|
22a7f5b8
|
2017-09-07T22:36:02
|
|
Branding fixes.
|
|
a3dd6d99
|
2017-09-05T23:02:04
|
|
Fix multiple calls of `FT_Bitmap_Convert'.
The documentation of `FT_Bitmap_Convert' says that multiple calls do
proper reallocation of the target FT_Bitmap object. However, this
failed for the sequence
non-empty bitmap
empty bitmap
non-empty bitmap
Reason was that `FT_Bitmap_Convert' only reallocated the bitmap
buffer if it became too small; it didn't make the buffer smaller.
For an empty bitmap following a non-empty one, only the buffer
dimension got set to zero, without deallocation. If the next call
was a non-empty buffer again, an assertion in `ft_mem_qrealloc' was
triggered.
* src/base/ftbitmap.c (FT_Bitmap_Convert): Always reallocate target
buffer to the correct size.
* docs/CHANGES: Document it.
|
|
7d017ba8
|
2017-09-05T15:28:21
|
|
[bdf] Fix size and resolution handling.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Use `SIZE' values if
`POINT_SIZE', `RESOLUTION_X', or `RESOLUTION_Y' properties are
missing.
* docs/CHANGES: Document it.
|
|
f0898b92
|
2017-08-25T21:40:01
|
|
Swap `ALLOC_MULT' arguments (#51833).
* src/base/ftbitmap.c (ft_bitmap_assure_buffer): Updated.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Updated.
* src/raster/ftrend1.c (ft_raster1_render): Updated.
|
|
e1d0249e
|
2017-08-23T08:18:22
|
|
[sfnt] Fix clang compilation (#51788).
* src/sfnt/pngshim.c (premultiply_data): Use vectors instead of
scalars.
(vector_shuffle): New macro to take of a different built-in function
name on clang.
|
|
bd28952e
|
2017-08-22T08:41:03
|
|
[base] Don't zero out allocated memory twice (#51816).
Patch applied from bug report.
* src/base/ftutil.c (ft_mem_qrealloc): Use low-level allocation to
avoid unnecessary overhead.
|
|
0aca17cf
|
2017-08-22T08:25:14
|
|
[truetype] Integer overflow.
Changes triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3107
* src/truetype/ttinterp.c (Ins_MDRP, Ins_MIRP, Ins_ALIGNPTS): Use
NEG_LONG.
|
|
7653c765
|
2017-08-17T21:28:32
|
|
[sfnt] Avoid synthetic unicode for symbol fonts with PUA.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=754574
* src/sfnt/sfobjs.c (sfnt_load_face): Check for FT_ENCODING_MS_SYMBOL.
|
|
cadd29de
|
2017-08-16T13:32:17
|
|
* src/sfnt/pngshim.c (premultiply_data): Fix compiler warnings.
|
|
c9d7c03f
|
2017-08-15T08:48:17
|
|
[sfnt] Speed up PNG image loading.
This reduces the overhead of `premultiply_data' by 60%.
* src/sfnt/pngshim.c (premultiply_data): Provide code which uses
gcc's (and clang's) `vector_byte' attribute to process 4 pixels at a
time.
|
|
b45043c4
|
2017-08-11T09:34:20
|
|
[sfnt, truetype] Improve handling of missing sbits.
Requested by Behdad.
Modern bitmap-only SFNTs like `NotoColorEmoji.ttf' don't contain
entries in the bitmap strike(s) for empty glyphs. Instead, they
rely that a space glyph gets created from the font's metrics data.
This commit makes FreeType behave accordingly.
* include/freetype/fterrdef.h (FT_Err_Missing_Bitmap): New error
code.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_image): Change error codes
to make a distinction between a missing bitmap in a composite and a
simple missing bitmap.
* src/truetype/ttgload.c (TT_Load_Glyph): For a missing bitmap (in a
bitmap-only font), synthesize an empty bitmap glyph if metrics are
available.
|
|
f2e121ab
|
2017-08-10T12:56:50
|
|
[base] Minor API improvement for default variation axis setting.
* src/base/ftmm.c (FT_Set_MM_Design_Coordinates,
FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates,
FT_Set_Var_Blend_Coordinates): Allow coords==NULL if num_coords==0.
* docs/CHANGES: Updated.
|
|
c87fec02
|
2017-08-09T07:45:12
|
|
[psnames] Really fix issue #49949.
We now use a separate preprocessor macro to handle both definition
and declaration of the glyph name arrays.
* src/psnames/psmodule.c (DEFINE_PS_TABLE_DATA): New macro.
* src/tools/glnames.py (StringTable::dump,
StringTable::dump_sublist): Use `DEFINE_PS_TABLE_DATA'.
(dump_encoding): Ditto.
(main): Use `wb' mode for writing the output file, which works on
Windows also.
* src/psnames/pstables.h: Regenerated.
|
|
410f3799
|
2017-03-09T00:08:38
|
|
[smooth] Harmony LCD rendering.
This is a new technology for LCD-optimized rendering. It capitalizes
on the fact that each color channel grid is shifted by a third of a
pixel. Therefore it is logical to render 3 separate monochrome
bitmaps shifting the outline by 1/3 pixel, and then combine them.
Importantly, the resulting output does not require additional LCD
filtering.
* src/smooth/ftsmooth.c (ft_smooth_render_generic)
[!FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Implement new LCD-optimized
rendering.
* include/freetype/ftlcdfil.h, include/freetype/freetype.h,
include/freetype/config/ftoption.h, devel/ftoption.h: Updated
documentation.
|
|
5710ef98
|
2017-08-08T22:00:35
|
|
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Clean up.
|
|
a9d8e90c
|
2017-08-08T21:42:37
|
|
* src/sftnt/ttpost.c (format): Use otspec-compliant versions.
|
|
17196b7c
|
2017-08-05T18:58:34
|
|
[truetype] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2868
* src/truetype/ttinterp.c (Ins_ALIGNRP): Use NEG_LONG.
|
|
f43b3094
|
2017-08-05T18:22:17
|
|
[base, truetype] New function `FT_Get_Var_Axis_Flags'.
The reserved `flags' field got a value in OpenType version 1.8.2;
unfortunately, the public `FT_Var_Axis' structure misses the
corresponding element. Since we can't add a new field, we add an
access function.
* src/base/ftmm.c (FT_Get_Var_Axis_Flags): New function.
* include/freetype/ftmm.h (FT_VAR_AXIS_FLAG_HIDDEN): New macro.
Updated.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Increase allocated memory
of `mmvar' to hold axis flags.
Fill the axis flags array.
* docs/CHANGES: Updated.
|
|
24e256ab
|
2017-08-04T08:25:31
|
|
[truetype] Fix metrics of B/W hinting in v40 mode.
Phantom points are now saved outside v40 backwards compatibility
mode. This fixes the jumping glyphs when switching between v35 and
v40 monochrome mode.
* src/truetype/ttgload.c (TT_Hint_Glyph): Fix inversed bool logic.
|
|
7f44c2db
|
2017-08-03T06:15:30
|
|
[truetype] Do not set any ClearType flags in v40 monochrome mode.
This fixes weird behavior of instructions that resulted in rendering
differences between v35 and v40 in monochrome mode, e.g., in
`timesbi.ttf'.
* src/truetype/ttinterp.c (Ins_GETINFO)
[TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Check
`subpixel_hinting_lean'.
|
|
7e508242
|
2017-08-01T12:44:35
|
|
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Fix thinko.
|
|
55bbb98f
|
2017-08-01T09:17:02
|
|
[truetype] Fix loading of named instances.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Preserve file position
while loading the `avar' table.
|
|
ce367774
|
2017-08-01T08:24:51
|
|
[sfnt, truetype] Minor adjustments for OpenType 1.8.2.
* src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now
(tighter) limits.
* src/truetype/ttgload.c (load_truetype_glyph): The new OpenType
version explicitly allows all negative values for the number of
contours if we have a composite glyph (this is for better backwards
compatibility I guess), but it still recommends value -1.
|
|
933f4cbe
|
2017-07-26T23:32:32
|
|
[cff] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738
* src/cff/cf2hints.c (cf2_glyphpath_computeOffset,
cf2_glyphpath_curveTo): Use ADD_INT32.
|
|
38bdf22b
|
2017-07-13T10:28:09
|
|
[truetype] Improve code comment.
|
|
fe0a7d9d
|
2017-07-13T10:25:42
|
|
[base] Fix memory leak.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=738362
* src/base/ftglyph.c (FT_Get_Glyph): Do proper deallocation in case
of error.
|
|
134de096
|
2017-07-12T22:16:37
|
|
[base] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2573
* src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use
FT_PIX_CEIL_LONG and FT_PIX_ROUND_LONG.
|
|
3d083fc2
|
2017-07-12T00:24:48
|
|
* src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo.
Also improve tracing message.
Problem reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=738919
|
|
9ea83c78
|
2017-07-07T17:09:43
|
|
[cff] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2517
* src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32.
|
|
cf8d9b4c
|
2017-07-05T23:07:01
|
|
* src/sfnt/ttcmap.c (tt_cmap_unicode_class_rec): Fix warning.
|
|
4261e497
|
2017-07-05T23:00:23
|
|
* src/truetype/ttgxvar.c (FT_Stream_SeekSet): Fix warning (#51395).
|
|
1c85479d
|
2017-07-04T08:08:54
|
|
[truetype] Prevent address overflow (#51365).
* src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.
|
|
c56d8851
|
2017-07-03T22:49:07
|
|
* src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code.
|
|
ca799e9b
|
2017-07-03T06:27:52
|
|
[truetype] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455
* src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG.
|
|
abeb28f1
|
2017-07-01T16:48:32
|
|
* src/sfnt/sfobjs.c (sfnt_load_face): Ignore No_Unicode_Glyph_Name.
|
|
7819aeb6
|
2017-06-28T22:57:41
|
|
Avoid Microsoft compiler warnings (#51331).
While clang's sanitizer recommends a cast to unsigned for safe
negation (to handle -INT_MIN), both MSVC and Visualc emit warning
C4146 if an unsigned value gets negated.
* include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32),
src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a
subtraction.
|
|
2e7bb5e8
|
2017-06-27T16:56:38
|
|
* src/cff/cffparse.c (do_fixed): Fix typo.
Spotted by chris <chris@gcjd.org>.
|
|
dde8f5ab
|
2017-06-27T06:16:04
|
|
[truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391
* src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use
NEG_LONG.
* src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG.
|
|
b27cef27
|
2017-06-24T20:17:46
|
|
[truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364
* src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG.
|
|
298e2ea5
|
2017-06-22T11:52:43
|
|
[cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328
* src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and
SUB_INT32.
* src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG.
|
|
75cb071b
|
2017-06-21T22:52:37
|
|
[sfnt] Synthesize a Unicode charmap if one is missing.
* src/sfnt/ttcmap.h (tt_cmap_unicode_class_rec): Declare it.
* src/sfnt/ttcmap.c (tt_get_glyph_name, tt_cmap_unicode_init,
tt_cmap_unicode_done, tt_cmap_unicode_char_index,
tt_cmap_unicode_char_next, tt_cmap_unicode_class_rec): Implement
synthetic Unicode charmap class.
(tt_get_cmap_info): Make sure the callback is available.
* src/sfnt/sfobjs.c (sfnt_load_face)
[FT_CONFIG_OPTION_POSTSCRIPT_NAMES]: If Unicode charmap is missing,
synthesize one.
* include/freetype/config/ftoption.h: Document it.
* devel/ftoption.h: Ditto.
|
|
390048fa
|
2017-06-20T18:03:20
|
|
Remove deprecated comment.
|
|
8c763fb1
|
2017-06-20T07:49:52
|
|
[cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313
* src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32.
* src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
|
|
7b727833
|
2017-06-17T23:28:14
|
|
[base, smooth] LCD filtering cleanups.
* src/base/ftlcdlil.c (ft_lcd_filter_fir, _ft_lcd_filter_legacy):
Clean up, start filtering from the bottom-left origin.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Updated.
|
|
4dc00cf5
|
2017-06-16T13:33:09
|
|
[truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278
* src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use
ADD_LONG and SUB_LONG.
|
|
dbeb7bce
|
2017-06-15T19:39:50
|
|
[bdf, cff] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2244
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2261
* src/bdf/bdfdrivr.c (BDF_Face_Init): Replace calls to FT_ABS with
direct code to avoid value negation.
* src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32 and
ADD_INT32.
|
|
79e3789f
|
2017-06-14T07:51:04
|
|
* src/winfonts/winfnt.c (FNT_Face_Init): Don't set active encoding.
FreeType only sets a default active encoding for Unicode.
|
|
5c402d97
|
2017-06-13T06:56:48
|
|
[cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218
* src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32.
* src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.
|
|
3ed3a961
|
2017-06-11T13:50:37
|
|
[cff] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210
* src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and
ADD_INT32.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use
ADD_INT32.
|
|
5f2a72cb
|
2017-06-10T11:29:24
|
|
[truetype] Fix TT_Set_Var_Design.
Reported by Nikolaus Waxweiler <madigens@gmail.com>.
* src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the
case where we have less input coordinates than axes.
|
|
2c4fba9c
|
2017-06-10T11:03:41
|
|
* src/base/ftcalc.c (FT_DivFix): Fix embarrassing typo.
Bug introduced 2017-05-28.
|
|
9038837e
|
2017-06-09T20:42:46
|
|
[cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186
* src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32.
* src/truetype/ttinterp.c (Round_None, Round_To_Grid,
Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid,
Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG,
SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG,
FT_PAD_ROUND_LONG
(Ins_SxVTL, Ins_MIRP): Use SUB_LONG.
(_iup_worker_shift): Use SUB_LONG and ADD_LONG.
|
|
dcd8de27
|
2017-06-09T11:21:58
|
|
*/*: Remove `OVERFLOW_' prefix.
This increases readability.
|
|
7bffeacd
|
2017-06-07T17:08:01
|
|
[cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137
* src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32.
* src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use
OVERFLOW_SUB_LONG.
|
|
24848a3d
|
2017-06-06T12:05:04
|
|
[cff] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
* src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else
branches.
|
|
86670429
|
2017-06-05T06:20:53
|
|
[cff] Integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2089
* src/cff/cffload.c (cff_blend_doBlend): User OVERFLOW_ADD_INT32.
|
|
9fa8a299
|
2017-06-04T20:43:08
|
|
[cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088
* src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32.
* src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG,
OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.
|
|
addb2ddd
|
2017-06-03T21:05:42
|
|
[base, cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068
* src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
* src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c
(cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32.
* src/truetype/ttgload.c (compute_glyph_metrics): User
OVERFLOW_SUB_LONG.
* src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig,
Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X,
Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
|
|
2c2e6403
|
2017-06-03T07:38:11
|
|
[bdf] Synchronize sanity checks with pcf driver.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2054
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2058
* src/bdf/bdfdrivr.c (BDF_Face_Init): Check font ascent and descent.
Check AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and
RESOLUTION_Y properties.
|
|
1ea34322
|
2017-06-03T06:52:13
|
|
[cff, truetype] Integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057
* src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32.
* src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG.
(Ins_SUB): Use OVERFLOW_SUB_LONG.
(Ins_NEG): Use NEG_LONG.
|
|
0716c6ab
|
2017-06-02T19:24:03
|
|
[cff] Even more integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2046
* src/cff/cf2intrp.c (cf2_doStems, cf2_interpT2CharString): Use
OVERFLOW_ADD_INT32.
|
|
7a4276fb
|
2017-06-02T09:21:37
|
|
[cff] More integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
|
|
03b0cc2e
|
2017-06-02T09:16:52
|
|
[bdf] Don't left-shift negative numbers.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2031
* src/bdf/bdfdrivr.c (BDF_Face_Init): Use multiplication.
|
|
47a03e9b
|
2017-06-02T09:06:36
|
|
[bdf] Fix integer scanning routines.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2029
* src/bdf/bdflib.c (_bdf_atoul, _bdf_atol, _bdf_atous, _bdf_atos):
Stop scanning if result would overflow.
|
|
3802ca8b
|
2017-06-02T08:44:20
|
|
[cff] Fix integer overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028
* src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c
(cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32.
|
|
cd02d359
|
2017-06-01T17:05:39
|
|
[smooth] Some 32bit integer overflow run-time errors.
* src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros.
[!STANDALONE]: Include FT_INTERNAL_CALC_H.
(gray_render_cubic): Use those macros where appropriate.
|
|
0ad32623
|
2017-06-01T17:00:37
|
|
* src/base/ftglyph.c (FT_Get_Glyph): Check `slot->advance'.
|
|
4a1f1a6d
|
2017-06-01T13:15:54
|
|
[psaux] 32bit integer overflow tun-time errors (#46149).
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where appropriate.
|
|
8d435c46
|
2017-06-01T07:09:44
|
|
* src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again.
Problem reported by Marek Kašík <mkasik@redhat.com>.
The problematic font that exceeds the old limit is Padauk-Bold,
version 3.002, containing bytecode generated by a buggy version of
ttfautohint.
|
|
e66d7300
|
2017-05-31T16:16:50
|
|
[cff] 32bit integer overflow run-time errors 2/2 (#46149).
This commit handles the new engine.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32,
OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG,
NEG_INT32): New macros.
* src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32.
* src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init,
cf2_hintmap_map, cf2_glyphpath_hintPoint,
cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset,
cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use
OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and
NEG_INT32 where appropriate.
* src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend,
cf2_interpT2CharString): Ditto.
Also add some other code where needed to avoid overflow.
|
|
9b710cd5
|
2017-05-30T22:35:41
|
|
[cff] 32bit integer overflow run-time errors 1/2 (#46149).
This commit handles the old engine.
* src/cff/cffgload.c: Include FT_INTERNAL_CALC_H.
(cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and
OVERFLOW_SUB_LONG where needed.
* src/cff/cffparse.c: Include FT_INTERNAL_CALC_H.
(power_ten_limits): New static array.
(do_fixed): Use it to prevent multiplication overflow.
(cff_parser_run): Use OVERFLOW_ADD_LONG.
|
|
0e7b9f86
|
2017-05-30T22:22:19
|
|
[psaux] Correctly handle sequences of multiple number signs.
* src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed): Return zero
if we encounter more than a single sign.
|
|
f0146329
|
2017-05-29T21:04:27
|
|
[pcf] 32bit integer overflow run-time errors (#46149).
* src/pcf/pcfread.c (pcf_get_accel): Add sanity checks for
`fontAscent' and `fontDescent'.
(pcf_load_font): Add sanity checks for global height.
Add sanity checks for AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE,
RESOLUTION_X, and RESOLUTION_Y properties.
|
|
fbe2fe4c
|
2017-05-29T13:29:28
|
|
Handle some integer overflow run-time errors (#46149, #48979).
This commit (mainly for 32bit CPUs) is the first of a series of
similar commits to handle known integer overflows. Basically, all
of them are harmless, since they affect rendering of glyphs only,
not posing security threats. It is expected that fuzzying will show
up more overflows, to be fixed in due course.
The idea is to mark places where overflows can occur, using macros
that simply cast to unsigned integers, because overflow arithmetic
is well defined in this case. Doing so suppresses run-time errors
of sanitizers without adding computational overhead.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT,
OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros.
* src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply,
FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled,
ft_corner_orientation): Use new macros.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros.
|
|
2e4188d8
|
2017-05-28T07:46:22
|
|
[cff] s/cf2_floatToFixed/cf2_doubleToFixed/.
The new name better describes what the macro actually does;
additionally, we don't need a trailing `f' for literals (there was
only a single such instance in the code, but this caused a clang
warning because the macro itself uses `double' literals).
* src/cff/cf2blues.c, src/cff/cf2blues.h, src/cff/cf2fixed.h,
src/cff/cf2font.c, src/cff/cf2hints.c: Updated.
|
|
93572190
|
2017-05-28T07:20:09
|
|
Fix negation of INT_MIN and LONG_MIN (#46149).
* src/base/ftcalc.c (FT_MOVE_SIGN): Add argument to pass unsigned
value, to be used as the result.
(FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix, FT_MulFix,
FT_Vector_NormLen): Updated.
|
|
a9331c0f
|
2017-05-27T15:50:25
|
|
[truetype] Fix handling of design coordinates (#51127).
* src/truetype/ttgxvar.c (tt_set_mm_blend): Compute all design
coordinates if we have to create the `blends->coord' array.
(TT_Get_MM_Blend, TT_Get_Var_Design): Select default instance
coordinates if no instance is selected yet.
|
|
082f2faf
|
2017-05-24T07:40:46
|
|
[bdf, pcf] Support ISO646.1991-IRV character encoding (aka ASCII).
Problem reported by Marek Kašík <mkasik@redhat.com>, cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1451795
* src/bdf/bdfdrivr.c (BDF_Face_Init), src/pcf/pcfdrivr.c
(PCF_Face_Init): Implement it.
|
|
a0455468
|
2017-05-20T07:28:46
|
|
[truetype] Always use interpreter v35 for B/W rendering (#51051).
* src/truetype/ttgload.c (tt_loader_init)
[TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Adjust
`subpixel_hinting_lean', `grayscale_cleartype', and
`vertical_lcd_lean' accordingly.
* src/truetype/ttinterp.c (Ins_GETINFO): Updated.
(TT_RunIns): Update `backward_compatibility' flag.
|
|
ab2599ea
|
2017-05-20T00:35:21
|
|
[smooth] Implement minimal dynamic padding for LCD filtering.
Extra bitmap padding for LCD filtering depends on the filter. The
default 5-tap filter needs 2 extra subpixels. The light 3-tap filter
needs only 1 extra subpixel. This space could be already available
due to rounding. In order to optimize the padding, we now expand
CBox for the given filter weights before rounding.
This change breakes current Skia (and Firefox).
* include/freetype/internal/ftobjs.h (FT_LibraryRec)
[FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Remove `lcd_extra' field.
* src/base/ftlcdfil.c (FT_Library_SetLcdFilterWeights,
FT_Library_SetLcdFilter): Remove `lcd_extra' initializations.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Implement dymanic
LCD padding.
|
|
881f6447
|
2017-05-17T07:56:53
|
|
[autofit] More code sorting.
|
|
548704f4
|
2017-05-17T07:40:50
|
|
Code sorting.
|
|
5efda13f
|
2017-05-15T21:26:01
|
|
[sfnt] Return proper scaling values for SBIX bitmaps.
Problem reported by Hin-Tak Leung <htl10@users.sourceforge.net>.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Implement it.
|
|
6e5445a2
|
2017-05-15T21:24:04
|
|
[truetype] Fix error handling for embedded bitmaps.
Problem reported by Hin-Tak Leung <htl10@users.sourceforge.net>.
* src/truetype/ttgload.c (TT_Load_Glyph)
[TT_CONFIG_OPTION_EMBEDDED_BITMAPS]: Handle error if font is not
scalable.
|
|
a7f276a2
|
2017-05-15T00:25:37
|
|
[autofit] Make autohint warping NORMAL option.
This moves warping option from LIGHT to NORMAL mode. This makes LIGHT
truly void of hinting in x-direction, with left side bearing never
changed and right side bearing only altered by advance rounding.
Therefore, LIGHT is now ready to return fractional advance. As a
NORMAL option, warping substitutes normal hinting.
* src/autofit/afcjk.c (af_cjk_hints_apply): Updated.
* src/autofit/aflatin.c (af_latin_hints_apply): Updated.
* src/autofit/aflatin2.c (af_latin2_hints_apply): Updated.
* src/autofit/afloader.c (af_loader_load_glyph): Handle warping
phantom points as normal.
|
|
e99b26aa
|
2017-05-14T21:57:27
|
|
Remove remnants of raster pool.
* include/freetype/internal/ftobjs.h (FT_LibraryRec): Remove
`raster_pool' and `raster_pool_size' fields.
* src/base/ftobjs.c (FT_New_Library), src/raster/ftrend1.c
(ft_raster1_init), src/smooth/ftsmooth.c (ft_smooth_init): Updated.
|
|
9de936d3
|
2017-05-11T00:11:59
|
|
s/AF_BLUE_STRINGSET_CANADIAN_SYLLABICS/AF_BLUE_STRINGSET_CANS/.
|
|
ac0eed86
|
2017-05-11T00:06:37
|
|
[autofit] Add support for Chakma script.
* src/autofit/afblue.dat: Add blue zone data for Chakma.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Chakma standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Chakma data.
|
|
d19859f1
|
2017-05-10T23:38:05
|
|
[autofit] Add support for Kayah Li script.
* src/autofit/afblue.dat: Add blue zone data for Kayah Li.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Kayah Li standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Kayah Li data.
|
|
87218c99
|
2017-05-10T12:39:33
|
|
[autofit] Add support for Bamum script.
* src/autofit/afblue.dat: Add blue zone data for Bamum.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Bamum standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Bamum data.
|
|
4aa1aec1
|
2017-05-10T09:36:13
|
|
[autofit] Add support for Saurashtra script.
* src/autofit/afblue.dat: Add blue zone data for Saurashtra.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Saurashtra standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Saurashtra
data.
|
|
53f38244
|
2017-05-10T09:13:20
|
|
[autofit] Add support for Buhid script.
* src/autofit/afblue.dat: Add blue zone data for Buhid.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Buhid standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Buhid data.
|
|
44c6117e
|
2017-05-08T20:31:52
|
|
[autofit] Add support for Shavian script.
* src/autofit/afblue.dat: Add blue zone data for Shavian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Shavian standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Shavian data.
|
|
a9e5e6e5
|
2017-05-08T19:57:16
|
|
[autofit] Add support for Vai script.
* src/autofit/afblue.dat: Add blue zone data for Vai.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Vai standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Vai data.
|
|
acc6b6df
|
2017-05-08T15:08:46
|
|
[autofit] Add support for Osmanya script.
* src/autofit/afblue.dat: Add blue zone data for Osmanya.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Osmanya standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Osmanya data.
|
|
f27ebb1e
|
2017-05-08T10:22:26
|
|
[autofit] Add support for Coptic script.
* src/autofit/afblue.dat: Add blue zone data for Coptic.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Coptic standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Coptic data.
|
|
db0fe733
|
2017-05-08T10:00:16
|
|
[autofit] Add support for Carian script.
* src/autofit/afblue.dat: Add blue zone data for Carian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Carian standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Carian data.
|
|
ec4cb04b
|
2017-05-07T13:06:36
|
|
[truetype] Add tricky font `DFGirl-W6-WIN-BF' (from Dynalab).
Reported by Roy Tam <roytam@gmail.com>.
* src/truetype/ttobjs.c (tt_check_trickyness_family): Implement it.
|
|
0ed9fef0
|
2017-05-07T08:32:58
|
|
[truetype] More tricky fonts (mainly from Dynalab).
* src/truetype/ttobjs.c (tt_check_trickyness_family,
tt_check_trickyness_sfnt_ids): Add them.
|
|
f784a565
|
2017-05-07T00:45:05
|
|
[truetype] Add tricky font `DLCHayMedium' (from Dynalab).
Reported by Roy Tam <roytam@gmail.com>.
* src/truetype/ttobjs.c (tt_check_trickyness_family): Implement it.
|