kmx git

Commit	Date	Message
933f4cbe	2017-07-26T23:32:32	[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738 * src/cff/cf2hints.c (cf2_glyphpath_computeOffset, cf2_glyphpath_curveTo): Use ADD_INT32.
8c763fb1	2017-06-20T07:49:52	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313 * src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32. * src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
3ed3a961	2017-06-11T13:50:37	[cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210 * src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and ADD_INT32. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use ADD_INT32.
dcd8de27	2017-06-09T11:21:58	/: Remove `OVERFLOW_' prefix. This increases readability.
7bffeacd	2017-06-07T17:08:01	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137 * src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use OVERFLOW_SUB_LONG.
24848a3d	2017-06-06T12:05:04	[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32. * src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else branches.
addb2ddd	2017-06-03T21:05:42	[base, cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG. * src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32. * src/truetype/ttgload.c (compute_glyph_metrics): User OVERFLOW_SUB_LONG. * src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig, Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X, Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
1ea34322	2017-06-03T06:52:13	[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057 * src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG. (Ins_SUB): Use OVERFLOW_SUB_LONG. (Ins_NEG): Use NEG_LONG.
3802ca8b	2017-06-02T08:44:20	[cff] Fix integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028 * src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c (cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32.
e66d7300	2017-05-31T16:16:50	[cff] 32bit integer overflow run-time errors 2/2 (#46149). This commit handles the new engine. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG, NEG_INT32): New macros. * src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32. * src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init, cf2_hintmap_map, cf2_glyphpath_hintPoint, cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset, cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and NEG_INT32 where appropriate. * src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend, cf2_interpT2CharString): Ditto. Also add some other code where needed to avoid overflow.
2e4188d8	2017-05-28T07:46:22	[cff] s/cf2_floatToFixed/cf2_doubleToFixed/. The new name better describes what the macro actually does; additionally, we don't need a trailing `f' for literals (there was only a single such instance in the code, but this caused a clang warning because the macro itself uses `double' literals). * src/cff/cf2blues.c, src/cff/cf2blues.h, src/cff/cf2fixed.h, src/cff/cf2font.c, src/cff/cf2hints.c: Updated.
37c72f66	2016-12-25T22:55:25	Minor formatting.
748e3681	2015-10-21T13:58:43	[cff] Remove an assert (#46107). * src/cff/cf2hints.c (cf2_hintmap_insertHint): Ignore paired edges in wrong order.
eb05bfbe	2015-02-20T08:37:35	[cff] Signedness fixes for new engine. * src/cff/cf2arrst.c, src/cff/cf2fixed.h, src/cff/cf2ft.c, src/cff/cf2ft.h, src/cff/cf2hints.c, src/cff/cf2intrp.c: Apply.
f89396cb	2014-12-04T06:17:26	[cff] Modify an FT_ASSERT. * src/cff/cf2hints.c (cf2_hintmap_map): After the fix for Savannah bug #43661, the test font `...aspartam.otf' still triggers an FT_ASSERT. Since hintmap still works with count==0, ... (cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): ... add that term to suppress the assert.
2cdc4562	2014-12-04T06:10:16	[cff] Fix Savannah bug #43661. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdHSTEM, cf2_cmdVSTEM, cf2_cmdHINTMASK>: Don't append to stem arrays after hintmask is constructed. * src/cff/cf2hints.c (cf2_hintmap_build): Add defensive code to avoid reading past end of hintmask.
d17cabf5	2014-07-26T09:53:50	[cff] Fix typo. * src/cff/cf2hints.c (cf2_glyphpath_computeOffset): Use correct offsets in third quadrant. Reported by maks <maksqwe1@ukr.net>.
6adda68a	2014-02-28T09:24:26	Math simplifications. * src/cf2blues.c (cf2_blues_init): Use `FT_MulDiv'. * src/cf2ft.c (cf2_getScaleAndHintFlag): Use simple division.
0eae6eb0	2014-02-28T07:40:01	Fix Savannah bug #41697, part 1. * src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is invalid. In this case, it is not safe to use the length of `hStemHintArray'; the exception has already been recorded in `hintMask'.
dd21301e	2013-11-08T10:52:51	[cff] Fix for hints that touch. * src/cff/cf2hints.c (cf2_hintmap_insertHint): Fix condition for finding index value of insertion point.
3a2cb0f8	2013-09-29T16:17:02	Fix Savannah bug #39295. The bug was caused by switching to the initial hintmap (the one in effect when `moveto' executes) just before drawing the final element in the charstring. This ensured that the path was closed (in both Character Space and Device Space). But if the final element was a curve and if the final hintmap was different enough from the initial one, then the curve was visibly distorted. The first part of the fix is to draw the final curve using the final hintmap as specified by the charstring. This corrects the distortion but does not ensure closing in Device Space. It may require the rasterizer to automatically generate an extra closing line. Depending on the hintmap differences, this line could be from zero to a couple pixels in length. The second part of the fix covers the case where the charstring subpath is closed with an explicit line. We now modify that line's end point to avoid the distortion. Some glyphs in the bug report font (TexGyreHeros-Regular) that show the change are: 25ppem S (98) 24ppem eight (52) 25.5ppem p (85) Curves at the end of a subpath are no longer distorted. However, some of these glyphs have bad hint substitutions in the middle of a subpath, and these are not affected. The patch has been tested with a set of 106 fonts that shipped with Adobe Creative Suite 4, together with 756 Open Source CFF fonts from Google Fonts. There are 1.5 million glyphs, of which some 20k are changed with the fix. A sampling of a few hundred of these changes have been examined more closely, and the changes look good (or at least acceptable). * src/cff/cf2hints.h (CF2_GlyphPathRec): New element `pathIsClosing' to indicate that we synthesize a closepath line. * src/cff/cf2hints.c (cf2_glyphpath_init): Updated. (cf2_glyphpath_pushPrevElem): If closing, use first hint map (for `lineto' operator) and adjust hint zone. For synthesized closing lines, use end point in first hint zone. (cf2_glyphpath_lineTo): Take care of synthesized closing lines. In particular, shift the detection of zero-length lines from character space to device space. (cf2_glyphpath_closeOpenPath): Remove assertion. Updated.
c06889eb	2013-06-12T10:58:06	More compiler warning fixes. /: Use cast to `FT_Bool' (or `Bool') where appropriate.
283c8ed8	2013-04-13T15:02:31	[cff] New files for Adobe's Type 2 interpreter and hinting engine.

933f4cbe

2017-07-26T23:32:32

[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738 * src/cff/cf2hints.c (cf2_glyphpath_computeOffset, cf2_glyphpath_curveTo): Use ADD_INT32.

8c763fb1

2017-06-20T07:49:52

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313 * src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32. * src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.

3ed3a961

2017-06-11T13:50:37

[cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210 * src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and ADD_INT32. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use ADD_INT32.

dcd8de27

2017-06-09T11:21:58

*/*: Remove `OVERFLOW_' prefix. This increases readability.

7bffeacd

2017-06-07T17:08:01

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137 * src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use OVERFLOW_SUB_LONG.

24848a3d

2017-06-06T12:05:04

[cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32. * src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else branches.

addb2ddd

2017-06-03T21:05:42

[base, cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG. * src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32. * src/truetype/ttgload.c (compute_glyph_metrics): User OVERFLOW_SUB_LONG. * src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig, Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X, Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.

1ea34322

2017-06-03T06:52:13

[cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057 * src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG. (Ins_SUB): Use OVERFLOW_SUB_LONG. (Ins_NEG): Use NEG_LONG.

3802ca8b

2017-06-02T08:44:20

[cff] Fix integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028 * src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c (cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32.

e66d7300

2017-05-31T16:16:50

[cff] 32bit integer overflow run-time errors 2/2 (#46149). This commit handles the new engine. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG, NEG_INT32): New macros. * src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32. * src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init, cf2_hintmap_map, cf2_glyphpath_hintPoint, cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset, cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and NEG_INT32 where appropriate. * src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend, cf2_interpT2CharString): Ditto. Also add some other code where needed to avoid overflow.

2e4188d8

2017-05-28T07:46:22

[cff] s/cf2_floatToFixed/cf2_doubleToFixed/. The new name better describes what the macro actually does; additionally, we don't need a trailing `f' for literals (there was only a single such instance in the code, but this caused a clang warning because the macro itself uses `double' literals). * src/cff/cf2blues.c, src/cff/cf2blues.h, src/cff/cf2fixed.h, src/cff/cf2font.c, src/cff/cf2hints.c: Updated.

37c72f66

2016-12-25T22:55:25

Minor formatting.

748e3681

2015-10-21T13:58:43

[cff] Remove an assert (#46107). * src/cff/cf2hints.c (cf2_hintmap_insertHint): Ignore paired edges in wrong order.

eb05bfbe

2015-02-20T08:37:35

[cff] Signedness fixes for new engine. * src/cff/cf2arrst.c, src/cff/cf2fixed.h, src/cff/cf2ft.c, src/cff/cf2ft.h, src/cff/cf2hints.c, src/cff/cf2intrp.c: Apply.

f89396cb

2014-12-04T06:17:26

[cff] Modify an FT_ASSERT. * src/cff/cf2hints.c (cf2_hintmap_map): After the fix for Savannah bug #43661, the test font `...aspartam.otf' still triggers an FT_ASSERT. Since hintmap still works with count==0, ... (cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): ... add that term to suppress the assert.

2cdc4562

2014-12-04T06:10:16

[cff] Fix Savannah bug #43661. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdHSTEM, cf2_cmdVSTEM, cf2_cmdHINTMASK>: Don't append to stem arrays after hintmask is constructed. * src/cff/cf2hints.c (cf2_hintmap_build): Add defensive code to avoid reading past end of hintmask.

d17cabf5

2014-07-26T09:53:50

[cff] Fix typo. * src/cff/cf2hints.c (cf2_glyphpath_computeOffset): Use correct offsets in third quadrant. Reported by maks <maksqwe1@ukr.net>.

6adda68a

2014-02-28T09:24:26

Math simplifications. * src/cf2blues.c (cf2_blues_init): Use `FT_MulDiv'. * src/cf2ft.c (cf2_getScaleAndHintFlag): Use simple division.

0eae6eb0

2014-02-28T07:40:01

Fix Savannah bug #41697, part 1. * src/cff/cf2hints.c (cf2_hintmap_build): Return when `hintMask' is invalid. In this case, it is not safe to use the length of `hStemHintArray'; the exception has already been recorded in `hintMask'.

dd21301e

2013-11-08T10:52:51

[cff] Fix for hints that touch. * src/cff/cf2hints.c (cf2_hintmap_insertHint): Fix condition for finding index value of insertion point.

3a2cb0f8

2013-09-29T16:17:02

Fix Savannah bug #39295. The bug was caused by switching to the initial hintmap (the one in effect when `moveto' executes) just before drawing the final element in the charstring. This ensured that the path was closed (in both Character Space and Device Space). But if the final element was a curve and if the final hintmap was different enough from the initial one, then the curve was visibly distorted. The first part of the fix is to draw the final curve using the final hintmap as specified by the charstring. This corrects the distortion but does not ensure closing in Device Space. It may require the rasterizer to automatically generate an extra closing line. Depending on the hintmap differences, this line could be from zero to a couple pixels in length. The second part of the fix covers the case where the charstring subpath is closed with an explicit line. We now modify that line's end point to avoid the distortion. Some glyphs in the bug report font (TexGyreHeros-Regular) that show the change are: 25ppem S (98) 24ppem eight (52) 25.5ppem p (85) Curves at the *end* of a subpath are no longer distorted. However, some of these glyphs have bad hint substitutions in the middle of a subpath, and these are not affected. The patch has been tested with a set of 106 fonts that shipped with Adobe Creative Suite 4, together with 756 Open Source CFF fonts from Google Fonts. There are 1.5 million glyphs, of which some 20k are changed with the fix. A sampling of a few hundred of these changes have been examined more closely, and the changes look good (or at least acceptable). * src/cff/cf2hints.h (CF2_GlyphPathRec): New element `pathIsClosing' to indicate that we synthesize a closepath line. * src/cff/cf2hints.c (cf2_glyphpath_init): Updated. (cf2_glyphpath_pushPrevElem): If closing, use first hint map (for `lineto' operator) and adjust hint zone. For synthesized closing lines, use end point in first hint zone. (cf2_glyphpath_lineTo): Take care of synthesized closing lines. In particular, shift the detection of zero-length lines from character space to device space. (cf2_glyphpath_closeOpenPath): Remove assertion. Updated.

c06889eb

2013-06-12T10:58:06

More compiler warning fixes. */*: Use cast to `FT_Bool' (or `Bool') where appropriate.

283c8ed8

2013-04-13T15:02:31

[cff] New files for Adobe's Type 2 interpreter and hinting engine.

kc3-lang/freetype/src/cff/cf2hints.c

src/cff/cf2hints.c

Log