kmx git

Commit	Date	Message
21658c31	2017-09-12T15:59:18	[autofit, sfnt] Fix for `make multi'. * src/autofit/afshaper.c: Include FT_ADVANCE_H, to use FT_Get_Advance() in it. * src/sfnt/ttcmap.c: Include FT_SERVICE_POSTSCRIPT_CMAPS_H to use PS_Unicodes in it, also include `ttpost.h' to use tt_face_get_ps_name() in it.
babe13ec	2017-09-11T10:47:29	[build] Improve builds with different MS Visual Studio versions. * builds/windows/vc2010/freetype.vcxproj: Switch platform toolset according to the Visual Studio version.
3e4b7997	2017-09-11T08:51:44	* src/sfnt/ttkern.c (tt_face_load_kern): Reject format 2 tables. Reported by Behdad.
d1b6c6e2	2017-09-10T22:35:21	Typo.
0683f0df	2017-09-09T13:01:11	Warping CHANGES.
0ab2b62d	2017-09-09T08:08:47	[autofit] Improve communication with ftgrid. * src/autofit/afhints.c (af_glyph_hints_get_segment_offset): Provide values in font units.
e2e56f9d	2017-09-09T06:31:03	Officially announce end of 16bit compiler support.
33b390a6	2017-09-08T21:34:47	Warping documentation updates.
3ef59e59	2017-09-09T01:28:24	[base] Remove a check for resource ID in the resource fork driver. LastResort.dfont has a marginal resource ID 0xFFFF for sfnt resource. Inside Macintosh: More Macintosh Toolbox, `Resource IDs' (1-46), tells that some IDs are reserved and should not be used. FreeType2 just uses resource ID to sort the fragmented resource. To accept the marginal fonts, the checking is removed. * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Remove res_id validity check, fix a trace message format.
71f66180	2017-09-09T01:05:44	ChangeLog for last commit.
5c4e40d7	2017-09-09T00:59:33	[sfnt, truetype] Register the tags for marginal fonts. The first 32bit of standard TrueType variants is 0x00010000, `OTTO', `ttcf', `true' or `typ1'. 2 marginal dfonts on legacy Mac OS X, Keyboard.dfont and LastResort.dfont, have the sfnt resources starting 0xA5 followed by `kbd' or `lst'. Considering the following data could be parsed as conventional TrueType fonts, the header checking is updated to allow these tags. It seems that recent Mac OS X has already switched to normal TTF for these fonts. See the discussion at http://u88.n24.queensu.ca/exiftool/forum/index.php?topic=3931.0 * include/freetype/tttags.h (TTAG_0xA5kbd, TTAG_0xA5lst): New header tags for Keyboard.dfont and LastResort.dfont. * src/sfnt/sfobjs.c (sfnt_open_font): Accept the sfnt resource starts with TTAG_0xA5kbd or TTAG_0xA5lst. * src/truetype/ttobjs.c (tt_face_init): Accept the face with the format tag is TTAG_0xA5kbd or TTAG_0xA5lst.
22a7f5b8	2017-09-07T22:36:02	Branding fixes.
e0b480d1	2017-09-06T21:21:14	s/ /~/
a3dd6d99	2017-09-05T23:02:04	Fix multiple calls of `FT_Bitmap_Convert'. The documentation of `FT_Bitmap_Convert' says that multiple calls do proper reallocation of the target FT_Bitmap object. However, this failed for the sequence non-empty bitmap empty bitmap non-empty bitmap Reason was that `FT_Bitmap_Convert' only reallocated the bitmap buffer if it became too small; it didn't make the buffer smaller. For an empty bitmap following a non-empty one, only the buffer dimension got set to zero, without deallocation. If the next call was a non-empty buffer again, an assertion in `ft_mem_qrealloc' was triggered. * src/base/ftbitmap.c (FT_Bitmap_Convert): Always reallocate target buffer to the correct size. * docs/CHANGES: Document it.
7d017ba8	2017-09-05T15:28:21	[bdf] Fix size and resolution handling. * src/bdf/bdfdrivr.c (BDF_Face_Init): Use `SIZE' values if `POINT_SIZE', `RESOLUTION_X', or `RESOLUTION_Y' properties are missing. * docs/CHANGES: Document it.
f0898b92	2017-08-25T21:40:01	Swap `ALLOC_MULT' arguments (#51833). * src/base/ftbitmap.c (ft_bitmap_assure_buffer): Updated. * src/winfonts/winfnt.c (FNT_Load_Glyph): Updated. * src/raster/ftrend1.c (ft_raster1_render): Updated.
587264cf	2017-08-23T09:14:14	Typo.
e1d0249e	2017-08-23T08:18:22	[sfnt] Fix clang compilation (#51788). * src/sfnt/pngshim.c (premultiply_data): Use vectors instead of scalars. (vector_shuffle): New macro to take of a different built-in function name on clang.
bd28952e	2017-08-22T08:41:03	[base] Don't zero out allocated memory twice (#51816). Patch applied from bug report. * src/base/ftutil.c (ft_mem_qrealloc): Use low-level allocation to avoid unnecessary overhead.
0aca17cf	2017-08-22T08:25:14	[truetype] Integer overflow. Changes triggered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3107 * src/truetype/ttinterp.c (Ins_MDRP, Ins_MIRP, Ins_ALIGNPTS): Use NEG_LONG.
7653c765	2017-08-17T21:28:32	[sfnt] Avoid synthetic unicode for symbol fonts with PUA. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=754574 * src/sfnt/sfobjs.c (sfnt_load_face): Check for FT_ENCODING_MS_SYMBOL.
cadd29de	2017-08-16T13:32:17	* src/sfnt/pngshim.c (premultiply_data): Fix compiler warnings.
c9d7c03f	2017-08-15T08:48:17	[sfnt] Speed up PNG image loading. This reduces the overhead of `premultiply_data' by 60%. * src/sfnt/pngshim.c (premultiply_data): Provide code which uses gcc's (and clang's) `vector_byte' attribute to process 4 pixels at a time.
f53ccf6f	2017-08-15T07:17:42	Minor comment fix.
10ad11ab	2017-08-13T23:08:39	Harmony CHANGES.
9f5783bb	2017-08-13T09:40:18	Minor.
b45043c4	2017-08-11T09:34:20	[sfnt, truetype] Improve handling of missing sbits. Requested by Behdad. Modern bitmap-only SFNTs like `NotoColorEmoji.ttf' don't contain entries in the bitmap strike(s) for empty glyphs. Instead, they rely that a space glyph gets created from the font's metrics data. This commit makes FreeType behave accordingly. * include/freetype/fterrdef.h (FT_Err_Missing_Bitmap): New error code. * src/sfnt/ttsbit.c (tt_sbit_decoder_load_image): Change error codes to make a distinction between a missing bitmap in a composite and a simple missing bitmap. * src/truetype/ttgload.c (TT_Load_Glyph): For a missing bitmap (in a bitmap-only font), synthesize an empty bitmap glyph if metrics are available.
e77ee789	2017-08-11T07:11:43	CHANGES: Minor update.
f2e121ab	2017-08-10T12:56:50	[base] Minor API improvement for default variation axis setting. * src/base/ftmm.c (FT_Set_MM_Design_Coordinates, FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Allow coords==NULL if num_coords==0. * docs/CHANGES: Updated.
c87fec02	2017-08-09T07:45:12	[psnames] Really fix issue #49949. We now use a separate preprocessor macro to handle both definition and declaration of the glyph name arrays. * src/psnames/psmodule.c (DEFINE_PS_TABLE_DATA): New macro. * src/tools/glnames.py (StringTable::dump, StringTable::dump_sublist): Use `DEFINE_PS_TABLE_DATA'. (dump_encoding): Ditto. (main): Use `wb' mode for writing the output file, which works on Windows also. * src/psnames/pstables.h: Regenerated.
410f3799	2017-03-09T00:08:38	[smooth] Harmony LCD rendering. This is a new technology for LCD-optimized rendering. It capitalizes on the fact that each color channel grid is shifted by a third of a pixel. Therefore it is logical to render 3 separate monochrome bitmaps shifting the outline by 1/3 pixel, and then combine them. Importantly, the resulting output does not require additional LCD filtering. * src/smooth/ftsmooth.c (ft_smooth_render_generic) [!FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Implement new LCD-optimized rendering. * include/freetype/ftlcdfil.h, include/freetype/freetype.h, include/freetype/config/ftoption.h, devel/ftoption.h: Updated documentation.
5710ef98	2017-08-08T22:00:35	* src/smooth/ftsmooth.c (ft_smooth_render_generic): Clean up.
a9d8e90c	2017-08-08T21:42:37	* src/sftnt/ttpost.c (format): Use otspec-compliant versions.
986a21b7	2017-08-06T06:35:19	CHANGES update suggested by Nikolaus.
17196b7c	2017-08-05T18:58:34	[truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2868 * src/truetype/ttinterp.c (Ins_ALIGNRP): Use NEG_LONG.
f43b3094	2017-08-05T18:22:17	[base, truetype] New function `FT_Get_Var_Axis_Flags'. The reserved `flags' field got a value in OpenType version 1.8.2; unfortunately, the public `FT_Var_Axis' structure misses the corresponding element. Since we can't add a new field, we add an access function. * src/base/ftmm.c (FT_Get_Var_Axis_Flags): New function. * include/freetype/ftmm.h (FT_VAR_AXIS_FLAG_HIDDEN): New macro. Updated. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Increase allocated memory of `mmvar' to hold axis flags. Fill the axis flags array. * docs/CHANGES: Updated.
24e256ab	2017-08-04T08:25:31	[truetype] Fix metrics of B/W hinting in v40 mode. Phantom points are now saved outside v40 backwards compatibility mode. This fixes the jumping glyphs when switching between v35 and v40 monochrome mode. * src/truetype/ttgload.c (TT_Hint_Glyph): Fix inversed bool logic.
7f44c2db	2017-08-03T06:15:30	[truetype] Do not set any ClearType flags in v40 monochrome mode. This fixes weird behavior of instructions that resulted in rendering differences between v35 and v40 in monochrome mode, e.g., in `timesbi.ttf'. * src/truetype/ttinterp.c (Ins_GETINFO) [TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Check `subpixel_hinting_lean'.
7e508242	2017-08-01T12:44:35	* src/truetype/ttgxvar.c (TT_Get_MM_Var): Fix thinko.
e6b9b6ba	2017-08-01T09:34:24	Update CHANGES file.
55bbb98f	2017-08-01T09:17:02	[truetype] Fix loading of named instances. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Preserve file position while loading the `avar' table.
ce367774	2017-08-01T08:24:51	[sfnt, truetype] Minor adjustments for OpenType 1.8.2. * src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now (tighter) limits. * src/truetype/ttgload.c (load_truetype_glyph): The new OpenType version explicitly allows all negative values for the number of contours if we have a composite glyph (this is for better backwards compatibility I guess), but it still recommends value -1.
933f4cbe	2017-07-26T23:32:32	[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738 * src/cff/cf2hints.c (cf2_glyphpath_computeOffset, cf2_glyphpath_curveTo): Use ADD_INT32.
38bdf22b	2017-07-13T10:28:09	[truetype] Improve code comment.
fe0a7d9d	2017-07-13T10:25:42	[base] Fix memory leak. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738362 * src/base/ftglyph.c (FT_Get_Glyph): Do proper deallocation in case of error.
134de096	2017-07-12T22:16:37	[base] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2573 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use FT_PIX_CEIL_LONG and FT_PIX_ROUND_LONG.
b5cab5c9	2017-07-12T21:58:35	Document how to scale manually.
229a5535	2017-07-12T10:48:41	CHANGES: Add information on global metrics rounding. I missed to add this important information.
3d083fc2	2017-07-12T00:24:48	* src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo. Also improve tracing message. Problem reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738919
39af82eb	2017-07-11T01:53:01	Changelog: typo, chromium issue id is 2276 instead of 2278 Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>
9ea83c78	2017-07-07T17:09:43	[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2517 * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32.
762de5e2	2017-07-06T22:31:57	Tweak suggested use of `lsb_delta' and `rsb_delta'.
cf8d9b4c	2017-07-05T23:07:01	* src/sfnt/ttcmap.c (tt_cmap_unicode_class_rec): Fix warning.
4261e497	2017-07-05T23:00:23	* src/truetype/ttgxvar.c (FT_Stream_SeekSet): Fix warning (#51395).
1c85479d	2017-07-04T08:08:54	[truetype] Prevent address overflow (#51365). * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.
c56d8851	2017-07-03T22:49:07	* src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code.
ca799e9b	2017-07-03T06:27:52	[truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455 * src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG.
abeb28f1	2017-07-01T16:48:32	* src/sfnt/sfobjs.c (sfnt_load_face): Ignore No_Unicode_Glyph_Name.
7819aeb6	2017-06-28T22:57:41	Avoid Microsoft compiler warnings (#51331). While clang's sanitizer recommends a cast to unsigned for safe negation (to handle -INT_MIN), both MSVC and Visualc emit warning C4146 if an unsigned value gets negated. * include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32), src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a subtraction.
2e7bb5e8	2017-06-27T16:56:38	* src/cff/cffparse.c (do_fixed): Fix typo. Spotted by chris <chris@gcjd.org>.
dde8f5ab	2017-06-27T06:16:04	[truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391 * src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use NEG_LONG. * src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG.
b27cef27	2017-06-24T20:17:46	[truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364 * src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG.
298e2ea5	2017-06-22T11:52:43	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328 * src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and SUB_INT32. * src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG.
75cb071b	2017-06-21T22:52:37	[sfnt] Synthesize a Unicode charmap if one is missing. * src/sfnt/ttcmap.h (tt_cmap_unicode_class_rec): Declare it. * src/sfnt/ttcmap.c (tt_get_glyph_name, tt_cmap_unicode_init, tt_cmap_unicode_done, tt_cmap_unicode_char_index, tt_cmap_unicode_char_next, tt_cmap_unicode_class_rec): Implement synthetic Unicode charmap class. (tt_get_cmap_info): Make sure the callback is available. * src/sfnt/sfobjs.c (sfnt_load_face) [FT_CONFIG_OPTION_POSTSCRIPT_NAMES]: If Unicode charmap is missing, synthesize one. * include/freetype/config/ftoption.h: Document it. * devel/ftoption.h: Ditto.
390048fa	2017-06-20T18:03:20	Remove deprecated comment.
c8829e4b	2017-06-20T12:24:05	Fix pkg-config in freetype-config for cross-compiling (#51274). * builds/unix/unix-def.in (PKG_CONFIG): New variable. (freetype-config): Use it in sed expression. * builds/unix/freetype-config.in: s/pkg-config/%PKG_CONFIG%/.
8c763fb1	2017-06-20T07:49:52	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313 * src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32. * src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
7b727833	2017-06-17T23:28:14	[base, smooth] LCD filtering cleanups. * src/base/ftlcdlil.c (ft_lcd_filter_fir, _ft_lcd_filter_legacy): Clean up, start filtering from the bottom-left origin. * src/smooth/ftsmooth.c (ft_smooth_render_generic): Updated.
4dc00cf5	2017-06-16T13:33:09	[truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278 * src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use ADD_LONG and SUB_LONG.
dbeb7bce	2017-06-15T19:39:50	[bdf, cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2244 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2261 * src/bdf/bdfdrivr.c (BDF_Face_Init): Replace calls to FT_ABS with direct code to avoid value negation. * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32 and ADD_INT32.
79e3789f	2017-06-14T07:51:04	* src/winfonts/winfnt.c (FNT_Face_Init): Don't set active encoding. FreeType only sets a default active encoding for Unicode.
5c402d97	2017-06-13T06:56:48	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218 * src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32. * src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.
3ed3a961	2017-06-11T13:50:37	[cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210 * src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and ADD_INT32. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use ADD_INT32.
5f2a72cb	2017-06-10T11:29:24	[truetype] Fix TT_Set_Var_Design. Reported by Nikolaus Waxweiler <madigens@gmail.com>. * src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the case where we have less input coordinates than axes.
2c4fba9c	2017-06-10T11:03:41	* src/base/ftcalc.c (FT_DivFix): Fix embarrassing typo. Bug introduced 2017-05-28.
9038837e	2017-06-09T20:42:46	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186 * src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32. * src/truetype/ttinterp.c (Round_None, Round_To_Grid, Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid, Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG, SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG, FT_PAD_ROUND_LONG (Ins_SxVTL, Ins_MIRP): Use SUB_LONG. (_iup_worker_shift): Use SUB_LONG and ADD_LONG.
96d26926	2017-06-09T20:34:28	Provide more macros for flooring, ceiling, and rounding. These versions don't produce run-time errors due to integer overflow. * include/freetype/internal/ftobjs.h: Include FT_INTERNAL_CALC_H. (FT_PAD_ROUND_LONG, FT_PAD_CEIL_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG): New macros. (FT_PAD_ROUND_INT32, FT_PAD_CEIL_INT32, FT_PIX_ROUND_INT32, FT_PIX_CEIL_INT32): New macros.
faf34d29	2017-06-09T20:31:24	Remove unused macros. * include/freetype/internal/ftcalc.h (ADD_INT, SUB_INT, MUL_INT, NEG_INT): Deleted.
dcd8de27	2017-06-09T11:21:58	/: Remove `OVERFLOW_' prefix. This increases readability.
7bffeacd	2017-06-07T17:08:01	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137 * src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use OVERFLOW_SUB_LONG.
24848a3d	2017-06-06T12:05:04	[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32. * src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else branches.
86670429	2017-06-05T06:20:53	[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2089 * src/cff/cffload.c (cff_blend_doBlend): User OVERFLOW_ADD_INT32.
9fa8a299	2017-06-04T20:43:08	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088 * src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32. * src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG, OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.
addb2ddd	2017-06-03T21:05:42	[base, cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG. * src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32. * src/truetype/ttgload.c (compute_glyph_metrics): User OVERFLOW_SUB_LONG. * src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig, Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X, Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
c9a9cf59	2017-06-03T09:41:50	* builds/unix/freetype-config.in: Fix pkg-config test (#51162). Patch directly taken from bug report.
2c2e6403	2017-06-03T07:38:11	[bdf] Synchronize sanity checks with pcf driver. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2054 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2058 * src/bdf/bdfdrivr.c (BDF_Face_Init): Check font ascent and descent. Check AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y properties.
1ea34322	2017-06-03T06:52:13	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057 * src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG. (Ins_SUB): Use OVERFLOW_SUB_LONG. (Ins_NEG): Use NEG_LONG.
c5a22541	2017-06-03T06:13:10	ftcalc.h: Avoid left-shift of negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
0716c6ab	2017-06-02T19:24:03	[cff] Even more integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2046 * src/cff/cf2intrp.c (cf2_doStems, cf2_interpT2CharString): Use OVERFLOW_ADD_INT32.
7a4276fb	2017-06-02T09:21:37	[cff] More integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
03b0cc2e	2017-06-02T09:16:52	[bdf] Don't left-shift negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2031 * src/bdf/bdfdrivr.c (BDF_Face_Init): Use multiplication.
47a03e9b	2017-06-02T09:06:36	[bdf] Fix integer scanning routines. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2029 * src/bdf/bdflib.c (_bdf_atoul, _bdf_atol, _bdf_atous, _bdf_atos): Stop scanning if result would overflow.
3802ca8b	2017-06-02T08:44:20	[cff] Fix integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028 * src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c (cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32.
cd02d359	2017-06-01T17:05:39	[smooth] Some 32bit integer overflow run-time errors. * src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG, OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros. [!STANDALONE]: Include FT_INTERNAL_CALC_H. (gray_render_cubic): Use those macros where appropriate.
a607e391	2017-06-01T17:03:07	Minor comment.
0ad32623	2017-06-01T17:00:37	* src/base/ftglyph.c (FT_Get_Glyph): Check `slot->advance'.
4a1f1a6d	2017-06-01T13:15:54	[psaux] 32bit integer overflow tun-time errors (#46149). * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where appropriate.
8d435c46	2017-06-01T07:09:44	* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. Problem reported by Marek Kašík <mkasik@redhat.com>. The problematic font that exceeds the old limit is Padauk-Bold, version 3.002, containing bytecode generated by a buggy version of ttfautohint.
e66d7300	2017-05-31T16:16:50	[cff] 32bit integer overflow run-time errors 2/2 (#46149). This commit handles the new engine. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG, NEG_INT32): New macros. * src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32. * src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init, cf2_hintmap_map, cf2_glyphpath_hintPoint, cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset, cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and NEG_INT32 where appropriate. * src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend, cf2_interpT2CharString): Ditto. Also add some other code where needed to avoid overflow.
9b710cd5	2017-05-30T22:35:41	[cff] 32bit integer overflow run-time errors 1/2 (#46149). This commit handles the old engine. * src/cff/cffgload.c: Include FT_INTERNAL_CALC_H. (cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where needed. * src/cff/cffparse.c: Include FT_INTERNAL_CALC_H. (power_ten_limits): New static array. (do_fixed): Use it to prevent multiplication overflow. (cff_parser_run): Use OVERFLOW_ADD_LONG.

21658c31

2017-09-12T15:59:18

[autofit, sfnt] Fix for `make multi'. * src/autofit/afshaper.c: Include FT_ADVANCE_H, to use FT_Get_Advance() in it. * src/sfnt/ttcmap.c: Include FT_SERVICE_POSTSCRIPT_CMAPS_H to use PS_Unicodes in it, also include `ttpost.h' to use tt_face_get_ps_name() in it.

babe13ec

2017-09-11T10:47:29

[build] Improve builds with different MS Visual Studio versions. * builds/windows/vc2010/freetype.vcxproj: Switch platform toolset according to the Visual Studio version.

3e4b7997

2017-09-11T08:51:44

* src/sfnt/ttkern.c (tt_face_load_kern): Reject format 2 tables. Reported by Behdad.

d1b6c6e2

2017-09-10T22:35:21

Typo.

0683f0df

2017-09-09T13:01:11

Warping CHANGES.

0ab2b62d

2017-09-09T08:08:47

[autofit] Improve communication with ftgrid. * src/autofit/afhints.c (af_glyph_hints_get_segment_offset): Provide values in font units.

e2e56f9d

2017-09-09T06:31:03

Officially announce end of 16bit compiler support.

33b390a6

2017-09-08T21:34:47

Warping documentation updates.

3ef59e59

2017-09-09T01:28:24

[base] Remove a check for resource ID in the resource fork driver. LastResort.dfont has a marginal resource ID 0xFFFF for sfnt resource. Inside Macintosh: More Macintosh Toolbox, `Resource IDs' (1-46), tells that some IDs are reserved and should not be used. FreeType2 just uses resource ID to sort the fragmented resource. To accept the marginal fonts, the checking is removed. * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Remove res_id validity check, fix a trace message format.

71f66180

2017-09-09T01:05:44

ChangeLog for last commit.

5c4e40d7

2017-09-09T00:59:33

[sfnt, truetype] Register the tags for marginal fonts. The first 32bit of standard TrueType variants is 0x00010000, `OTTO', `ttcf', `true' or `typ1'. 2 marginal dfonts on legacy Mac OS X, Keyboard.dfont and LastResort.dfont, have the sfnt resources starting 0xA5 followed by `kbd' or `lst'. Considering the following data could be parsed as conventional TrueType fonts, the header checking is updated to allow these tags. It seems that recent Mac OS X has already switched to normal TTF for these fonts. See the discussion at http://u88.n24.queensu.ca/exiftool/forum/index.php?topic=3931.0 * include/freetype/tttags.h (TTAG_0xA5kbd, TTAG_0xA5lst): New header tags for Keyboard.dfont and LastResort.dfont. * src/sfnt/sfobjs.c (sfnt_open_font): Accept the sfnt resource starts with TTAG_0xA5kbd or TTAG_0xA5lst. * src/truetype/ttobjs.c (tt_face_init): Accept the face with the format tag is TTAG_0xA5kbd or TTAG_0xA5lst.

22a7f5b8

2017-09-07T22:36:02

Branding fixes.

e0b480d1

2017-09-06T21:21:14

s/ /~/

a3dd6d99

2017-09-05T23:02:04

Fix multiple calls of `FT_Bitmap_Convert'. The documentation of `FT_Bitmap_Convert' says that multiple calls do proper reallocation of the target FT_Bitmap object. However, this failed for the sequence non-empty bitmap empty bitmap non-empty bitmap Reason was that `FT_Bitmap_Convert' only reallocated the bitmap buffer if it became too small; it didn't make the buffer smaller. For an empty bitmap following a non-empty one, only the buffer dimension got set to zero, without deallocation. If the next call was a non-empty buffer again, an assertion in `ft_mem_qrealloc' was triggered. * src/base/ftbitmap.c (FT_Bitmap_Convert): Always reallocate target buffer to the correct size. * docs/CHANGES: Document it.

7d017ba8

2017-09-05T15:28:21

[bdf] Fix size and resolution handling. * src/bdf/bdfdrivr.c (BDF_Face_Init): Use `SIZE' values if `POINT_SIZE', `RESOLUTION_X', or `RESOLUTION_Y' properties are missing. * docs/CHANGES: Document it.

f0898b92

2017-08-25T21:40:01

Swap `ALLOC_MULT' arguments (#51833). * src/base/ftbitmap.c (ft_bitmap_assure_buffer): Updated. * src/winfonts/winfnt.c (FNT_Load_Glyph): Updated. * src/raster/ftrend1.c (ft_raster1_render): Updated.

587264cf

2017-08-23T09:14:14

Typo.

e1d0249e

2017-08-23T08:18:22

[sfnt] Fix clang compilation (#51788). * src/sfnt/pngshim.c (premultiply_data): Use vectors instead of scalars. (vector_shuffle): New macro to take of a different built-in function name on clang.

bd28952e

2017-08-22T08:41:03

[base] Don't zero out allocated memory twice (#51816). Patch applied from bug report. * src/base/ftutil.c (ft_mem_qrealloc): Use low-level allocation to avoid unnecessary overhead.

0aca17cf

2017-08-22T08:25:14

[truetype] Integer overflow. Changes triggered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3107 * src/truetype/ttinterp.c (Ins_MDRP, Ins_MIRP, Ins_ALIGNPTS): Use NEG_LONG.

7653c765

2017-08-17T21:28:32

[sfnt] Avoid synthetic unicode for symbol fonts with PUA. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=754574 * src/sfnt/sfobjs.c (sfnt_load_face): Check for FT_ENCODING_MS_SYMBOL.

cadd29de

2017-08-16T13:32:17

* src/sfnt/pngshim.c (premultiply_data): Fix compiler warnings.

c9d7c03f

2017-08-15T08:48:17

[sfnt] Speed up PNG image loading. This reduces the overhead of `premultiply_data' by 60%. * src/sfnt/pngshim.c (premultiply_data): Provide code which uses gcc's (and clang's) `vector_byte' attribute to process 4 pixels at a time.

f53ccf6f

2017-08-15T07:17:42

Minor comment fix.

10ad11ab

2017-08-13T23:08:39

Harmony CHANGES.

9f5783bb

2017-08-13T09:40:18

Minor.

b45043c4

2017-08-11T09:34:20

[sfnt, truetype] Improve handling of missing sbits. Requested by Behdad. Modern bitmap-only SFNTs like `NotoColorEmoji.ttf' don't contain entries in the bitmap strike(s) for empty glyphs. Instead, they rely that a space glyph gets created from the font's metrics data. This commit makes FreeType behave accordingly. * include/freetype/fterrdef.h (FT_Err_Missing_Bitmap): New error code. * src/sfnt/ttsbit.c (tt_sbit_decoder_load_image): Change error codes to make a distinction between a missing bitmap in a composite and a simple missing bitmap. * src/truetype/ttgload.c (TT_Load_Glyph): For a missing bitmap (in a bitmap-only font), synthesize an empty bitmap glyph if metrics are available.

e77ee789

2017-08-11T07:11:43

CHANGES: Minor update.

f2e121ab

2017-08-10T12:56:50

[base] Minor API improvement for default variation axis setting. * src/base/ftmm.c (FT_Set_MM_Design_Coordinates, FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Allow coords==NULL if num_coords==0. * docs/CHANGES: Updated.

c87fec02

2017-08-09T07:45:12

[psnames] Really fix issue #49949. We now use a separate preprocessor macro to handle both definition and declaration of the glyph name arrays. * src/psnames/psmodule.c (DEFINE_PS_TABLE_DATA): New macro. * src/tools/glnames.py (StringTable::dump, StringTable::dump_sublist): Use `DEFINE_PS_TABLE_DATA'. (dump_encoding): Ditto. (main): Use `wb' mode for writing the output file, which works on Windows also. * src/psnames/pstables.h: Regenerated.

410f3799

2017-03-09T00:08:38

[smooth] Harmony LCD rendering. This is a new technology for LCD-optimized rendering. It capitalizes on the fact that each color channel grid is shifted by a third of a pixel. Therefore it is logical to render 3 separate monochrome bitmaps shifting the outline by 1/3 pixel, and then combine them. Importantly, the resulting output does not require additional LCD filtering. * src/smooth/ftsmooth.c (ft_smooth_render_generic) [!FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Implement new LCD-optimized rendering. * include/freetype/ftlcdfil.h, include/freetype/freetype.h, include/freetype/config/ftoption.h, devel/ftoption.h: Updated documentation.

5710ef98

2017-08-08T22:00:35

* src/smooth/ftsmooth.c (ft_smooth_render_generic): Clean up.

a9d8e90c

2017-08-08T21:42:37

* src/sftnt/ttpost.c (format): Use otspec-compliant versions.

986a21b7

2017-08-06T06:35:19

CHANGES update suggested by Nikolaus.

17196b7c

2017-08-05T18:58:34

[truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2868 * src/truetype/ttinterp.c (Ins_ALIGNRP): Use NEG_LONG.

f43b3094

2017-08-05T18:22:17

[base, truetype] New function `FT_Get_Var_Axis_Flags'. The reserved `flags' field got a value in OpenType version 1.8.2; unfortunately, the public `FT_Var_Axis' structure misses the corresponding element. Since we can't add a new field, we add an access function. * src/base/ftmm.c (FT_Get_Var_Axis_Flags): New function. * include/freetype/ftmm.h (FT_VAR_AXIS_FLAG_HIDDEN): New macro. Updated. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Increase allocated memory of `mmvar' to hold axis flags. Fill the axis flags array. * docs/CHANGES: Updated.

24e256ab

2017-08-04T08:25:31

[truetype] Fix metrics of B/W hinting in v40 mode. Phantom points are now saved outside v40 backwards compatibility mode. This fixes the jumping glyphs when switching between v35 and v40 monochrome mode. * src/truetype/ttgload.c (TT_Hint_Glyph): Fix inversed bool logic.

7f44c2db

2017-08-03T06:15:30

[truetype] Do not set any ClearType flags in v40 monochrome mode. This fixes weird behavior of instructions that resulted in rendering differences between v35 and v40 in monochrome mode, e.g., in `timesbi.ttf'. * src/truetype/ttinterp.c (Ins_GETINFO) [TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Check `subpixel_hinting_lean'.

7e508242

2017-08-01T12:44:35

* src/truetype/ttgxvar.c (TT_Get_MM_Var): Fix thinko.

e6b9b6ba

2017-08-01T09:34:24

Update CHANGES file.

55bbb98f

2017-08-01T09:17:02

[truetype] Fix loading of named instances. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Preserve file position while loading the `avar' table.

ce367774

2017-08-01T08:24:51

[sfnt, truetype] Minor adjustments for OpenType 1.8.2. * src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now (tighter) limits. * src/truetype/ttgload.c (load_truetype_glyph): The new OpenType version explicitly allows all negative values for the number of contours if we have a composite glyph (this is for better backwards compatibility I guess), but it still recommends value -1.

933f4cbe

2017-07-26T23:32:32

[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738 * src/cff/cf2hints.c (cf2_glyphpath_computeOffset, cf2_glyphpath_curveTo): Use ADD_INT32.

38bdf22b

2017-07-13T10:28:09

[truetype] Improve code comment.

fe0a7d9d

2017-07-13T10:25:42

[base] Fix memory leak. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738362 * src/base/ftglyph.c (FT_Get_Glyph): Do proper deallocation in case of error.

134de096

2017-07-12T22:16:37

[base] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2573 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use FT_PIX_CEIL_LONG and FT_PIX_ROUND_LONG.

b5cab5c9

2017-07-12T21:58:35

Document how to scale manually.

229a5535

2017-07-12T10:48:41

CHANGES: Add information on global metrics rounding. I missed to add this important information.

3d083fc2

2017-07-12T00:24:48

* src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo. Also improve tracing message. Problem reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738919

39af82eb

2017-07-11T01:53:01

Changelog: typo, chromium issue id is 2276 instead of 2278 Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>

9ea83c78

2017-07-07T17:09:43

[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2517 * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32.

762de5e2

2017-07-06T22:31:57

Tweak suggested use of `lsb_delta' and `rsb_delta'.

cf8d9b4c

2017-07-05T23:07:01

* src/sfnt/ttcmap.c (tt_cmap_unicode_class_rec): Fix warning.

4261e497

2017-07-05T23:00:23

* src/truetype/ttgxvar.c (FT_Stream_SeekSet): Fix warning (#51395).

1c85479d

2017-07-04T08:08:54

[truetype] Prevent address overflow (#51365). * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.

c56d8851

2017-07-03T22:49:07

* src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code.

ca799e9b

2017-07-03T06:27:52

[truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455 * src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG.

abeb28f1

2017-07-01T16:48:32

* src/sfnt/sfobjs.c (sfnt_load_face): Ignore No_Unicode_Glyph_Name.

7819aeb6

2017-06-28T22:57:41

Avoid Microsoft compiler warnings (#51331). While clang's sanitizer recommends a cast to unsigned for safe negation (to handle -INT_MIN), both MSVC and Visualc emit warning C4146 if an unsigned value gets negated. * include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32), src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a subtraction.

2e7bb5e8

2017-06-27T16:56:38

* src/cff/cffparse.c (do_fixed): Fix typo. Spotted by chris <chris@gcjd.org>.

dde8f5ab

2017-06-27T06:16:04

[truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391 * src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use NEG_LONG. * src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG.

b27cef27

2017-06-24T20:17:46

[truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364 * src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG.

298e2ea5

2017-06-22T11:52:43

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328 * src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and SUB_INT32. * src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG.

75cb071b

2017-06-21T22:52:37

[sfnt] Synthesize a Unicode charmap if one is missing. * src/sfnt/ttcmap.h (tt_cmap_unicode_class_rec): Declare it. * src/sfnt/ttcmap.c (tt_get_glyph_name, tt_cmap_unicode_init, tt_cmap_unicode_done, tt_cmap_unicode_char_index, tt_cmap_unicode_char_next, tt_cmap_unicode_class_rec): Implement synthetic Unicode charmap class. (tt_get_cmap_info): Make sure the callback is available. * src/sfnt/sfobjs.c (sfnt_load_face) [FT_CONFIG_OPTION_POSTSCRIPT_NAMES]: If Unicode charmap is missing, synthesize one. * include/freetype/config/ftoption.h: Document it. * devel/ftoption.h: Ditto.

390048fa

2017-06-20T18:03:20

Remove deprecated comment.

c8829e4b

2017-06-20T12:24:05

Fix pkg-config in freetype-config for cross-compiling (#51274). * builds/unix/unix-def.in (PKG_CONFIG): New variable. (freetype-config): Use it in sed expression. * builds/unix/freetype-config.in: s/pkg-config/%PKG_CONFIG%/.

8c763fb1

2017-06-20T07:49:52

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313 * src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32. * src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.

7b727833

2017-06-17T23:28:14

[base, smooth] LCD filtering cleanups. * src/base/ftlcdlil.c (ft_lcd_filter_fir, _ft_lcd_filter_legacy): Clean up, start filtering from the bottom-left origin. * src/smooth/ftsmooth.c (ft_smooth_render_generic): Updated.

4dc00cf5

2017-06-16T13:33:09

[truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278 * src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use ADD_LONG and SUB_LONG.

dbeb7bce

2017-06-15T19:39:50

[bdf, cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2244 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2261 * src/bdf/bdfdrivr.c (BDF_Face_Init): Replace calls to FT_ABS with direct code to avoid value negation. * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32 and ADD_INT32.

79e3789f

2017-06-14T07:51:04

* src/winfonts/winfnt.c (FNT_Face_Init): Don't set active encoding. FreeType only sets a default active encoding for Unicode.

5c402d97

2017-06-13T06:56:48

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218 * src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32. * src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.

3ed3a961

2017-06-11T13:50:37

[cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210 * src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and ADD_INT32. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use ADD_INT32.

5f2a72cb

2017-06-10T11:29:24

[truetype] Fix TT_Set_Var_Design. Reported by Nikolaus Waxweiler <madigens@gmail.com>. * src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the case where we have less input coordinates than axes.

2c4fba9c

2017-06-10T11:03:41

* src/base/ftcalc.c (FT_DivFix): Fix embarrassing typo. Bug introduced 2017-05-28.

9038837e

2017-06-09T20:42:46

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186 * src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32. * src/truetype/ttinterp.c (Round_None, Round_To_Grid, Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid, Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG, SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG, FT_PAD_ROUND_LONG (Ins_SxVTL, Ins_MIRP): Use SUB_LONG. (_iup_worker_shift): Use SUB_LONG and ADD_LONG.

96d26926

2017-06-09T20:34:28

Provide more macros for flooring, ceiling, and rounding. These versions don't produce run-time errors due to integer overflow. * include/freetype/internal/ftobjs.h: Include FT_INTERNAL_CALC_H. (FT_PAD_ROUND_LONG, FT_PAD_CEIL_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG): New macros. (FT_PAD_ROUND_INT32, FT_PAD_CEIL_INT32, FT_PIX_ROUND_INT32, FT_PIX_CEIL_INT32): New macros.

faf34d29

2017-06-09T20:31:24

Remove unused macros. * include/freetype/internal/ftcalc.h (ADD_INT, SUB_INT, MUL_INT, NEG_INT): Deleted.

dcd8de27

2017-06-09T11:21:58

*/*: Remove `OVERFLOW_' prefix. This increases readability.

7bffeacd

2017-06-07T17:08:01

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137 * src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use OVERFLOW_SUB_LONG.

24848a3d

2017-06-06T12:05:04

[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32. * src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else branches.

86670429

2017-06-05T06:20:53

[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2089 * src/cff/cffload.c (cff_blend_doBlend): User OVERFLOW_ADD_INT32.

9fa8a299

2017-06-04T20:43:08

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088 * src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32. * src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG, OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.

addb2ddd

2017-06-03T21:05:42

[base, cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG. * src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32. * src/truetype/ttgload.c (compute_glyph_metrics): User OVERFLOW_SUB_LONG. * src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig, Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X, Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.

c9a9cf59

2017-06-03T09:41:50

* builds/unix/freetype-config.in: Fix pkg-config test (#51162). Patch directly taken from bug report.

2c2e6403

2017-06-03T07:38:11

[bdf] Synchronize sanity checks with pcf driver. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2054 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2058 * src/bdf/bdfdrivr.c (BDF_Face_Init): Check font ascent and descent. Check AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y properties.

1ea34322

2017-06-03T06:52:13

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057 * src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG. (Ins_SUB): Use OVERFLOW_SUB_LONG. (Ins_NEG): Use NEG_LONG.

c5a22541

2017-06-03T06:13:10

ftcalc.h: Avoid left-shift of negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055 * include/freetype/internal/ftcalc.h (INT_TO_F26DOT6, INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.

0716c6ab

2017-06-02T19:24:03

[cff] Even more integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2046 * src/cff/cf2intrp.c (cf2_doStems, cf2_interpT2CharString): Use OVERFLOW_ADD_INT32.

7a4276fb

2017-06-02T09:21:37

[cff] More integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.

03b0cc2e

2017-06-02T09:16:52

[bdf] Don't left-shift negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2031 * src/bdf/bdfdrivr.c (BDF_Face_Init): Use multiplication.

47a03e9b

2017-06-02T09:06:36

[bdf] Fix integer scanning routines. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2029 * src/bdf/bdflib.c (_bdf_atoul, _bdf_atol, _bdf_atous, _bdf_atos): Stop scanning if result would overflow.

3802ca8b

2017-06-02T08:44:20

[cff] Fix integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028 * src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c (cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32.

cd02d359

2017-06-01T17:05:39

[smooth] Some 32bit integer overflow run-time errors. * src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG, OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros. [!STANDALONE]: Include FT_INTERNAL_CALC_H. (gray_render_cubic): Use those macros where appropriate.

a607e391

2017-06-01T17:03:07

Minor comment.

0ad32623

2017-06-01T17:00:37

* src/base/ftglyph.c (FT_Get_Glyph): Check `slot->advance'.

4a1f1a6d

2017-06-01T13:15:54

[psaux] 32bit integer overflow tun-time errors (#46149). * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where appropriate.

8d435c46

2017-06-01T07:09:44

* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. Problem reported by Marek Kašík <mkasik@redhat.com>. The problematic font that exceeds the old limit is Padauk-Bold, version 3.002, containing bytecode generated by a buggy version of ttfautohint.

e66d7300

2017-05-31T16:16:50

[cff] 32bit integer overflow run-time errors 2/2 (#46149). This commit handles the new engine. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG, NEG_INT32): New macros. * src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32. * src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init, cf2_hintmap_map, cf2_glyphpath_hintPoint, cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset, cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and NEG_INT32 where appropriate. * src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend, cf2_interpT2CharString): Ditto. Also add some other code where needed to avoid overflow.

9b710cd5

2017-05-30T22:35:41

[cff] 32bit integer overflow run-time errors 1/2 (#46149). This commit handles the old engine. * src/cff/cffgload.c: Include FT_INTERNAL_CALC_H. (cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where needed. * src/cff/cffparse.c: Include FT_INTERNAL_CALC_H. (power_ten_limits): New static array. (do_fixed): Use it to prevent multiplication overflow. (cff_parser_run): Use OVERFLOW_ADD_LONG.

kc3-lang/freetype

Log