Implement new LCD-optimized rendering. * include/freetype/ftlcdfil.h, include/freetype/freetype.h, include/freetype/config/ftoption.h, devel/ftoption.h: Updated documentation. | |
|
5710ef98 | 2017-08-08 22:00:35 | * src/smooth/ftsmooth.c (ft_smooth_render_generic): Clean up. | |
|
a9d8e90c | 2017-08-08 21:42:37 | * src/sftnt/ttpost.c (format): Use otspec-compliant versions. | |
|
986a21b7 | 2017-08-06 06:35:19 | CHANGES update suggested by Nikolaus. | |
|
17196b7c | 2017-08-05 18:58:34 | [truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2868 * src/truetype/ttinterp.c (Ins_ALIGNRP): Use NEG_LONG. | |
|
f43b3094 | 2017-08-05 18:22:17 | [base, truetype] New function `FT_Get_Var_Axis_Flags'. The reserved `flags' field got a value in OpenType version 1.8.2; unfortunately, the public `FT_Var_Axis' structure misses the corresponding element. Since we can't add a new field, we add an access function. * src/base/ftmm.c (FT_Get_Var_Axis_Flags): New function. * include/freetype/ftmm.h (FT_VAR_AXIS_FLAG_HIDDEN): New macro. Updated. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Increase allocated memory of `mmvar' to hold axis flags. Fill the axis flags array. * docs/CHANGES: Updated. | |
 |
24e256ab | 2017-08-04 08:25:31 | [truetype] Fix metrics of B/W hinting in v40 mode. Phantom points are now saved outside v40 backwards compatibility mode. This fixes the jumping glyphs when switching between v35 and v40 monochrome mode. * src/truetype/ttgload.c (TT_Hint_Glyph): Fix inversed bool logic. | |
|
7f44c2db | 2017-08-03 06:15:30 | [truetype] Do not set any ClearType flags in v40 monochrome mode. This fixes weird behavior of instructions that resulted in rendering differences between v35 and v40 in monochrome mode, e.g., in `timesbi.ttf'. * src/truetype/ttinterp.c (Ins_GETINFO) [TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Check `subpixel_hinting_lean'. | |
|
7e508242 | 2017-08-01 12:44:35 | * src/truetype/ttgxvar.c (TT_Get_MM_Var): Fix thinko. | |
|
e6b9b6ba | 2017-08-01 09:34:24 | Update CHANGES file. | |
|
55bbb98f | 2017-08-01 09:17:02 | [truetype] Fix loading of named instances. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Preserve file position while loading the `avar' table. | |
|
ce367774 | 2017-08-01 08:24:51 | [sfnt, truetype] Minor adjustments for OpenType 1.8.2. * src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now (tighter) limits. * src/truetype/ttgload.c (load_truetype_glyph): The new OpenType version explicitly allows all negative values for the number of contours if we have a composite glyph (this is for better backwards compatibility I guess), but it still recommends value -1. | |
|
933f4cbe | 2017-07-26 23:32:32 | [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738 * src/cff/cf2hints.c (cf2_glyphpath_computeOffset, cf2_glyphpath_curveTo): Use ADD_INT32. | |
|
38bdf22b | 2017-07-13 10:28:09 | [truetype] Improve code comment. | |
|
fe0a7d9d | 2017-07-13 10:25:42 | [base] Fix memory leak. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738362 * src/base/ftglyph.c (FT_Get_Glyph): Do proper deallocation in case of error. | |
|
134de096 | 2017-07-12 22:16:37 | [base] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2573 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use FT_PIX_CEIL_LONG and FT_PIX_ROUND_LONG. | |
|
b5cab5c9 | 2017-07-12 21:58:35 | Document how to scale manually. | |
|
229a5535 | 2017-07-12 10:48:41 | CHANGES: Add information on global metrics rounding. I missed to add this important information. | |
|
3d083fc2 | 2017-07-12 00:24:48 | * src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo. Also improve tracing message. Problem reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738919 | |
 |
39af82eb | 2017-07-11 01:53:01 | Changelog: typo, chromium issue id is 2276 instead of 2278 Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net> | |
|
9ea83c78 | 2017-07-07 17:09:43 | [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2517 * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32. | |
|
762de5e2 | 2017-07-06 22:31:57 | Tweak suggested use of `lsb_delta' and `rsb_delta'. | |
|
cf8d9b4c | 2017-07-05 23:07:01 | * src/sfnt/ttcmap.c (tt_cmap_unicode_class_rec): Fix warning. | |
|
4261e497 | 2017-07-05 23:00:23 | * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Fix warning (#51395). | |
|
1c85479d | 2017-07-04 08:08:54 | [truetype] Prevent address overflow (#51365). * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard. | |
|
c56d8851 | 2017-07-03 22:49:07 | * src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code. | |
|
ca799e9b | 2017-07-03 06:27:52 | [truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455 * src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG. | |
|
abeb28f1 | 2017-07-01 16:48:32 | * src/sfnt/sfobjs.c (sfnt_load_face): Ignore No_Unicode_Glyph_Name. | |
 |
7819aeb6 | 2017-06-28 22:57:41 | Avoid Microsoft compiler warnings (#51331). While clang's sanitizer recommends a cast to unsigned for safe negation (to handle -INT_MIN), both MSVC and Visualc emit warning C4146 if an unsigned value gets negated. * include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32), src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a subtraction. | |
|
2e7bb5e8 | 2017-06-27 16:56:38 | * src/cff/cffparse.c (do_fixed): Fix typo. Spotted by chris <chris@gcjd.org>. | |
|
dde8f5ab | 2017-06-27 06:16:04 | [truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391 * src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use NEG_LONG. * src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG. | |
|
b27cef27 | 2017-06-24 20:17:46 | [truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364 * src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG. | |
|
298e2ea5 | 2017-06-22 11:52:43 | [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328 * src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and SUB_INT32. * src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG. | |
|
75cb071b | 2017-06-21 22:52:37 | [sfnt] Synthesize a Unicode charmap if one is missing. * src/sfnt/ttcmap.h (tt_cmap_unicode_class_rec): Declare it. * src/sfnt/ttcmap.c (tt_get_glyph_name, tt_cmap_unicode_init, tt_cmap_unicode_done, tt_cmap_unicode_char_index, tt_cmap_unicode_char_next, tt_cmap_unicode_class_rec): Implement synthetic Unicode charmap class. (tt_get_cmap_info): Make sure the callback is available. * src/sfnt/sfobjs.c (sfnt_load_face) [FT_CONFIG_OPTION_POSTSCRIPT_NAMES]: If Unicode charmap is missing, synthesize one. * include/freetype/config/ftoption.h: Document it. * devel/ftoption.h: Ditto. | |
|
390048fa | 2017-06-20 18:03:20 | Remove deprecated comment. | |
 |
c8829e4b | 2017-06-20 12:24:05 | Fix pkg-config in freetype-config for cross-compiling (#51274). * builds/unix/unix-def.in (PKG_CONFIG): New variable. (freetype-config): Use it in sed expression. * builds/unix/freetype-config.in: s/pkg-config/%PKG_CONFIG%/. | |
|
8c763fb1 | 2017-06-20 07:49:52 | [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313 * src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32. * src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS. | |
|
7b727833 | 2017-06-17 23:28:14 | [base, smooth] LCD filtering cleanups. * src/base/ftlcdlil.c (ft_lcd_filter_fir, _ft_lcd_filter_legacy): Clean up, start filtering from the bottom-left origin. * src/smooth/ftsmooth.c (ft_smooth_render_generic): Updated. | |
|
4dc00cf5 | 2017-06-16 13:33:09 | [truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278 * src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use ADD_LONG and SUB_LONG. | |
|
dbeb7bce | 2017-06-15 19:39:50 | [bdf, cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2244 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2261 * src/bdf/bdfdrivr.c (BDF_Face_Init): Replace calls to FT_ABS with direct code to avoid value negation. * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32 and ADD_INT32. | |
|
79e3789f | 2017-06-14 07:51:04 | * src/winfonts/winfnt.c (FNT_Face_Init): Don't set active encoding. FreeType only sets a default active encoding for Unicode. | |
|
5c402d97 | 2017-06-13 06:56:48 | [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218 * src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32. * src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG. | |
|
3ed3a961 | 2017-06-11 13:50:37 | [cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210 * src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and ADD_INT32. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use ADD_INT32. | |
|
5f2a72cb | 2017-06-10 11:29:24 | [truetype] Fix TT_Set_Var_Design. Reported by Nikolaus Waxweiler <madigens@gmail.com>. * src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the case where we have less input coordinates than axes. | |
|
2c4fba9c | 2017-06-10 11:03:41 | * src/base/ftcalc.c (FT_DivFix): Fix embarrassing typo. Bug introduced 2017-05-28. | |
|
9038837e | 2017-06-09 20:42:46 | [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186 * src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32. * src/truetype/ttinterp.c (Round_None, Round_To_Grid, Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid, Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG, SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG, FT_PAD_ROUND_LONG (Ins_SxVTL, Ins_MIRP): Use SUB_LONG. (_iup_worker_shift): Use SUB_LONG and ADD_LONG. | |
|
96d26926 | 2017-06-09 20:34:28 | Provide more macros for flooring, ceiling, and rounding. These versions don't produce run-time errors due to integer overflow. * include/freetype/internal/ftobjs.h: Include FT_INTERNAL_CALC_H. (FT_PAD_ROUND_LONG, FT_PAD_CEIL_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG): New macros. (FT_PAD_ROUND_INT32, FT_PAD_CEIL_INT32, FT_PIX_ROUND_INT32, FT_PIX_CEIL_INT32): New macros. | |
|
faf34d29 | 2017-06-09 20:31:24 | Remove unused macros. * include/freetype/internal/ftcalc.h (ADD_INT, SUB_INT, MUL_INT, NEG_INT): Deleted. | |
|
dcd8de27 | 2017-06-09 11:21:58 | */*: Remove `OVERFLOW_' prefix. This increases readability. | |
|
7bffeacd | 2017-06-07 17:08:01 | [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137 * src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use OVERFLOW_SUB_LONG. | |
|
24848a3d | 2017-06-06 12:05:04 | [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32. * src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else branches. | |
|
86670429 | 2017-06-05 06:20:53 | [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2089 * src/cff/cffload.c (cff_blend_doBlend): User OVERFLOW_ADD_INT32. | |
|
9fa8a299 | 2017-06-04 20:43:08 | [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088 * src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32. * src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG, OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG. | |
|
addb2ddd | 2017-06-03 21:05:42 | [base, cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG. * src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32. * src/truetype/ttgload.c (compute_glyph_metrics): User OVERFLOW_SUB_LONG. * src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig, Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X, Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG. | |
|
c9a9cf59 | 2017-06-03 09:41:50 | * builds/unix/freetype-config.in: Fix pkg-config test (#51162). Patch directly taken from bug report. | |
|
2c2e6403 | 2017-06-03 07:38:11 | [bdf] Synchronize sanity checks with pcf driver. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2054 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2058 * src/bdf/bdfdrivr.c (BDF_Face_Init): Check font ascent and descent. Check AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y properties. | |
|
1ea34322 | 2017-06-03 06:52:13 | [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057 * src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG. (Ins_SUB): Use OVERFLOW_SUB_LONG. (Ins_NEG): Use NEG_LONG. | |
|
c5a22541 | 2017-06-03 06:13:10 | ftcalc.h: Avoid left-shift of negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication. | |
|
0716c6ab | 2017-06-02 19:24:03 | [cff] Even more integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2046 * src/cff/cf2intrp.c (cf2_doStems, cf2_interpT2CharString): Use OVERFLOW_ADD_INT32. | |
|
7a4276fb | 2017-06-02 09:21:37 | [cff] More integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32. | |
|
03b0cc2e | 2017-06-02 09:16:52 | [bdf] Don't left-shift negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2031 * src/bdf/bdfdrivr.c (BDF_Face_Init): Use multiplication. | |
|
47a03e9b | 2017-06-02 09:06:36 | [bdf] Fix integer scanning routines. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2029 * src/bdf/bdflib.c (_bdf_atoul, _bdf_atol, _bdf_atous, _bdf_atos): Stop scanning if result would overflow. | |
|
3802ca8b | 2017-06-02 08:44:20 | [cff] Fix integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028 * src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c (cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32. | |
|
cd02d359 | 2017-06-01 17:05:39 | [smooth] Some 32bit integer overflow run-time errors. * src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG, OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros. [!STANDALONE]: Include FT_INTERNAL_CALC_H. (gray_render_cubic): Use those macros where appropriate. | |
|
a607e391 | 2017-06-01 17:03:07 | Minor comment. | |
|
0ad32623 | 2017-06-01 17:00:37 | * src/base/ftglyph.c (FT_Get_Glyph): Check `slot->advance'. | |
|
4a1f1a6d | 2017-06-01 13:15:54 | [psaux] 32bit integer overflow tun-time errors (#46149). * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where appropriate. | |
|
8d435c46 | 2017-06-01 07:09:44 | * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. Problem reported by Marek Kašík <mkasik@redhat.com>. The problematic font that exceeds the old limit is Padauk-Bold, version 3.002, containing bytecode generated by a buggy version of ttfautohint. | |
|
e66d7300 | 2017-05-31 16:16:50 | [cff] 32bit integer overflow run-time errors 2/2 (#46149). This commit handles the new engine. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG, NEG_INT32): New macros. * src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32. * src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init, cf2_hintmap_map, cf2_glyphpath_hintPoint, cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset, cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and NEG_INT32 where appropriate. * src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend, cf2_interpT2CharString): Ditto. Also add some other code where needed to avoid overflow. | |
|
9b710cd5 | 2017-05-30 22:35:41 | [cff] 32bit integer overflow run-time errors 1/2 (#46149). This commit handles the old engine. * src/cff/cffgload.c: Include FT_INTERNAL_CALC_H. (cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where needed. * src/cff/cffparse.c: Include FT_INTERNAL_CALC_H. (power_ten_limits): New static array. (do_fixed): Use it to prevent multiplication overflow. (cff_parser_run): Use OVERFLOW_ADD_LONG. | |
|
0e7b9f86 | 2017-05-30 22:22:19 | [psaux] Correctly handle sequences of multiple number signs. * src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed): Return zero if we encounter more than a single sign. | |
|
f0146329 | 2017-05-29 21:04:27 | [pcf] 32bit integer overflow run-time errors (#46149). * src/pcf/pcfread.c (pcf_get_accel): Add sanity checks for `fontAscent' and `fontDescent'. (pcf_load_font): Add sanity checks for global height. Add sanity checks for AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y properties. | |
|
fbe2fe4c | 2017-05-29 13:29:28 | Handle some integer overflow run-time errors (#46149, #48979). This commit (mainly for 32bit CPUs) is the first of a series of similar commits to handle known integer overflows. Basically, all of them are harmless, since they affect rendering of glyphs only, not posing security threats. It is expected that fuzzying will show up more overflows, to be fixed in due course. The idea is to mark places where overflows can occur, using macros that simply cast to unsigned integers, because overflow arithmetic is well defined in this case. Doing so suppresses run-time errors of sanitizers without adding computational overhead. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT, OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG, OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros. * src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply, FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled, ft_corner_orientation): Use new macros. * src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros. | |
|
9d04fa70 | 2017-05-28 07:57:24 | * include/freetype/internal/ftcalc.h (FLOAT_TO_FIXED): Remove. This macro is not used. |