src


Log

Author Commit Date CI Message
Werner Lemberg 4a89112b 2022-01-08T16:56:57 * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Add limit checks. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40716
Werner Lemberg 3f9b78fc 2022-01-10T18:19:41 [zlib] Don't typedef `ptrdiff_t`. While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually include some standard header files, making the typedef fail on systems where the native `ptrdiff_t` type differs. Fixes #1124. * src/zlib/zutil.h: Comment out definition; it doesn't work on Windows. * src/zlib/patches/freetype-zlib.diff: Updated.
Werner Lemberg da8a8b8b 2022-01-10T17:25:47 [zlib] Some organizational changes. We now first apply zlib's `zlib2ansi` script, then FreeType's patch file. * src/gzip/README.freetype: Updated. * patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed to... * patches/freetype-zlib.diff: This. Clean up description, then regenerate it as follows: - Copy unmodified files from `zlib` repository. - Run `zlib2ansi` script. - Run `git diff -R > patches/freetype-zlib.diff.new`. - Insert patch description of old diff file, then replace old diff with new diff file.
David Turner a25e85ed 2021-08-17T15:20:25 [gzip] Update sources to zlib 1.2.11 This can be tested by building with the Unix development build make setup devel make or by building the freetype-demos programs with meson setup build -Dfreetype2:zlib=internal meson compile -C out and trying to run `ftview` with a `.pcf.gz` font file. * src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources. Also remove the temporary fix introduced in commit 6a431038 to work around the fact that the internal sources were too old. * src/gzip/README.freetype: New file describing the origin of the sources and how they were modified. * src/gzip/patches/*: Patch files applied to original sources. * src/gzip/*: Updated zlib sources with the patch file(s) from `src/gzip/patches/` applied, followed by a conversion with zlib's `zlib2ansi` script.
Werner Lemberg d276bcb7 2022-01-09T07:48:59 [bzip2] Avoid use of uninitialized memory. * src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but `FT_NEW` for setting up `zip` to avoid uninitialized memory access while handling malformed PCF fonts later on. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
Alexei Podtelezhnikov ca011128 2022-01-08T22:28:44 [sfnt] Fix off-by-one error. The 0-base index is equal to the number of previosly parsed entries. It is an error to adjust it by one to get the number truncated by a stream error. This is probably inconsequential because valid entries are correctly accounted for. * src/sfnt/ttload.c (check_table_dir): Do not adjust the truncated number of tables.
Werner Lemberg 7a493e3a 2022-01-08T10:28:19 [sfnt, type42] Correct previous commit. Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773. * src/sfnt/ttload.c (check_table_dir): Revert change. * src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but `FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access while handling malformed TrueType fonts later on.
Werner Lemberg bf9b1ef9 2022-01-07T10:25:52 * src/sfnt/ttload.c (check_table_dir): Initialize `table`. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773
Werner Lemberg b5c2172f 2022-01-07T06:53:44 [sfnt] Avoid 'runtime error: applying zero offset to null pointer'. * src/sfnt/ttsbit.c (tt_sbit_decoder_load_byte_aligned): Exit early if `line` is NULL.
Werner Lemberg 5aa2a5c3 2022-01-07T06:41:36 [autofit, pshinter] Use `FT_OFFSET`. This avoids ``` runtime error: applying zero offset to null pointer ``` warnings of clang's undefined behaviour sanitizer. * src/autofit/afcjk.c (af_cjk_hints_link_segments, af_cjk_hints_compute_edges, af_cjk_hints_compute_blue_edges, af_cjk_hint_edges, af_cjk_align_edge_points): Do it. * src/autofit/afhints.c (af_glyph_hints_align_edge_points, af_glyph_hints_align_strong_points): Ditto. * src/autofit/aflatin.c (af_latin_metrics_init_widths, af_latin_hints_link_segments, af_latin_hints_compute_edges, af_latin_hints_compute_blue_edges, af_latin_hint_edges): Ditto. * src/pshinter/pshalgo.c (psh_hint_table_init): Ditto.
Ben Wagner afb4ca01 2022-01-06T12:54:15 [truetype] Reset localpoints when varying cvt. When iterating over the cvt tuples and reading in the points it is necessary to set all of `localpoints`, `points`, and `point_count` in all cases. The existing code did not reset `localpoints` to `NULL` when there were no private point numbers. If the previous tuple did have private point numbers and set `localpoints` to `ALL_POINTS` this would not be cleared and the wrong branch would be taken later, leading to possible heap buffer overflow. * src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL` when it isn't valid. Fixes: https://crbug.com/1284742
Alexander Borsuk 4eb6cb88 2021-12-25T09:23:58 Fix warnings for CMake Unity builds. * src/cache/ftcbasic.c (FT_COMPONENT): Undefine macro before redefinition. * src/smooth/ftgrays.c (TRUNC, FRACT): Ditto.
Alexander Borsuk 4f357118 2021-12-17T11:22:09 Clang-Tidy warning fixes. * src/base/ftobjs.c (FT_Get_Paint): Operator has equivalent nested operands. * src/bdf/bdflib.c (_bdf_add_property): Value stored to `fp` is never read. * src/sdf/ftbsdf.c (bsdf_init_distance_map): Value stored to `pixel` is never read. * src/sdf/ftsdf.c (split_sdf_shape): Value stored to `error` is never read.
Alexei Podtelezhnikov 0da2a115 2021-12-13T11:44:24 [truetype] Upstream the hdmx binary search. * src/truetype/ttobjs.h (TT_SizeRec): Add `widthp` for the hdmx widths. * src/truetype/ttobjs.c (tt_size_reset): Initialize `widthp` even though it might never be used by the interpreter. * src/truetype/ttgload.c (tt_loader_init): Avoid repeated searches in the hdmx table.
Alexei Podtelezhnikov fd03dcc1 2021-12-12T12:29:04 [truetype] Reset the IUP-called flags for each subglyph. This fixes fall-out from 7809007a5b88b15, where the composite accents were no longer hinted. * src/truetype/ttgload.c (ttloader_init): Move the IUP-called flag initialization from here... * src/truetype/ttinterp.c (TT_Run_Context): ... to here.
Alexei Podtelezhnikov 7add5b2b 2021-12-11T22:54:06 [truetype] Binary search through the `hdmx` records. The `hdmx` table is supposed to be sorted by ppem size, which enables binary search. We also drop the check for the sufficient length of the record because it is now enforced when the table is loaded. * include/freetype/internal/tttypes.h (TT_FaceRec): Store the `hdmx` record pointers sorted by ppem instead of ppem's themselves. * src/truetype/ttpload.c (tt_face_load_hdmx): Prudently sort records. (tt_face_get_device_metrics): Implement binary search to retrieve advances.
Alexei Podtelezhnikov a8ef33e3 2021-12-11T22:42:46 [truetype] Honor FT_LOAD_ADVANCE_ONLY if `hdmx` is usable. This simply shortcuts the glyph loading if FT_LOAD_ADVANCE_ONLY is specified by FT_Get_Advances and the `hdmx` data are located. Particularly, the classic v35 interpreter or "verified" ClearType fonts might see 100x speed up in retrieving the hdmx cache. * src/truetype/ttgload.c (TT_Load_Glyph): Insert the shortcut.
Alexei Podtelezhnikov 6c831d65 2021-12-11T22:34:27 [truetype] Initialize the loader with `hdmx` data. The `hdmx` matching can be done before the glyph is loaded. * include/freetype/internal/tttypes.h (TT_LoaderRec): Add a field. * src/truetype/ttgload.c (compute_glyph_metrics): Relocate the `hdmx` code from here... (tt_loader_init): ... to here, before the glyph is loaded.
Alexei Podtelezhnikov 7809007a 2021-12-11T22:22:57 [truetype] Relocate subpixel flag setting. `TT_RunIns` is too busy to deal with subpixel flags. It is better to set them in `tt_loader_init`, which is executed before each glyph program. * src/truetype/ttinterp.c (TT_RunIns): Move the flag setting from here... * src/truetype/ttgload.c (tt_loader_init): ... to here.
Alexei Podtelezhnikov a35b081e 2021-12-11T22:12:25 [truetype] Limit INSTCTRL appication within specs. * src/truetype/ttinterp.c (Ins_INSTCTRL): Limit its global effects to the CVT program and local effects to the glyph program. This also fixes an Infinality buglet. The `ignore_x_mode` should be locally unset by the glyph program.
Ben Wagner bad92be9 2021-12-09T17:06:28 [bdf] Fix use of uninitialized value. In _bdf_readstream if the data contained no newline then the buffer would continue to grow and uninitialized data read until either the uninitialized data contained a newline or the buffer reached its maxiumum size. The assumption was that the line was always too long and the buffer had been filled, however this case can also happen when there is not enough data to fill the buffer. Correct this by properly setting the cursor to the end of the available data, which may be different from the end of the buffer. This may still result in one extra allocation, but only on malformed fonts. * src/bdf/bdflib.c (_bfd_readstream): Correctly update cursor. Remove unread set of `avail`. Bug: https://lists.nongnu.org/archive/html/freetype-devel/2021-12/msg00001.html
Alexei Podtelezhnikov 012b00f3 2021-12-07T10:19:06 [truetype] Reduce Infinality footprint again. * src/truetype/ttgload.c (compute_glyph_metrics): Streamline and prioritize the Infinality checks to use `hdmx`.
Werner Lemberg 3f83daee 2021-12-01T20:17:59 * Version 2.11.1 released. ========================== Tag sources with `VER-2-11-1'. * docs/VERSION.TXT: Add entry for version 2.11.1. * docs/CHANGES, docs/release: Updated. * README, src/base/ftver.rc, builds/windows/vc2010/index.html, builds/windows/visualc/index.html, builds/windows/visualce/index.html, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html, docs/freetype-config.1: s/2.11.0/2.11.1/, s/2110/2111/. * include/freetype/freetype.h (FREETYPE_PATCH): Set to 1. * builds/unix/configure.raw (version_info): Set to 24:1:18. * CMakeLists.txt (VERSION_PATCH): Set to 1. * builds/toplevel.mk (version_tag, CHANGELOG_SCRIPT): New variables. (do-dist): Generate `ChangeLog` file with all commits since last release.
Seigo Nonaka 3b45f564 2021-11-29T18:17:49 * src/base/ftobjs.c (FT_Request_Metrics): Fix build warning on Android. Use casts since `FT_USHORT_MAX` is unsigned short in bionic (libc used in Android).
Alexei Podtelezhnikov 36a905e1 2021-11-26T09:15:46 * src/truetype/ttpload.c (tt_face_load_hdmx): Added comments.
Alexei Podtelezhnikov 32f13c11 2021-11-25T22:38:40 [truetype] Quietly reject out-of-spec `hdmx` tables. The `hdmx` table is optional and can be safely rejected without an error if it does not follow specifications. The record size must be equal to the number of glyphs + 2 + 32-bit padding. * src/truetype/ttpload.c (tt_face_load_hdmx): Thoroughly check the record size and improve tracing.
Alexei Podtelezhnikov cff026d4 2021-11-23T16:05:12 [truetype] Partly revert 5b626281. Fixes #1118. * src/truetype/ttpload.c (tt_face_load_hdmx): Do not assume that `record_size` is rounded even though the records are padded.
Werner Lemberg 3cabd142 2021-11-22T19:36:45 Update `CHANGES` files, other minor whitespace and documentation issues.
Werner Lemberg a11650d7 2021-11-21T07:51:31 * src/truetype/ttinterp.c (Ins_MD): Avoid `FT_ABS`. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38562
Werner Lemberg 6da5f95f 2021-11-20T09:29:09 [gxvalid] Fix minor compilation warning. * src/gxvalid/gxvmort5.c (gxv_mort_subtable_type5_subtable_setup): Declare as static.
Werner Lemberg f5ce1824 2021-11-20T07:56:34 [smooth] Fix stand-alone compilation. * src/smooth/ftgrays.c (FT_Trace_Enable, FT_Trace_Disable)[STANDALONE_]: Define.
Werner Lemberg 8c8f51c5 2021-11-19T21:50:22 Avoid undefined left-shifts. We really have to use double casts to avoid issues with C's and C++'s signedness propagation rules in implicit casts. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41178 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41182 * include/freetype/config/public-macros.h (FT_STATIC_CAST, FT_REINTERPRET_CAST): Modify macro to take two arguments. Update all callers. (FT_STATIC_BYTE_CAST): New macro. * include/freetype/freetype.h (FT_ENC_TAG): Use `FT_STATIC_BYTE_CAST`. * include/freetype/ftimage.h (FT_IMAGE_TAG): Ditto. * include/freetype/fttypes.h (FT_MAKE_TAG): Ditto. Use `FT_Tag` for casting. * src/ftraster/ftmisc.h (FT_MAKE_TAG): Removed, no longer needed. (FT_STATIC_BYTE_CAST): New macro. * src/smooth/ftgrays.c (FT_STATIC_CAST): Replace with... (FT_STATIC_BYTE_CAST): ... this.
Werner Lemberg 9079c5d9 2021-11-13T08:53:19 Provide C++ versions for public macros with casts. Many FreeType clients use C++. However `g++ -Wold-style-cast` warns for macros with C-style casts even for system header files; this also affects directories included with `-isystem`. While this could be seen as a problem with g++, the problem is more a philosophical one: Over the time, C and C++ diverged more and more, and some features of C are no longer the 'right' solution in C++. * include/freetype/config/public-macros.h (FT_STATIC_CAST, FT_REINTERPRET_CAST): New macros. * include/freetype/freetype.h (FT_ENC_TAG, FT_LOAD_TARGET_, FT_LOAD_TARGET_MODE): Use `FT_STATIC_CAST`. Correctly handle negative 'signed char' input. * include/freetype/ftimage.h (FT_IMAGE_TAG): Ditto. * include/freetype/fttypes.h (FT_MAKE_TAG, FT_BOOL): Ditto. * include/freetype/ftmodapi.h (FT_FACE_DRIVER_NAME): Use `FT_REINTERPRET_CAST`. * src/smooth/ftgrays.c (FT_STATIC_CAST)[STANDALONE_]: New macro. [!STANDALONE]: Include `FT_CONFIG_CONFIG_H`. Fixes #1116.
Werner Lemberg 238245cd 2021-11-16T22:07:28 Fix clang++ warnings. * src/*: Initialize some variables to NULL.
Werner Lemberg e4f7673e 2021-11-13T21:11:00 [truetype] Updates for the forthcoming OpenType 1.9 standard (2/2). * src/truetype/ttgxvar.c (ft_var_load_item_variation_store): s/shortDeltaCount/wordDeltaCount/ (as done in the specification, too). Recognize new format and reject it for now.
Werner Lemberg 93e6b3e8 2021-11-13T14:41:40 [truetype] Updates for the forthcoming OpenType 1.9 standard (1/2). This is in preparation for implementing `DeltaSetIndexMap` format 1, which is used by `COLR` v1 tables, and which allows 32bit indices. https://docs.microsoft.com/en-us/typography/opentype/otspec190/delta/otvarcommonformats_delta.html * src/truetype/ttgxvar.h (GX_DeltaSetIdxMapRec): Change type of `mapCount` to `FT_ULong`. * src/truetype/ttgxvar.c (ft_var_load_delta_set_index_mapping): Add argument for passing the table size; update caller. Implement new format.
Werner Lemberg d31bafcb 2021-11-14T11:02:54 Fix clang warnings. * src/gxvalid/gxvcmmn.h (GXV_SET_ERR_IF_PARANOID): Use 'do' block. * src/gxvalid/gxvmod.c (GXV_TABLE_LOAD, GXV_TABLE_VALIDATE): Ditto. * src/smooth/ftgrays.c (gray_convert_glyph): Add cast. * src/type1/t1gload.c (T1_Parse_Glyph_And_Get_Char_String): Remove cast. * src/type1/t1load.c (read_binay_data): Use `FT_ULong` for `size` parameter. (parse_subrs, parse_charstrings, parse_dict): Ditto; also add some casts.
Dominik Röttsches 9597fd7b 2021-11-11T17:33:37 [sfnt] Avoid undefined shifts in `COLR` v1 paint parsing * src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Tighten shift behavior by using multiplication, mostly using macros from ftcalc.h. Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1269168
Alexei Podtelezhnikov c5cd2a3d 2021-11-10T08:46:26 * src/truetype/ttgxvar.c (ft_var_to_normalized): Edge optimization.
Werner Lemberg d899b200 2021-11-08T12:27:04 * src/sfnt/sfobjs.c (sfnt_open_font): Fix typo.
Werner Lemberg b86f96bc 2021-11-08T11:15:50 * src/gxvalid.*, src/otvalid.*: Fix `-Wformat` warnings.
Werner Lemberg cce78228 2021-11-08T09:41:54 [pshinter] Fix C++ compilation. * src/pshinter/pshalgo.c (psh_compute_dir): Fix type of `result`. (psh_hint_table_find_strong_points): Add cast.
Werner Lemberg 7ef26604 2021-11-04T09:10:57 [sfnt] Reduce footprint if WOFF and WOFF2 support is not needed. Based on a patch from metarutaiga (MR !106). The gist of this commit is that it doesn't make sense to support WOFF without compression (which would be only possible in WOFF 1.0 anyway). * src/sfnt/sfobjs.c (sfnt_open_font): Guard WOFF code with `FT_CONFIG_OPTION_USE_ZLIB` block. Guard WOFF2 code with `FT_CONFIG_OPTION_USE_BROTLI` block. * src/sfnt/sfwoff.c, src/sfnt/sfwoff.h: Guard files with `FT_CONFIG_OPTION_USE_ZLIB` blocks, not parts of the code. * src/sfnt/sfwoff2.c, src/sfnt/sfwoff2.h, src/sfnt/woff2tags.c, src/sfnt/woff2tags.h: Guard files with `FT_CONFIG_OPTION_USE_BROTLI` blocks, not parts of the code. Fixes #1111.
Werner Lemberg bb4e049a 2021-11-04T08:58:13 [truetype] Make trickyness checks depend on TT_USE_BYTECODE_INTERPRETER. Based on a patch from metarutaiga (MR !106). * src/truetype/ttobjs.c (tt_skip_pdffont_random_tag, tt_check_trickyness_family, tt_synth_sfnt_checksum, tt_get_sfnt_checksum, tt_check_trickyness_sfnt_ids, tt_check_trickyness): Put functions into a `TT_USE_BYTECODE_INTERPRETER` block. (tt_face_init): Put trickyness checks into a `TT_USE_BYTECODE_INTERPRETER` block. Fixes #1111.
Alexei Podtelezhnikov 9ebdc9cb 2021-11-07T23:21:40 * src/sfnt/ttload.c (tt_face_load_gasp): Fix a type mismatch warning.
Alexei Podtelezhnikov 7f4b9bfb 2021-11-07T10:20:16 [dlg] Define DLG_STATIC explicitly. DLG_STATIC is intended to disable Windows DLL linking attributes. It does not hurt to define it explicitly when we wrap DLG code. This fixes tons of LNK4286 and C4273 warnings from MSVC if we forget to define DLG_STATIC as a compiler option. * builds/windows/vc2010/freetype.vcxproj: Remove DLG_STATIC option. * src/dlg/dlgwrap.c [FT_DEBUG_LOGGING]: Define DLG_STATIC. * include/freetype/internal/ftdebug.h [FT_DEBUG_LOGGING]: Ditto.
Alexei Podtelezhnikov c693377e 2021-11-07T10:05:05 [dlg] Lighten up the inclusions. The DLG wrapper needs to know if FT_DEBUG_LOGGING is defined in `ftoption.h`. It does not need entire FreeType. * src/dlg/dlgwrap.c: Include FT_CONFIG_OPTIONS_H directly.
Alexei Podtelezhnikov cb9e7b7a 2021-11-06T22:59:31 [truetype] Avoid some memory zeroing in variations. * src/truetype/ttgxvar.c (ft_var_readpackeddeltas, ft_var_load_avar, ft_var_load_item_variation_store, ft_var_load_gvar): Use FT_QNEW_ARRAY if memory immediately initialized or discarded otherwise.
Jany Belluz fc55291b 2021-11-04T11:07:43 [truetype] Fix handling of packed deltas in Variation Fonts. * src/truetype/ttgxvar (ft_var_readpackeddeltas): Don't expect the number of bytes used to encode the deltas to be higher than the number of encoded values. The specification allows a very compact encoding; for example, a list of 200 zeros can be encoded with just a couple of bytes. We now count the consumed bytes to make sure to not read more than expected.
Jany Belluz 9ed5332f 2021-11-04T08:56:59 [truetype] Fix CVAR handling of tuples for all points. * src/truetype/ttgxvar (tt_face_vary_cvt): Function `ft_var_readpackedpoints`, when it returns `ALL_POINTS`, also sets `point_count` to value 0. However, the CVAR code was incorrectly expecting that `point_count` would be set to match the length of the CVT table.
Jany Belluz 23d1d8ad 2021-11-04T08:55:39 * src/truetype/ttgxvar.c: Fix typos in macros that guard CVAR code.
Dominik Röttsches d3d3ff76 2021-11-01T17:32:27 [sfnt] Clarify `COLR` v1 FT_Paint* format representations * include/freetype/ftcolor.h (FT_PaintLinearGradient, FT_PaintRadialGradient, FT_PaintSweepGradient, FT_PaintTransform, FT_PaintTranslate, FT_PaintScale, FT_PaintRotate, FT_PaintSkew): Clarify 16.16 fixed point representation of struct fields. * src/sfnt/ttcolr.c (read_paint): Shift coordinates for FT_PaintLinearGradient, FT_PaintRadialGradient, FT_PaintSweepGradient accordingly. Fixes: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1110
Alexei Podtelezhnikov 94cb3a2e 2021-10-29T10:31:59 * src/truetype/ttgload.c (load_truetype_glyph): Fix MSVC warning C4312.
Alexei Podtelezhnikov 793c0126 2021-10-27T22:36:11 [woff] Optimize table tagging. * include/freetype/internal/wofftypes.h (WOFF_TableRec): Use 32-bit tag. * src/sfnt/sfwoff.c (woff_open_font): Use 32-bit tag.
Alexei Podtelezhnikov a577bbcb 2021-10-27T22:24:27 [woff2] Optimize table tagging. Fixes #1107. * include/freetype/internal/wofftypes.h (WOFF2_TableRec): Use 32-bit tag. * src/sfnt/sfwoff2.c (compare_tags, find_table, woff2_open_font): Use 32-bit tag. * src/sfnt/woff2tags.[ch] (woff2_known_tags): Use static storage and return 32-bit tag.
Werner Lemberg 80b13f57 2021-10-26T10:57:17 Formatting.
Ben Wagner 535c67dd 2021-10-25T22:38:05 [mm] Tolerate missing Blend dictionary entries In a Multiple Master font, the Blend dictionary must contain valid Private, FontInfo, and FontBBox. The current code will error if any of these are present and invalid, but will not error and will provide uninitialized data if the Blend dictionary exists but does not contain one of these entries. This change reverts to the older behavior of treating any missing entries as containing all zero data and not returning an error. In the future it may be best to keep track of when these are actually initialized and error if they are not. * src/type1/t1load.c (t1_allocate_blend): Zero initiailize.
Ben Wagner 65be4b21 2021-10-21T09:55:28 [mm] Delay setting blend weight and design position. Previously the `blend->weight_vector`, `blend->default_weight_vector`, and `blend->design_pos` were set early to allocated but uninitialized memory under the assumption that the memory would eventually be initialized. However, it is possible that some of the required keywords may not actually be present, leaving the memory uninitialized. This is different from a present but invalid table, which would produce an error. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1261762 * src/type1/t1load.c (t1_allocate_blend): Remove early allocation and initialization. (parse_blend_design_positions, parse_weight_vector): Parse into local and assign to blend if valid. (T1_Open_Face): Check that if a blend exists that it has the weight vector and design positions.
Ben Wagner b5e003f1 2021-10-21T09:48:38 [cff] Commit vstore data and regions on allocation. The vstore->regionCount and vstore->dataCount were read directly from the data. However, vstore->varRegionList and vstore->varData would still contain uninitialized entries with uninitialized pointers in the event of an error, leading to issues when attempting to clean up. Reportd as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40104 * src/cff/cffload.c (cff_vstore_load): Read the region and data counts into locals and update the vstore counts immediately after each entry becomes free-able.
Ben Wagner fde91ab8 2021-10-20T11:45:15 [sfnt] Delay setting gasp ranges and count until computed. Previously, the gasp.numRanges was set and gasp.gaspRanges was allocated and assigned before a possible early exit if the frame could not be entered. It is also possible that the gaspRanges allocation could fail but the numRanges still be set to non-zero. In such cases an error would be returned, but the face would have a gasp in an inconsistent state which may still be accessed. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1261450 * src/sfnt/ttload.c (tt_face_load_gasp): Delay setting gasp.numRanges and gasp.gaspRanges until after the ranges are initialized.
Ben Wagner 6d12e3a0 2021-10-20T11:38:16 [sfnt] Delay setting names and langTags until computed. Previously, the table->names and table->langTags fields were created pointing to uninitialized memory and an early exit could happen if the frame could not be entered. The caller would then be unable to properly dispose of the memory as the string fields had not been initialized. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1261343 * src/sfnt/ttload.c (tt_face_load_name): delay setting table->langTags and table->names until after the memory they will point to is fully initialized.
Werner Lemberg 8ef8072b 2021-10-19T22:59:46 [bdf, cid, pfr, winfonts] Improve rejection of other font formats. This is mainly for better diagnostics of malformed fonts. * src/bdf/bdflib.c (_bfd_readstream): Stop font format testing if the first input line is too long or doesn't end with `\r` or `\n`. * src/cid/cidparse.c (cid_parser_new): Don't handle too short input as an error but as an unknown format. * src/pfr/pfrobjs.c (pfr_face_init): Ditto. * src/winfonts/winfnt.c (fnt_font_load, fnt_face_get_dll_font): Ditto.
Alexei Podtelezhnikov 38b349c4 2021-10-18T20:35:28 [pcf] Zero out the allocated properties. Fallout reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40033 * src/pcf/pcfread.c (pcf_get_properties): Use FT_NEW_ARRAY and zero out `properties` in case of failure.
Alexei Podtelezhnikov 986d503f 2021-10-17T09:14:27 * src/sfnt/ttload.c (tt_face_load_name): NULL-initialize langTag. Another attempt to fix fallout reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40024
Alexei Podtelezhnikov 30ca63d4 2021-10-16T23:02:47 [bdf] Fix up user properties. Fallout reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40027 * src/bdf/bdflib.c (_bdf_add_property): Cosmetic NULL. (bdf_create_property): Limit allocations to customary signed FT_Long and NULL-initialize unused storage. (bdf_free_font): Do not free unused storage.
Alexei Podtelezhnikov afd1cb28 2021-10-16T20:25:11 * src/sfnt/ttload.c (tt_face_load_name): Accounting fix. Fallout reported as https://crbug.com/40024
Ben Wagner c71eb22d 2021-10-15T22:18:38 Fix typos in memory macros. FT_QNEW_ARRAY and FT_QRENEW_ARRAY were using the non-Q FT_MEM_NEW_ARRAY and FT_MEM_RENEW_ARRAY. Change these to use the Q versions. Also fix the one issue discovered in tt_face_load_name where table->names is created with FT_QNEW_ARRAY but the extra string member is not initialized to NULL. * include/freetype/internal/ftmemory.h (FT_Q(RE)NEW_ARRAY): Use FT_MEM_Q(RE)NEW_ARRAY as needed. * src/sfnt/ttload.c (tt_face_load_name): Initialize `entry->string`.
Ben Wagner 8406ae53 2021-10-15T14:16:30 [truetype] Reload context after re-executing `prep`. When a different hinting mode from the current is selected, the `prep` table must be re-executed with the new mode. After this happens the context must be re-loaded in preparation for the glyph program to be run. Fixes #1104. * truetype/ttgload.c (tt_loader_init): Add call to `TT_Load_Context`.
Werner Lemberg 0b92c56c 2021-10-15T19:02:41 [truetype] Minor documentation improvements.
Alexei Podtelezhnikov e294a95c 2021-10-11T23:25:29 * src/cid/cidload.c (parse_fd_array): Protect against trancation.
Alexei Podtelezhnikov 1029eb93 2021-10-11T22:25:14 [type1] Revert to signed size for binary data. Recently introduced and reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39838 * src/type1/t1load.c (read_binary_data): Reject negative size. (parse_subrs, parse_charstrings): Use customary signed size.
Alexei Podtelezhnikov 77bd46e9 2021-10-10T23:12:12 [psaux] Signedness revisions. Unsigned indexes are easier to check. * src/psaux/cffdecode.c (cff_decoder_parse_charstrings): Updated. * src/psaux/psintrp.c (cf2_interpT2CharString): Ditto. * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Ditto. * src/type1/t1load.c (read_binary_data): Ditto.
Alexei Podtelezhnikov 3b036820 2021-10-10T23:11:10 [cid] Signedness revisions. Unsigned checks are simpler. * include/freetype/t1tables.h (CID_FaceInfoRec): Change to unsignd `num_dicts`. * src/cid/cidparse.h (CID_Parser): Change to unsigned `num_dict`. * src/cid/cidgload.c (cid_load_glyph): Updated. * src/cid/cidload.c (cid_load_keyword, parse_fd_array, parse_expansion_factor, parse_font_name, cid_read_subrs, cid_face_open): Updated. * src/cid/cidobjs.c (cid_face_done): Updated. * src/cid/cidparse.c (cid_parser_new): Updated.
Alexei Podtelezhnikov 012b4f2d 2021-10-08T22:14:12 * src/cid/cidload.c (cid_face_open): Streamline CIDCount check.
Alexei Podtelezhnikov 946df221 2021-10-07T22:44:53 * src/cid/cidload.c (cid_face_open): Streamline SubrCount check.
Alexei Podtelezhnikov 0313a11c 2021-10-07T22:43:12 * src/cid/cidgload.c (cid_load_glyph): Fortify incremental loading.
Alexei Podtelezhnikov 22befeef 2021-10-07T22:41:56 Signedness revisions. This eliminates explicit casting by switching to unsigned fields. The revisions mostly impact the handling of CID fonts. * include/freetype/fttypes.h (FT_Data): Change to unsigned `length`. * include/freetype/t1tables.h (CID_FaceDictRec): Ditto for `sd_bytes`. (CID_FaceInfoRec): Ditto for `gd_bytes` and `gd_bytes`. * include/freetype/internal/tttypes.h (TT_LoaderRec): Ditto for `byte_len`. * src/cid/cidgload.c (cid_load_glyph): Updated. * src/cid/cidload.h (cid_get_offset): Update argument. * src/cid/cidload.c (cid_get_offset, cid_read_subrs, cid_face_open): Updated. * src/cff/cffgload.c (cff_get_glyph_data, cff_free_glyph_data): Updated. * src/psaux/psft.c (cf2_getT1SeacComponent): Updated. * src/truetype/ttgload.c (TT_Process_Composite_Glyph, load_truetype_glyph): Updated.
Alexei Podtelezhnikov 0f23ae2e 2021-10-05T16:28:40 * src/smooth/ftgrays.c (FT_DIV_MOD): Limit the ARM workaround.
Alexei Podtelezhnikov ec6a4588 2021-10-04T23:10:59 [pshinter] Additional clean-ups. * src/pshinter/pshalgo.h (psh_hint_table_find_strong_points): Streamline code. * src/pshinter/pshalgo.h (PSH_Glyph): Remove unused fields.
Alexei Podtelezhnikov 227445f6 2021-10-03T22:48:23 [pshinter] More convenient direction definition. It is easier to check directions using flags than integer values. * src/pshinter/pshalgo.h (PSH_Dir): Redefine directions. (PSH_PointRec): Use them as an enum type. * src/pshinter/pshalgo.c (psh_compute_dir): Modify return type. (psh_glyph_init, psh_hint_table_find_strong_points, psh_glyph_find_blue_points): Update users.
Alexei Podtelezhnikov d102a514 2021-10-03T22:45:42 [pshinter] Remove unnecessary check. * src/pshinter/pshalgo.c (psh_hint_table_find_strong_points): Do not check if direction is defined before checking how.
Alexei Podtelezhnikov 68fae526 2021-09-30T22:59:04 * src/autofit/afhints.c (af_glyph_hints_reload): Decrease casting.
Alexei Podtelezhnikov 1d79c892 2021-09-29T22:17:31 * src/tools/apinames.c: Facilitate OpenVMS linker options.
Alexei Podtelezhnikov dd0ccdc3 2021-09-28T22:57:58 * src/winfonts/winfnt.c (FNT_Face_Init): Correct reallocation.
Alexei Podtelezhnikov a69320a9 2021-09-24T22:06:44 [bdf] Simplify comment collection or lack thereof. BDF comments are neither actually collected nor retrieved. There is no need to be fancy with delimiters. * src/bdf/bdflib.c (_add_bdf_comment): Delimit comments with zeros... (bdf_load_font): ...and do not null-terminate comments additionally. (_bdf_parse_glyphs): Check if comments are kept, which they are not. (_bdf_parse_start): Minor clean up.
Alexei Podtelezhnikov a29e0200 2021-09-23T23:10:26 Use NULL for pointers only. * src/bdf/bdflib.c (*): Code changes. * include/freetype/freetype.h: Comments only. * src/cff/cffload.c, src/cff/cffobjs.c: Ditto. * src/winfonts/winfnt.c: Ditto.
Alexei Podtelezhnikov 90b14882 2021-09-22T20:20:04 [bdf, pcf] Minor optimization. * src/pcf/pcfread.c (pcf_load_font): Do not call `FT_MulDiv` for a small job. * src/bdf/bdfdrivr.c (BDF_Face_Init): Ditto. * src/bdf/bdflib.c (_bdf_parse_glyphs): Fix a comment.
Alexei Podtelezhnikov b4dddd82 2021-09-22T00:30:03 [base] Initialize stream memory earlier. With Windows memory management tracking heap, it is important to use it during the stream opening fallback. In Unix, the argument is unused, but it is better to set it correctly. * src/base/ftobjs.c (FT_Stream_New): Set memory before calling `FT_Stream_Open`. * builds/windows/ftsystem.c, builds/unix/ftsystem.c (FT_Stream_Open, ft_close_stream_by_free): Call `ft_alloc` and `ft_free` with proper memory argumment.
Alexei Podtelezhnikov 892e7ead 2021-09-21T14:39:21 * src/bdf/bdflib.c (_bdf_parse_{start,glyphs}): Use appropriate scanner.
Alexei Podtelezhnikov 61903609 2021-09-20T22:18:29 Minor.
Alexei Podtelezhnikov 71969d1e 2021-09-20T14:31:45 * src/cff/cffdrivr.c (cff_ps_get_font_{info,extra}): Use FT_QNEW.
Alexei Podtelezhnikov 52915898 2021-09-18T07:05:55 [cache] Minor clean-ups. * src/cache/ftccache.h (FTC_CACHE_LOOKUP_CMP): Remove parantheses. * src/cache/ftccache.c (FTC_Cache_Lookup): Ditto. (FTC_Cache_RemoveFaceID): Remove unnecessary variable.
Edwin Steiner 6e1ef98a 2021-09-16T23:08:46 [cff] Explicitly set StandardEncoding or ExpertEncoding offsets. Fixes #1097. * src/cff/cffload.c (cff_encoding_load): Set special offset values.
Alexei Podtelezhnikov fce74b73 2021-09-16T17:03:19 [cache] Miscellaneous clean-ups. * src/cache/ftccache.c (ftc_get_top_node_for_hash, FTC_Cache_Clear): Remove barely used variables. (ftc_cache_add): Adjust casting. * src/cache/ftccmap.c (FTC_CMapCache_Lookup): Remove casting. * src/cache/ftcsbits.c (ftc_snode_load): Remove casting.
Alexei Podtelezhnikov 79d14cc2 2021-09-16T16:41:56 * src/cff/cffload.c (cff_fd_select_get): Remove casting.
Alexei Podtelezhnikov ae516e6a 2021-09-16T16:39:23 * src/pcf/pcfread.c (pcf_read_TOC): Remove casting.
Alexei Podtelezhnikov 801b7540 2021-09-14T22:55:50 Minor type adjustments. * src/cff/cffobjs.c (cff_face_init): Reduce casting. * src/truetype/ttobjs.c (tt_size_ready_bytecode): Ditto. * src/type1/t1load.c (T1_Set_MM_Design): Ditto.
Alexei Podtelezhnikov 49270c17 2021-09-14T21:32:43 Replace boolean allocation macros with MEM ones. * src/base/ftbitmap.c (FT_Bitmap_Copy): Use MEM-macro. * src/base/ftobjs.c (ft_glyphslot_alloc_bitmap): Ditto. * src/bzip2/ftbzip2.c (ft_bzip2_alloc): Ditto. * src/cache/ftccache.c (ftc_cache_init): Ditto * src/gzip/ftgzip.c (ft_gzip_alloc): Ditto. * src/psnames/psmodule.c (ps_unicodes_init): Ditto. * src/sfnt/sfobjs.c (sfnt_load_face): Ditto. * src/sfnt/ttload.c (tt_face_load_name): Ditto.
Alexei Podtelezhnikov 9a4c846e 2021-09-14T21:25:47 [cache] Revert to some zeroing. * src/cache/ftccache.c (ftc_cache_init, ftc_cache_resize): Zero `buckets` again to fix some crashes.
Alexei Podtelezhnikov 0a8ee851 2021-09-14T10:26:37 * src/pshinter/pshrec.c (ps_mask_table_merge_all): Tweak loops. Fixes fallout from 731d0b685685 reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38685