|
4a89112b
|
2022-01-08T16:56:57
|
|
* src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Add limit checks.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40716
|
|
3f9b78fc
|
2022-01-10T18:19:41
|
|
[zlib] Don't typedef `ptrdiff_t`.
While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually
include some standard header files, making the typedef fail on systems where
the native `ptrdiff_t` type differs.
Fixes #1124.
* src/zlib/zutil.h: Comment out definition; it doesn't work on Windows.
* src/zlib/patches/freetype-zlib.diff: Updated.
|
|
da8a8b8b
|
2022-01-10T17:25:47
|
|
[zlib] Some organizational changes.
We now first apply zlib's `zlib2ansi` script, then FreeType's patch file.
* src/gzip/README.freetype: Updated.
* patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed
to...
* patches/freetype-zlib.diff: This.
Clean up description, then regenerate it as follows:
- Copy unmodified files from `zlib` repository.
- Run `zlib2ansi` script.
- Run `git diff -R > patches/freetype-zlib.diff.new`.
- Insert patch description of old diff file, then replace old diff with
new diff file.
|
|
a25e85ed
|
2021-08-17T15:20:25
|
|
[gzip] Update sources to zlib 1.2.11
This can be tested by building with the Unix development build
make setup devel
make
or by building the freetype-demos programs with
meson setup build -Dfreetype2:zlib=internal
meson compile -C out
and trying to run `ftview` with a `.pcf.gz` font file.
* src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources. Also
remove the temporary fix introduced in commit 6a431038 to work around the
fact that the internal sources were too old.
* src/gzip/README.freetype: New file describing the origin of the sources
and how they were modified.
* src/gzip/patches/*: Patch files applied to original sources.
* src/gzip/*: Updated zlib sources with the patch file(s) from
`src/gzip/patches/` applied, followed by a conversion with zlib's
`zlib2ansi` script.
|
|
d276bcb7
|
2022-01-09T07:48:59
|
|
[bzip2] Avoid use of uninitialized memory.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
`FT_NEW` for setting up `zip` to avoid uninitialized memory access while
handling malformed PCF fonts later on.
Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
|
|
ca011128
|
2022-01-08T22:28:44
|
|
[sfnt] Fix off-by-one error.
The 0-base index is equal to the number of previosly parsed entries.
It is an error to adjust it by one to get the number truncated by
a stream error. This is probably inconsequential because valid
entries are correctly accounted for.
* src/sfnt/ttload.c (check_table_dir): Do not adjust the truncated
number of tables.
|
|
7a493e3a
|
2022-01-08T10:28:19
|
|
[sfnt, type42] Correct previous commit.
Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773.
* src/sfnt/ttload.c (check_table_dir): Revert change.
* src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but
`FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access
while handling malformed TrueType fonts later on.
|
|
bf9b1ef9
|
2022-01-07T10:25:52
|
|
* src/sfnt/ttload.c (check_table_dir): Initialize `table`.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773
|
|
b5c2172f
|
2022-01-07T06:53:44
|
|
[sfnt] Avoid 'runtime error: applying zero offset to null pointer'.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_byte_aligned): Exit early if
`line` is NULL.
|
|
5aa2a5c3
|
2022-01-07T06:41:36
|
|
[autofit, pshinter] Use `FT_OFFSET`.
This avoids
```
runtime error: applying zero offset to null pointer
```
warnings of clang's undefined behaviour sanitizer.
* src/autofit/afcjk.c (af_cjk_hints_link_segments,
af_cjk_hints_compute_edges, af_cjk_hints_compute_blue_edges,
af_cjk_hint_edges, af_cjk_align_edge_points): Do it.
* src/autofit/afhints.c (af_glyph_hints_align_edge_points,
af_glyph_hints_align_strong_points): Ditto.
* src/autofit/aflatin.c (af_latin_metrics_init_widths,
af_latin_hints_link_segments, af_latin_hints_compute_edges,
af_latin_hints_compute_blue_edges, af_latin_hint_edges): Ditto.
* src/pshinter/pshalgo.c (psh_hint_table_init): Ditto.
|
|
afb4ca01
|
2022-01-06T12:54:15
|
|
[truetype] Reset localpoints when varying cvt.
When iterating over the cvt tuples and reading in the points it is necessary
to set all of `localpoints`, `points`, and `point_count` in all cases. The
existing code did not reset `localpoints` to `NULL` when there were no
private point numbers. If the previous tuple did have private point numbers
and set `localpoints` to `ALL_POINTS` this would not be cleared and the
wrong branch would be taken later, leading to possible heap buffer overflow.
* src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL`
when it isn't valid.
Fixes: https://crbug.com/1284742
|
|
4eb6cb88
|
2021-12-25T09:23:58
|
|
Fix warnings for CMake Unity builds.
* src/cache/ftcbasic.c (FT_COMPONENT): Undefine macro before redefinition.
* src/smooth/ftgrays.c (TRUNC, FRACT): Ditto.
|
|
4f357118
|
2021-12-17T11:22:09
|
|
Clang-Tidy warning fixes.
* src/base/ftobjs.c (FT_Get_Paint): Operator has equivalent nested operands.
* src/bdf/bdflib.c (_bdf_add_property): Value stored to `fp` is never read.
* src/sdf/ftbsdf.c (bsdf_init_distance_map): Value stored to `pixel` is
never read.
* src/sdf/ftsdf.c (split_sdf_shape): Value stored to `error` is never read.
|
|
0da2a115
|
2021-12-13T11:44:24
|
|
[truetype] Upstream the hdmx binary search.
* src/truetype/ttobjs.h (TT_SizeRec): Add `widthp` for the hdmx
widths.
* src/truetype/ttobjs.c (tt_size_reset): Initialize `widthp` even
though it might never be used by the interpreter.
* src/truetype/ttgload.c (tt_loader_init): Avoid repeated searches
in the hdmx table.
|
|
fd03dcc1
|
2021-12-12T12:29:04
|
|
[truetype] Reset the IUP-called flags for each subglyph.
This fixes fall-out from 7809007a5b88b15, where the composite
accents were no longer hinted.
* src/truetype/ttgload.c (ttloader_init): Move the IUP-called flag
initialization from here...
* src/truetype/ttinterp.c (TT_Run_Context): ... to here.
|
|
7add5b2b
|
2021-12-11T22:54:06
|
|
[truetype] Binary search through the `hdmx` records.
The `hdmx` table is supposed to be sorted by ppem size, which
enables binary search. We also drop the check for the sufficient
length of the record because it is now enforced when the table
is loaded.
* include/freetype/internal/tttypes.h (TT_FaceRec): Store the `hdmx`
record pointers sorted by ppem instead of ppem's themselves.
* src/truetype/ttpload.c (tt_face_load_hdmx): Prudently sort records.
(tt_face_get_device_metrics): Implement binary search to retrieve
advances.
|
|
a8ef33e3
|
2021-12-11T22:42:46
|
|
[truetype] Honor FT_LOAD_ADVANCE_ONLY if `hdmx` is usable.
This simply shortcuts the glyph loading if FT_LOAD_ADVANCE_ONLY
is specified by FT_Get_Advances and the `hdmx` data are located.
Particularly, the classic v35 interpreter or "verified" ClearType
fonts might see 100x speed up in retrieving the hdmx cache.
* src/truetype/ttgload.c (TT_Load_Glyph): Insert the shortcut.
|
|
6c831d65
|
2021-12-11T22:34:27
|
|
[truetype] Initialize the loader with `hdmx` data.
The `hdmx` matching can be done before the glyph is loaded.
* include/freetype/internal/tttypes.h (TT_LoaderRec): Add a field.
* src/truetype/ttgload.c (compute_glyph_metrics): Relocate the `hdmx`
code from here...
(tt_loader_init): ... to here, before the glyph is loaded.
|
|
7809007a
|
2021-12-11T22:22:57
|
|
[truetype] Relocate subpixel flag setting.
`TT_RunIns` is too busy to deal with subpixel flags. It is better
to set them in `tt_loader_init`, which is executed before each
glyph program.
* src/truetype/ttinterp.c (TT_RunIns): Move the flag setting from
here...
* src/truetype/ttgload.c (tt_loader_init): ... to here.
|
|
a35b081e
|
2021-12-11T22:12:25
|
|
[truetype] Limit INSTCTRL appication within specs.
* src/truetype/ttinterp.c (Ins_INSTCTRL): Limit its global effects
to the CVT program and local effects to the glyph program.
This also fixes an Infinality buglet. The `ignore_x_mode` should be
locally unset by the glyph program.
|
|
bad92be9
|
2021-12-09T17:06:28
|
|
[bdf] Fix use of uninitialized value.
In _bdf_readstream if the data contained no newline then the buffer
would continue to grow and uninitialized data read until either the
uninitialized data contained a newline or the buffer reached its
maxiumum size. The assumption was that the line was always too long and
the buffer had been filled, however this case can also happen when there
is not enough data to fill the buffer.
Correct this by properly setting the cursor to the end of the available
data, which may be different from the end of the buffer. This may still
result in one extra allocation, but only on malformed fonts.
* src/bdf/bdflib.c (_bfd_readstream): Correctly update cursor. Remove
unread set of `avail`.
Bug: https://lists.nongnu.org/archive/html/freetype-devel/2021-12/msg00001.html
|
|
012b00f3
|
2021-12-07T10:19:06
|
|
[truetype] Reduce Infinality footprint again.
* src/truetype/ttgload.c (compute_glyph_metrics): Streamline and
prioritize the Infinality checks to use `hdmx`.
|
|
3f83daee
|
2021-12-01T20:17:59
|
|
* Version 2.11.1 released.
==========================
Tag sources with `VER-2-11-1'.
* docs/VERSION.TXT: Add entry for version 2.11.1.
* docs/CHANGES, docs/release: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.11.0/2.11.1/, s/2110/2111/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 24:1:18.
* CMakeLists.txt (VERSION_PATCH): Set to 1.
* builds/toplevel.mk (version_tag, CHANGELOG_SCRIPT): New variables.
(do-dist): Generate `ChangeLog` file with all commits since last release.
|
|
3b45f564
|
2021-11-29T18:17:49
|
|
* src/base/ftobjs.c (FT_Request_Metrics): Fix build warning on Android.
Use casts since `FT_USHORT_MAX` is unsigned short in bionic (libc used in
Android).
|
|
36a905e1
|
2021-11-26T09:15:46
|
|
* src/truetype/ttpload.c (tt_face_load_hdmx): Added comments.
|
|
32f13c11
|
2021-11-25T22:38:40
|
|
[truetype] Quietly reject out-of-spec `hdmx` tables.
The `hdmx` table is optional and can be safely rejected without
an error if it does not follow specifications. The record size
must be equal to the number of glyphs + 2 + 32-bit padding.
* src/truetype/ttpload.c (tt_face_load_hdmx): Thoroughly check
the record size and improve tracing.
|
|
cff026d4
|
2021-11-23T16:05:12
|
|
[truetype] Partly revert 5b626281.
Fixes #1118.
* src/truetype/ttpload.c (tt_face_load_hdmx): Do not assume that
`record_size` is rounded even though the records are padded.
|
|
3cabd142
|
2021-11-22T19:36:45
|
|
Update `CHANGES` files, other minor whitespace and documentation issues.
|
|
a11650d7
|
2021-11-21T07:51:31
|
|
* src/truetype/ttinterp.c (Ins_MD): Avoid `FT_ABS`.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38562
|
|
6da5f95f
|
2021-11-20T09:29:09
|
|
[gxvalid] Fix minor compilation warning.
* src/gxvalid/gxvmort5.c (gxv_mort_subtable_type5_subtable_setup): Declare
as static.
|
|
f5ce1824
|
2021-11-20T07:56:34
|
|
[smooth] Fix stand-alone compilation.
* src/smooth/ftgrays.c (FT_Trace_Enable, FT_Trace_Disable)[STANDALONE_]:
Define.
|
|
8c8f51c5
|
2021-11-19T21:50:22
|
|
Avoid undefined left-shifts.
We really have to use double casts to avoid issues with C's and C++'s
signedness propagation rules in implicit casts.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41178
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41182
* include/freetype/config/public-macros.h (FT_STATIC_CAST,
FT_REINTERPRET_CAST): Modify macro to take two arguments.
Update all callers.
(FT_STATIC_BYTE_CAST): New macro.
* include/freetype/freetype.h (FT_ENC_TAG): Use `FT_STATIC_BYTE_CAST`.
* include/freetype/ftimage.h (FT_IMAGE_TAG): Ditto.
* include/freetype/fttypes.h (FT_MAKE_TAG): Ditto.
Use `FT_Tag` for casting.
* src/ftraster/ftmisc.h (FT_MAKE_TAG): Removed, no longer needed.
(FT_STATIC_BYTE_CAST): New macro.
* src/smooth/ftgrays.c (FT_STATIC_CAST): Replace with...
(FT_STATIC_BYTE_CAST): ... this.
|
|
9079c5d9
|
2021-11-13T08:53:19
|
|
Provide C++ versions for public macros with casts.
Many FreeType clients use C++. However `g++ -Wold-style-cast` warns for
macros with C-style casts even for system header files; this also affects
directories included with `-isystem`. While this could be seen as a problem
with g++, the problem is more a philosophical one: Over the time, C and C++
diverged more and more, and some features of C are no longer the 'right'
solution in C++.
* include/freetype/config/public-macros.h (FT_STATIC_CAST,
FT_REINTERPRET_CAST): New macros.
* include/freetype/freetype.h (FT_ENC_TAG, FT_LOAD_TARGET_,
FT_LOAD_TARGET_MODE): Use `FT_STATIC_CAST`.
Correctly handle negative 'signed char' input.
* include/freetype/ftimage.h (FT_IMAGE_TAG): Ditto.
* include/freetype/fttypes.h (FT_MAKE_TAG, FT_BOOL): Ditto.
* include/freetype/ftmodapi.h (FT_FACE_DRIVER_NAME): Use
`FT_REINTERPRET_CAST`.
* src/smooth/ftgrays.c (FT_STATIC_CAST)[STANDALONE_]: New macro.
[!STANDALONE]: Include `FT_CONFIG_CONFIG_H`.
Fixes #1116.
|
|
238245cd
|
2021-11-16T22:07:28
|
|
Fix clang++ warnings.
* src/*: Initialize some variables to NULL.
|
|
e4f7673e
|
2021-11-13T21:11:00
|
|
[truetype] Updates for the forthcoming OpenType 1.9 standard (2/2).
* src/truetype/ttgxvar.c (ft_var_load_item_variation_store):
s/shortDeltaCount/wordDeltaCount/ (as done in the specification, too).
Recognize new format and reject it for now.
|
|
93e6b3e8
|
2021-11-13T14:41:40
|
|
[truetype] Updates for the forthcoming OpenType 1.9 standard (1/2).
This is in preparation for implementing `DeltaSetIndexMap` format 1, which
is used by `COLR` v1 tables, and which allows 32bit indices.
https://docs.microsoft.com/en-us/typography/opentype/otspec190/delta/otvarcommonformats_delta.html
* src/truetype/ttgxvar.h (GX_DeltaSetIdxMapRec): Change type of `mapCount`
to `FT_ULong`.
* src/truetype/ttgxvar.c (ft_var_load_delta_set_index_mapping): Add argument
for passing the table size; update caller.
Implement new format.
|
|
d31bafcb
|
2021-11-14T11:02:54
|
|
Fix clang warnings.
* src/gxvalid/gxvcmmn.h (GXV_SET_ERR_IF_PARANOID): Use 'do' block.
* src/gxvalid/gxvmod.c (GXV_TABLE_LOAD, GXV_TABLE_VALIDATE): Ditto.
* src/smooth/ftgrays.c (gray_convert_glyph): Add cast.
* src/type1/t1gload.c (T1_Parse_Glyph_And_Get_Char_String): Remove cast.
* src/type1/t1load.c (read_binay_data): Use `FT_ULong` for `size` parameter.
(parse_subrs, parse_charstrings, parse_dict): Ditto; also add some casts.
|
|
9597fd7b
|
2021-11-11T17:33:37
|
|
[sfnt] Avoid undefined shifts in `COLR` v1 paint parsing
* src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Tighten shift
behavior by using multiplication, mostly using macros from ftcalc.h.
Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1269168
|
|
c5cd2a3d
|
2021-11-10T08:46:26
|
|
* src/truetype/ttgxvar.c (ft_var_to_normalized): Edge optimization.
|
|
d899b200
|
2021-11-08T12:27:04
|
|
* src/sfnt/sfobjs.c (sfnt_open_font): Fix typo.
|
|
b86f96bc
|
2021-11-08T11:15:50
|
|
* src/gxvalid.*, src/otvalid.*: Fix `-Wformat` warnings.
|
|
cce78228
|
2021-11-08T09:41:54
|
|
[pshinter] Fix C++ compilation.
* src/pshinter/pshalgo.c (psh_compute_dir): Fix type of `result`.
(psh_hint_table_find_strong_points): Add cast.
|
|
7ef26604
|
2021-11-04T09:10:57
|
|
[sfnt] Reduce footprint if WOFF and WOFF2 support is not needed.
Based on a patch from metarutaiga (MR !106). The gist of this commit is
that it doesn't make sense to support WOFF without compression (which would
be only possible in WOFF 1.0 anyway).
* src/sfnt/sfobjs.c (sfnt_open_font): Guard WOFF code with
`FT_CONFIG_OPTION_USE_ZLIB` block.
Guard WOFF2 code with `FT_CONFIG_OPTION_USE_BROTLI` block.
* src/sfnt/sfwoff.c, src/sfnt/sfwoff.h: Guard files with
`FT_CONFIG_OPTION_USE_ZLIB` blocks, not parts of the code.
* src/sfnt/sfwoff2.c, src/sfnt/sfwoff2.h, src/sfnt/woff2tags.c,
src/sfnt/woff2tags.h: Guard files with `FT_CONFIG_OPTION_USE_BROTLI` blocks,
not parts of the code.
Fixes #1111.
|
|
bb4e049a
|
2021-11-04T08:58:13
|
|
[truetype] Make trickyness checks depend on TT_USE_BYTECODE_INTERPRETER.
Based on a patch from metarutaiga (MR !106).
* src/truetype/ttobjs.c (tt_skip_pdffont_random_tag,
tt_check_trickyness_family, tt_synth_sfnt_checksum, tt_get_sfnt_checksum,
tt_check_trickyness_sfnt_ids, tt_check_trickyness): Put functions into a
`TT_USE_BYTECODE_INTERPRETER` block.
(tt_face_init): Put trickyness checks into a `TT_USE_BYTECODE_INTERPRETER`
block.
Fixes #1111.
|
|
9ebdc9cb
|
2021-11-07T23:21:40
|
|
* src/sfnt/ttload.c (tt_face_load_gasp): Fix a type mismatch warning.
|
|
7f4b9bfb
|
2021-11-07T10:20:16
|
|
[dlg] Define DLG_STATIC explicitly.
DLG_STATIC is intended to disable Windows DLL linking attributes.
It does not hurt to define it explicitly when we wrap DLG code.
This fixes tons of LNK4286 and C4273 warnings from MSVC if we
forget to define DLG_STATIC as a compiler option.
* builds/windows/vc2010/freetype.vcxproj: Remove DLG_STATIC option.
* src/dlg/dlgwrap.c [FT_DEBUG_LOGGING]: Define DLG_STATIC.
* include/freetype/internal/ftdebug.h [FT_DEBUG_LOGGING]: Ditto.
|
|
c693377e
|
2021-11-07T10:05:05
|
|
[dlg] Lighten up the inclusions.
The DLG wrapper needs to know if FT_DEBUG_LOGGING is defined in
`ftoption.h`. It does not need entire FreeType.
* src/dlg/dlgwrap.c: Include FT_CONFIG_OPTIONS_H directly.
|
|
cb9e7b7a
|
2021-11-06T22:59:31
|
|
[truetype] Avoid some memory zeroing in variations.
* src/truetype/ttgxvar.c (ft_var_readpackeddeltas, ft_var_load_avar,
ft_var_load_item_variation_store, ft_var_load_gvar): Use FT_QNEW_ARRAY
if memory immediately initialized or discarded otherwise.
|
|
fc55291b
|
2021-11-04T11:07:43
|
|
[truetype] Fix handling of packed deltas in Variation Fonts.
* src/truetype/ttgxvar (ft_var_readpackeddeltas): Don't expect the number of
bytes used to encode the deltas to be higher than the number of encoded
values. The specification allows a very compact encoding; for example, a
list of 200 zeros can be encoded with just a couple of bytes.
We now count the consumed bytes to make sure to not read more than expected.
|
|
9ed5332f
|
2021-11-04T08:56:59
|
|
[truetype] Fix CVAR handling of tuples for all points.
* src/truetype/ttgxvar (tt_face_vary_cvt): Function
`ft_var_readpackedpoints`, when it returns `ALL_POINTS`, also sets
`point_count` to value 0. However, the CVAR code was incorrectly expecting
that `point_count` would be set to match the length of the CVT table.
|
|
23d1d8ad
|
2021-11-04T08:55:39
|
|
* src/truetype/ttgxvar.c: Fix typos in macros that guard CVAR code.
|
|
d3d3ff76
|
2021-11-01T17:32:27
|
|
[sfnt] Clarify `COLR` v1 FT_Paint* format representations
* include/freetype/ftcolor.h (FT_PaintLinearGradient,
FT_PaintRadialGradient, FT_PaintSweepGradient, FT_PaintTransform,
FT_PaintTranslate, FT_PaintScale, FT_PaintRotate, FT_PaintSkew): Clarify
16.16 fixed point representation of struct fields.
* src/sfnt/ttcolr.c (read_paint): Shift coordinates for
FT_PaintLinearGradient, FT_PaintRadialGradient, FT_PaintSweepGradient
accordingly.
Fixes: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1110
|
|
94cb3a2e
|
2021-10-29T10:31:59
|
|
* src/truetype/ttgload.c (load_truetype_glyph): Fix MSVC warning C4312.
|
|
793c0126
|
2021-10-27T22:36:11
|
|
[woff] Optimize table tagging.
* include/freetype/internal/wofftypes.h (WOFF_TableRec): Use
32-bit tag.
* src/sfnt/sfwoff.c (woff_open_font): Use 32-bit tag.
|
|
a577bbcb
|
2021-10-27T22:24:27
|
|
[woff2] Optimize table tagging.
Fixes #1107.
* include/freetype/internal/wofftypes.h (WOFF2_TableRec): Use
32-bit tag.
* src/sfnt/sfwoff2.c (compare_tags, find_table, woff2_open_font):
Use 32-bit tag.
* src/sfnt/woff2tags.[ch] (woff2_known_tags): Use static storage and
return 32-bit tag.
|
|
80b13f57
|
2021-10-26T10:57:17
|
|
Formatting.
|
|
535c67dd
|
2021-10-25T22:38:05
|
|
[mm] Tolerate missing Blend dictionary entries
In a Multiple Master font, the Blend dictionary must contain valid
Private, FontInfo, and FontBBox. The current code will error if any of
these are present and invalid, but will not error and will provide
uninitialized data if the Blend dictionary exists but does not contain
one of these entries. This change reverts to the older behavior of
treating any missing entries as containing all zero data and not
returning an error.
In the future it may be best to keep track of when these are actually
initialized and error if they are not.
* src/type1/t1load.c (t1_allocate_blend): Zero initiailize.
|
|
65be4b21
|
2021-10-21T09:55:28
|
|
[mm] Delay setting blend weight and design position.
Previously the `blend->weight_vector`, `blend->default_weight_vector`,
and `blend->design_pos` were set early to allocated but uninitialized
memory under the assumption that the memory would eventually be
initialized. However, it is possible that some of the required
keywords may not actually be present, leaving the memory uninitialized.
This is different from a present but invalid table, which would produce
an error.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261762
* src/type1/t1load.c (t1_allocate_blend): Remove early allocation and
initialization.
(parse_blend_design_positions, parse_weight_vector): Parse into local
and assign to blend if valid.
(T1_Open_Face): Check that if a blend exists that it has the weight
vector and design positions.
|
|
b5e003f1
|
2021-10-21T09:48:38
|
|
[cff] Commit vstore data and regions on allocation.
The vstore->regionCount and vstore->dataCount were read directly
from the data. However, vstore->varRegionList and vstore->varData
would still contain uninitialized entries with uninitialized
pointers in the event of an error, leading to issues when attempting
to clean up.
Reportd as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40104
* src/cff/cffload.c (cff_vstore_load): Read the region and data counts
into locals and update the vstore counts immediately after each entry
becomes free-able.
|
|
fde91ab8
|
2021-10-20T11:45:15
|
|
[sfnt] Delay setting gasp ranges and count until computed.
Previously, the gasp.numRanges was set and gasp.gaspRanges was
allocated and assigned before a possible early exit if the frame could
not be entered. It is also possible that the gaspRanges allocation
could fail but the numRanges still be set to non-zero. In such cases
an error would be returned, but the face would have a gasp in an
inconsistent state which may still be accessed.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261450
* src/sfnt/ttload.c (tt_face_load_gasp): Delay setting gasp.numRanges
and gasp.gaspRanges until after the ranges are initialized.
|
|
6d12e3a0
|
2021-10-20T11:38:16
|
|
[sfnt] Delay setting names and langTags until computed.
Previously, the table->names and table->langTags fields were created
pointing to uninitialized memory and an early exit could happen if the
frame could not be entered. The caller would then be unable to properly
dispose of the memory as the string fields had not been initialized.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261343
* src/sfnt/ttload.c (tt_face_load_name): delay setting table->langTags
and table->names until after the memory they will point to is fully
initialized.
|
|
8ef8072b
|
2021-10-19T22:59:46
|
|
[bdf, cid, pfr, winfonts] Improve rejection of other font formats.
This is mainly for better diagnostics of malformed fonts.
* src/bdf/bdflib.c (_bfd_readstream): Stop font format testing if the first
input line is too long or doesn't end with `\r` or `\n`.
* src/cid/cidparse.c (cid_parser_new): Don't handle too short input as an
error but as an unknown format.
* src/pfr/pfrobjs.c (pfr_face_init): Ditto.
* src/winfonts/winfnt.c (fnt_font_load, fnt_face_get_dll_font): Ditto.
|
|
38b349c4
|
2021-10-18T20:35:28
|
|
[pcf] Zero out the allocated properties.
Fallout reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40033
* src/pcf/pcfread.c (pcf_get_properties): Use FT_NEW_ARRAY and zero
out `properties` in case of failure.
|
|
986d503f
|
2021-10-17T09:14:27
|
|
* src/sfnt/ttload.c (tt_face_load_name): NULL-initialize langTag.
Another attempt to fix fallout reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40024
|
|
30ca63d4
|
2021-10-16T23:02:47
|
|
[bdf] Fix up user properties.
Fallout reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40027
* src/bdf/bdflib.c (_bdf_add_property): Cosmetic NULL.
(bdf_create_property): Limit allocations to customary signed
FT_Long and NULL-initialize unused storage.
(bdf_free_font): Do not free unused storage.
|
|
afd1cb28
|
2021-10-16T20:25:11
|
|
* src/sfnt/ttload.c (tt_face_load_name): Accounting fix.
Fallout reported as
https://crbug.com/40024
|
|
c71eb22d
|
2021-10-15T22:18:38
|
|
Fix typos in memory macros.
FT_QNEW_ARRAY and FT_QRENEW_ARRAY were using the non-Q
FT_MEM_NEW_ARRAY and FT_MEM_RENEW_ARRAY. Change these to use the Q
versions. Also fix the one issue discovered in tt_face_load_name
where table->names is created with FT_QNEW_ARRAY but the extra
string member is not initialized to NULL.
* include/freetype/internal/ftmemory.h (FT_Q(RE)NEW_ARRAY):
Use FT_MEM_Q(RE)NEW_ARRAY as needed.
* src/sfnt/ttload.c (tt_face_load_name): Initialize `entry->string`.
|
|
8406ae53
|
2021-10-15T14:16:30
|
|
[truetype] Reload context after re-executing `prep`.
When a different hinting mode from the current is selected, the `prep` table
must be re-executed with the new mode. After this happens the context must
be re-loaded in preparation for the glyph program to be run.
Fixes #1104.
* truetype/ttgload.c (tt_loader_init): Add call to `TT_Load_Context`.
|
|
0b92c56c
|
2021-10-15T19:02:41
|
|
[truetype] Minor documentation improvements.
|
|
e294a95c
|
2021-10-11T23:25:29
|
|
* src/cid/cidload.c (parse_fd_array): Protect against trancation.
|
|
1029eb93
|
2021-10-11T22:25:14
|
|
[type1] Revert to signed size for binary data.
Recently introduced and reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39838
* src/type1/t1load.c (read_binary_data): Reject negative size.
(parse_subrs, parse_charstrings): Use customary signed size.
|
|
77bd46e9
|
2021-10-10T23:12:12
|
|
[psaux] Signedness revisions.
Unsigned indexes are easier to check.
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Updated.
* src/psaux/psintrp.c (cf2_interpT2CharString): Ditto.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Ditto.
* src/type1/t1load.c (read_binary_data): Ditto.
|
|
3b036820
|
2021-10-10T23:11:10
|
|
[cid] Signedness revisions.
Unsigned checks are simpler.
* include/freetype/t1tables.h (CID_FaceInfoRec): Change to unsignd
`num_dicts`.
* src/cid/cidparse.h (CID_Parser): Change to unsigned `num_dict`.
* src/cid/cidgload.c (cid_load_glyph): Updated.
* src/cid/cidload.c (cid_load_keyword, parse_fd_array,
parse_expansion_factor, parse_font_name, cid_read_subrs,
cid_face_open): Updated.
* src/cid/cidobjs.c (cid_face_done): Updated.
* src/cid/cidparse.c (cid_parser_new): Updated.
|
|
012b4f2d
|
2021-10-08T22:14:12
|
|
* src/cid/cidload.c (cid_face_open): Streamline CIDCount check.
|
|
946df221
|
2021-10-07T22:44:53
|
|
* src/cid/cidload.c (cid_face_open): Streamline SubrCount check.
|
|
0313a11c
|
2021-10-07T22:43:12
|
|
* src/cid/cidgload.c (cid_load_glyph): Fortify incremental loading.
|
|
22befeef
|
2021-10-07T22:41:56
|
|
Signedness revisions.
This eliminates explicit casting by switching to unsigned fields.
The revisions mostly impact the handling of CID fonts.
* include/freetype/fttypes.h (FT_Data): Change to unsigned `length`.
* include/freetype/t1tables.h (CID_FaceDictRec): Ditto for `sd_bytes`.
(CID_FaceInfoRec): Ditto for `gd_bytes` and `gd_bytes`.
* include/freetype/internal/tttypes.h (TT_LoaderRec): Ditto for
`byte_len`.
* src/cid/cidgload.c (cid_load_glyph): Updated.
* src/cid/cidload.h (cid_get_offset): Update argument.
* src/cid/cidload.c (cid_get_offset, cid_read_subrs, cid_face_open):
Updated.
* src/cff/cffgload.c (cff_get_glyph_data, cff_free_glyph_data):
Updated.
* src/psaux/psft.c (cf2_getT1SeacComponent): Updated.
* src/truetype/ttgload.c (TT_Process_Composite_Glyph,
load_truetype_glyph): Updated.
|
|
0f23ae2e
|
2021-10-05T16:28:40
|
|
* src/smooth/ftgrays.c (FT_DIV_MOD): Limit the ARM workaround.
|
|
ec6a4588
|
2021-10-04T23:10:59
|
|
[pshinter] Additional clean-ups.
* src/pshinter/pshalgo.h (psh_hint_table_find_strong_points): Streamline code.
* src/pshinter/pshalgo.h (PSH_Glyph): Remove unused fields.
|
|
227445f6
|
2021-10-03T22:48:23
|
|
[pshinter] More convenient direction definition.
It is easier to check directions using flags than integer values.
* src/pshinter/pshalgo.h (PSH_Dir): Redefine directions.
(PSH_PointRec): Use them as an enum type.
* src/pshinter/pshalgo.c (psh_compute_dir): Modify return type.
(psh_glyph_init, psh_hint_table_find_strong_points,
psh_glyph_find_blue_points): Update users.
|
|
d102a514
|
2021-10-03T22:45:42
|
|
[pshinter] Remove unnecessary check.
* src/pshinter/pshalgo.c (psh_hint_table_find_strong_points): Do not
check if direction is defined before checking how.
|
|
68fae526
|
2021-09-30T22:59:04
|
|
* src/autofit/afhints.c (af_glyph_hints_reload): Decrease casting.
|
|
1d79c892
|
2021-09-29T22:17:31
|
|
* src/tools/apinames.c: Facilitate OpenVMS linker options.
|
|
dd0ccdc3
|
2021-09-28T22:57:58
|
|
* src/winfonts/winfnt.c (FNT_Face_Init): Correct reallocation.
|
|
a69320a9
|
2021-09-24T22:06:44
|
|
[bdf] Simplify comment collection or lack thereof.
BDF comments are neither actually collected nor retrieved. There is
no need to be fancy with delimiters.
* src/bdf/bdflib.c (_add_bdf_comment): Delimit comments with zeros...
(bdf_load_font): ...and do not null-terminate comments additionally.
(_bdf_parse_glyphs): Check if comments are kept, which they are not.
(_bdf_parse_start): Minor clean up.
|
|
a29e0200
|
2021-09-23T23:10:26
|
|
Use NULL for pointers only.
* src/bdf/bdflib.c (*): Code changes.
* include/freetype/freetype.h: Comments only.
* src/cff/cffload.c, src/cff/cffobjs.c: Ditto.
* src/winfonts/winfnt.c: Ditto.
|
|
90b14882
|
2021-09-22T20:20:04
|
|
[bdf, pcf] Minor optimization.
* src/pcf/pcfread.c (pcf_load_font): Do not call `FT_MulDiv` for a
small job.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Ditto.
* src/bdf/bdflib.c (_bdf_parse_glyphs): Fix a comment.
|
|
b4dddd82
|
2021-09-22T00:30:03
|
|
[base] Initialize stream memory earlier.
With Windows memory management tracking heap, it is important to use
it during the stream opening fallback. In Unix, the argument is
unused, but it is better to set it correctly.
* src/base/ftobjs.c (FT_Stream_New): Set memory before calling
`FT_Stream_Open`.
* builds/windows/ftsystem.c, builds/unix/ftsystem.c (FT_Stream_Open,
ft_close_stream_by_free): Call `ft_alloc` and `ft_free` with proper
memory argumment.
|
|
892e7ead
|
2021-09-21T14:39:21
|
|
* src/bdf/bdflib.c (_bdf_parse_{start,glyphs}): Use appropriate scanner.
|
|
61903609
|
2021-09-20T22:18:29
|
|
Minor.
|
|
71969d1e
|
2021-09-20T14:31:45
|
|
* src/cff/cffdrivr.c (cff_ps_get_font_{info,extra}): Use FT_QNEW.
|
|
52915898
|
2021-09-18T07:05:55
|
|
[cache] Minor clean-ups.
* src/cache/ftccache.h (FTC_CACHE_LOOKUP_CMP): Remove parantheses.
* src/cache/ftccache.c (FTC_Cache_Lookup): Ditto.
(FTC_Cache_RemoveFaceID): Remove unnecessary variable.
|
|
6e1ef98a
|
2021-09-16T23:08:46
|
|
[cff] Explicitly set StandardEncoding or ExpertEncoding offsets.
Fixes #1097.
* src/cff/cffload.c (cff_encoding_load): Set special offset values.
|
|
fce74b73
|
2021-09-16T17:03:19
|
|
[cache] Miscellaneous clean-ups.
* src/cache/ftccache.c (ftc_get_top_node_for_hash, FTC_Cache_Clear):
Remove barely used variables.
(ftc_cache_add): Adjust casting.
* src/cache/ftccmap.c (FTC_CMapCache_Lookup): Remove casting.
* src/cache/ftcsbits.c (ftc_snode_load): Remove casting.
|
|
79d14cc2
|
2021-09-16T16:41:56
|
|
* src/cff/cffload.c (cff_fd_select_get): Remove casting.
|
|
ae516e6a
|
2021-09-16T16:39:23
|
|
* src/pcf/pcfread.c (pcf_read_TOC): Remove casting.
|
|
801b7540
|
2021-09-14T22:55:50
|
|
Minor type adjustments.
* src/cff/cffobjs.c (cff_face_init): Reduce casting.
* src/truetype/ttobjs.c (tt_size_ready_bytecode): Ditto.
* src/type1/t1load.c (T1_Set_MM_Design): Ditto.
|
|
49270c17
|
2021-09-14T21:32:43
|
|
Replace boolean allocation macros with MEM ones.
* src/base/ftbitmap.c (FT_Bitmap_Copy): Use MEM-macro.
* src/base/ftobjs.c (ft_glyphslot_alloc_bitmap): Ditto.
* src/bzip2/ftbzip2.c (ft_bzip2_alloc): Ditto.
* src/cache/ftccache.c (ftc_cache_init): Ditto
* src/gzip/ftgzip.c (ft_gzip_alloc): Ditto.
* src/psnames/psmodule.c (ps_unicodes_init): Ditto.
* src/sfnt/sfobjs.c (sfnt_load_face): Ditto.
* src/sfnt/ttload.c (tt_face_load_name): Ditto.
|
|
9a4c846e
|
2021-09-14T21:25:47
|
|
[cache] Revert to some zeroing.
* src/cache/ftccache.c (ftc_cache_init, ftc_cache_resize): Zero
`buckets` again to fix some crashes.
|
|
0a8ee851
|
2021-09-14T10:26:37
|
|
* src/pshinter/pshrec.c (ps_mask_table_merge_all): Tweak loops.
Fixes fallout from 731d0b685685 reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38685
|