|
5d27b10f
|
2021-07-13T10:59:32
|
|
[base] Fix `FT_Open_Face`'s handling of user-supplied streams.
This was already true (though undocumented) most of the time, but
not if `FT_NEW` inside `FT_Stream_New` failed or if the
`FT_OPEN_XXX` flags were bad.
Normally, `FT_Open_Face` calls `FT_Stream_New`, which returns the
user-supplied stream unchanged, and in case of any subsequent error
in `FT_Open_Face`, the stream is closed via `FT_Stream_Free`.
Up to now, however, `FT_Stream_New` allocates a new stream even if
it is already given one by the user. If this allocation fails, the
user-supplied stream is not returned to `FT_Open_Face` and never
closed. Moreover, the user cannot detect this situation: all they
see is that `FT_Open_Face` returns `FT_Err_Out_Of_Memory`, but that
can also happen after a different allocation fails within the main
body of `FT_Open_Face`, when the user's stream has already been
closed by `FT_Open_Face`. It is plausible that the user stream's
`close` method frees memory allocated for the stream object itself,
so the user cannot defensively free it upon `FT_Open_Face` failure
lest it ends up doubly freed. All in all, this ends up leaking the
memory/resources used by user's stream.
Furthermore, `FT_Stream_New` simply returns an error if the
`FT_OPEN_XXX` flags are unsupported, which can mean either an
invalid combination of flags or a perfectly innocent
`FT_OPEN_STREAM` on a FreeType build that lacks stream support.
With this patch, the user-supplied stream is closed even in these
cases, so the user can be sure that if `FT_Open_Face` failed, the
stream is definitely closed.
* src/base/ftobjs.c (FT_Stream_New): Don't allocate a buffer
unnecessarily.
Move error-handling code to make the control flow more obvious.
Close user-supplied stream if the flags are unsupported.
`FT_Stream_Open` always sets `pathname.pointer`, so remove the
redundant (re)assignment. None of the `FT_Stream_Open...` functions
uses `stream->memory`, so keep just one assignment at the end,
shared among all possible control flow paths.
('Unsupported flags' that may need a stream closure can be either an
invalid combination of multiple `FT_OPEN_XXX` mode flags or a clean
`FT_OPEN_STREAM` flag on a FreeType build that lacks stream
support.)
|
|
a4c8f21a
|
2021-07-13T10:44:38
|
|
[base] Reject combinations of incompatible `FT_OPEN_XXX` flags.
The three modes are mutually exclusive, and the documentation of the
`FT_OPEN_XXX` constants notes this. However, there was no check to
validate this in the code, and the documentation on `FT_Open_Args`
claimed that the corresponding bits were checked in a well-defined
order, implying it was valid (if useless) to specify more than one.
Ironically, this documented order did not agree with the actual
code, so it could not be relied upon; hopefully, nobody did this and
nobody will be hurt by the new validation.
Even if multiple mode bits were allowed, they could cause memory
leaks: if both `FT_OPEN_STREAM` and `stream` are set along with
either `FT_OPEN_MEMORY` or `FT_OPEN_PATHNAME`, then `FT_Stream_New`
allocated a new stream but `FT_Open_Face` marked it as an 'external'
stream, so the stream object was never released.
* src/base/ftobjs.c (FT_Stream_New): Reject incompatible
`FT_OPEN_XXX` flags.
|
|
e592982a
|
2021-07-13T10:00:22
|
|
[sdf] Improve documentation.
|
|
825b7ea2
|
2021-07-12T22:11:24
|
|
[autofit] More clean-ups.
* src/autofit/afhints.h (AF_GlyphHintsRec): Remove the no longer
needed fields `xmin_delta` and `xmax_delta`.
* src/autofit/afhints.c (af_glyph_hints_reload),
src/autofit/afloader.c (af_loader_load_glyph): Updated.
|
|
a212668c
|
2021-06-02T19:07:56
|
|
Remove obsolete AF_Angle type and related sources.
Move the af_sort_xxx() functions from afangles.c to afhints.c
in order to get rid of the obsolete angle-related types,
macros and function definitions.
|
|
2f11522a
|
2021-06-02T19:05:09
|
|
Remove experimental auto-hinting 'warp' mode.
This feature was always experimental, and probably nevery worked
properly. This patch completely removes it from the source code,
except for a documentation block describing it for historical
purpose.
|
|
15e88980
|
2021-06-02T18:54:41
|
|
Remove experimental "Latin2" writing system (FT_OPTION_AUTOFIT2)
This code has always been experimental and was never compiled
anyway (FT_OPTION_AUTOFIT2 does not appear in ftoption.h or even
any of our build files).
|
|
89c60eca
|
2021-07-05T05:39:59
|
|
* src/base/ftlcdfil.c (FT_Library_SetLcdGeometry): Fix argument.
Reported by Hin-Tak.
|
|
d3dc2da9
|
2021-06-30T18:22:29
|
|
* src/truetype/ttgxvar.c (tt_set_mm_blend): Test `coords`.
It is undefined behavior to pass `NULL` to `memcpy`. `coords' is
passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design`
explictly call `tt_set_mm_blend` with `coords` as `NULL`. In
addition, `TT_Set_MM_Blend` has a similar possible issue.
|
|
286da6c5
|
2021-06-22T15:01:19
|
|
[sfnt] Support PaintScale in 'COLR' v1 parsing.
* include/freetype/ftcolor.h (FT_PaintFormat): Renumber values, add
`FT_COLR_PAINTFORMAT_SCALE`.
(FT_PaintScale): New structure to represent 'PaintScale*' tables.
(FT_COLR_Paint): Updated.
* src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration.
(read_paint): Parse 'PaintScale' and friends.
|
|
0348c627
|
2021-06-29T20:51:32
|
|
[sfnt] Handle fonts without layer list in 'COLR' v1.
'COLR' v1 fonts do not necessarily need to have a layer list; for
this reason, 'fontTools' recently started generating fonts in a way
that drops the layer list if there are no layers in it. This
results in the layer list offset becoming zero, which FreeType
treated as an invalid table. Fix that and handle the case for layer
list offset being 0. This slightly changes how we need to calculate
the starting offset for paints.
* src/sfnt/ttcolr.c (tt_face_load_colr): Handle case of layer list
offset being zero without outright rejecting table.
|
|
f27b4834
|
2021-06-30T10:54:59
|
|
* src/raster/ftraster.c (Render_Single_Pass): Simplify `band_stack'.
|
|
90ecac41
|
2021-06-30T10:23:42
|
|
Update `CHANGES` file; other minor doc fixes.
|
|
69c3516c
|
2021-06-29T23:51:23
|
|
[raster] Do not skip the second pass without dropout control.
The second pass also fixes horizontal lines through the pixel centers.
* src/raster/ftraster.c (black_TWorker): Do not use `second_pass'.
(Render_Glyph): Skip the second pass only with the appropriate flag.
|
|
3696ac5a
|
2021-06-29T23:27:10
|
|
[raster] Handle sub-band stack locally.
* src/raster/ftraster.c (black_TWorker): Move `band_stack' from here..
(Render_Single_Pass): ... to here and accept limit arguments.
(Render_Glyph): Updated.
|
|
c852388d
|
2021-06-28T23:26:10
|
|
[raster] Handle Bézier stack locally.
* src/raster/ftraster.c (black_TWorker): Move `arcs' from here...
(Conic_To, Cubic_To): ... to here to tighten their scope.
(Bezier_Up, Bezier_Down): ... Take the current `arc' argument.
|
|
7d4e55c3
|
2021-06-28T16:29:49
|
|
[sfnt] Improve paint limit checks
Paint tables can appear before the `base_glyphs_v1` offset if the
font is produced with the layer list before the base glyph list. In
this case paint tables can occur after the layer list but before the
base glyph list. Checks in the 'COLR' v1 code were rejecting fonts
with this layout. Improve these checks by calculating a minimum
offset after which paint tables can occur and use that in safety
checks.
* src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare
`paint_start_v1` and calculate that as the minimum of the end of
layer list and base glyph list.
(get_child_table_pointer, read_paint, tt_face_get_paint_layers):
Use that in safety checks.
|
|
3a278381
|
2021-06-28T10:22:03
|
|
[raster] Clean up vertical sweep.
* src/raster/ftraster.c (black_TWorker): Replace the current line
offset with the pointer and drop the increment.
(Function_Sweep_Init): Take values as arguments instead of pointers.
(Vertical_Sweep_*, Horizontal_Sweep_Init, Draw_Sweep): Updated.
|
|
fb4511eb
|
2021-06-26T08:49:20
|
|
[raster] Make `band_top' local variable.
* src/raster/ftraster.c (black_TWorker): Move `band_top' from here...
(Render_Single_Pass): ... to here, and refactor.
(Render_Glyph): Updated.
|
|
f6370e2f
|
2021-06-25T22:59:39
|
|
[raster] Adjust sub-band bisecting limits.
We can bisect a band until it is just a single scan line. This might
be slow and cause time-outs but if we need to impose limits it should
be elsewhere.
* src/raster/ftraster.c (Render_Single_Pass): Tweak sub-banding.
|
|
bc1029b9
|
2021-06-25T18:20:57
|
|
* src/raster/ftraster.c (Render_Single_Pass): Remove dead code.
|
|
1e0cef9e
|
2021-06-24T00:19:50
|
|
[smooth, raster] Fix up and align error codes.
FT_Render_Glyph picked up FAILURE or 1 returned from the raster
function, which became a confusing error code. Instead, return
Raster_Overflow in the unlikely event that banding does not help or
another meaningful error.
* src/smooth/ftgrays.c (gray_convert_glyph_inner, gray_convert_glyph):
Use Raster_Overflow when the rendering pool is exhausted and return it
if banding does not help.
(gray_raster_render): Use Smooth_Err_Ok.
* src/raster/ftraster.c (Render_Single_Pass): Return Raster_Overflow
if banding does not help or another error code.
|
|
d8ac180c
|
2021-06-23T23:32:02
|
|
[smooth, raster] Remove synonymous error macros.
* src/smooth/ftgays.c [STANDALONE_]: s/ErrRaster_/Smooth_Err_/.
(gray_convert_glyph_inner): Updated accordingly.
* src/raster/ftraster.c [STANDALONE_]: Do not abbreviate error macros.
(New_Profile, End_Profile, Insert_Y_Turn, Line_Up, Bezier_Up,
Decompose_Curve, Draw_Sweep, Render_Single_Pass, ft_black_render):
Updated accordingly.
|
|
4cb21b9a
|
2021-06-22T20:50:48
|
|
[sfnt] s/PaintTransformed/PaintTransform/, s/transformed/transform/.
* include/freetype/ftcolor.h (FT_PaintTransformed, FT_PaintFormat,
FT_COLR_Paint): Do it to make it harmonize with other names such as
'PaintTranslate'.
* src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Ditto.
|
|
008e42a1
|
2021-06-19T15:45:46
|
|
ftver.rc: Update copyright year.
|
|
b460a506
|
2021-06-19T07:03:40
|
|
[truetype] Fix integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312
* src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.
|
|
232243e7
|
2021-06-19T06:32:29
|
|
Prevent hinting if there are too many segments.
This speeds up handling of broken glyphs.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35309
* src/autofit/aflatin.c (af_latin_hints_compute_segments): Implement
it.
|
|
61bac759
|
2021-06-18T17:38:00
|
|
* src/sdf/ftsdfrend.c (ft_(b)sdf_render): Do not FT_ERROR routinely.
|
|
f8c5c546
|
2021-06-16T09:54:49
|
|
Fix for issue 1063
See https://gitlab.freedesktop.org/freetype/freetype/-/issues/1063
for more details on the bug.
|
|
c6fcd612
|
2021-06-15T22:49:21
|
|
Add a comment.
|
|
8336d53c
|
2021-06-12T22:33:08
|
|
[type42] Fix new memory leak.
We need to inverse inheritance of FT_GlyphSlot_Internal so that we
have a chance to free the rendered bitmap from the parent slot.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of the child `ttslot' and replace it with the parent structure.
(T42_GlyphSlot_Done): Updated accordingly.
|
|
db0f2c44
|
2021-06-12T10:05:07
|
|
[psaux] Fix another assertion.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
in the `freetype2-testing` repository.
|
|
a34afe67
|
2021-06-12T08:40:16
|
|
[psaux] Fix assertions.
* src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow
before emitting an assertion error.
|
|
9bfecfd2
|
2021-06-09T23:34:04
|
|
* src/truetype/ttinterp.c (TT_RunIns): Optimize tracing.
|
|
7833e308
|
2021-06-09T10:40:30
|
|
[sdf] Fix SDF positioning.
* src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Add padding to
`bitmap_top' and `bitmap_left'.
* sdf/sdf/ftsdf.c (sdf_generate_with_overlaps): Fix VC++ warning.
|
|
08f66322
|
2021-06-08T18:23:16
|
|
More various documentation improvements and fixes.
|
|
b24cfc8d
|
2021-06-08T15:26:41
|
|
[sfnt] Sanitize cmap4 table better.
Fixes #1062.
* src/sfnt/ttcmap.c (tt_cmap4_validate): Handle a too-small value of
`length` gracefully.
|
|
ee6d03d3
|
2021-06-08T14:29:11
|
|
[sfnt] Pointer validity check when reading COLR 'v1' layers
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the
existing sanity checks, ensure that the pointer to the layer to be
read is within the 'COLR' v1 table.
|
|
41fa19fc
|
2021-06-08T10:32:20
|
|
* src/sdf/ftsdfcommon.c: Fix inclusion of header files.
|
|
35b21c71
|
2021-06-08T09:06:39
|
|
[sdf] Make `make multi` work.
* src/sdf/ftsdf.c: Include `ftbitmap.h`.
* src/sdf/ftsdfcommon.h: Move function bodies to `ftsdfcommon.c`.
Include `ftobjs.h` to get definitions of `FT_LOCAL` and friends.
* src/sdf/ftsdfcommon.c: New file.
* src/sdf/rules.mk, src/sdf/sdf.c: Updated.
|
|
36ee7171
|
2021-06-08T09:00:39
|
|
[sdf] Formatting and improved comments.
|
|
2b1d5562
|
2021-06-08T08:29:34
|
|
[sdf] Use 8 bits for final SDF output instead of 16bits.
Since 8-bits is enough to represent SDF data we no longer require
16-bits for this purpose. Also, we now normalize the output data
to use the entire 8-bit range efficiently. For example: if we use
3.5 format with a spread of 1 we basically only use the starting
5-bits. By normalizing we can use the entire 8-bit range.
* include/freetype/freetype.h (FT_Render_Mode): Updated description
for `FT_RENDER_MODE_SDF` regarding this change.
* include/freetype/ftimage.h (FT_Pixel_Mode): Removed
`FT_PIXEL_MODE_GRAY16` since no longer required.
* include/freetype/fttypes.h (FT_F6Dot10): Removed since no longer
required.
* src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Allocate 8-bit
bitmap instead of 16-bit buffer.
* src/sdf/ftsdfcommon.h (map_fixed_to_sdf): Added function to convert
16.16 distance value to our desired format.
* src/sdf/ftsdf.c (sdf_generate_with_overlaps,
sdf_generate_bounding_box): Use the new `map_fixed_to_sdf` function
and also use 8-bit output buffer.
* src/sdf/ftbsdf.c (finalize_sdf): Output to a 8-bit buffer instead
of 16-bit buffer.
|
|
2a6665a4
|
2021-06-01T15:25:31
|
|
[sfnt] Fix fallout from 2021-05-29 change.
* src/sfnt/ttcolr.c (find_base_glyph_record,
find_base_glyph_v1_record): Adjust binary search.
Needs to be updated with change to unsigned.
|
|
7ca7da9d
|
2021-06-02T06:59:01
|
|
* src/autofit/aflatin.c (af_latin_metrics_scale_dim): Fix tracing.
Problem reported by Alexei.
|
|
0abbc9f5
|
2021-06-02T06:36:11
|
|
[psaux] Fix MSVC compiler warnings.
* src/psaux/afmparse.c (afm_parse_track_kern, afm_parse_kern_pairs):
Add cast.
|
|
6e253b26
|
2021-05-29T11:05:41
|
|
Typos in previous commit.
|
|
a50c39aa
|
2021-05-29T09:50:29
|
|
Fix compilation errors and (some) warnings for clang++.
* src/autofit/afmodule.c (AF_GlyphHintsRec): Make it static.
* src/cache/ftcache.c (FTC_Cache_NewNode), src/cache/ftcsbits.c
(ftc_snode_compare): Remove semicolon.
* src/cff/cffparse.c (cff_parser_run): Add `break` statement.
* src/cid/cidload.c (cid_hex_to_binary): Add cast.
* src/sdf/ftbsdf.c (CHECK_NEIGHBOR): Use `do {} while(0)` loop.
(bsdf_init_distance_map, finalize_sdf, bsdf_raster_render): Add
casts.
* src/sdf/ftsdf.c (sdf_generate_bounding_box,
sdf_generate_with_overlaps): Ditto.
* src/sdf/ftsdfcommon.h (square_root): Ditto.
* src/sdf/ftsdfrend.c (sdf_property_get, ft_sdf_render,
ft_bsdf_render): Ditto.
* src/sfnt/ttcolr.c (find_base_glyph_record,
find_base_glyph_v1_record): Fix variable signedness.
(read_color_line): Add cast.
(read_paint): Add casts.
Fix signedness issue.
(tt_face_get_colorline_stops) Fix signedness issues.
* src/sfnt/ttpost.c (load_format_20): Add casts.
* src/truetype/ttsubpix.c (TWEAK_RULES, TWEAK_RULES_EXCEPTIONS):
Remove final semicolons.
|
|
28eee363
|
2021-05-27T11:38:56
|
|
[type42] Fix auto-hinting.
The autohinter could not access the base (unscaled) outline in the
child TrueType glyph slot. We now share the internal parts between
the parent and child glyph slots. Fixes #1057.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of `T42_GlyphSlot' and replace it with the child TrueType structure.
(T42_GlyphSlot_Done): Updated accordingly.
|
|
0d1c306e
|
2021-05-25T11:27:56
|
|
[psaux] Guard and trace AFM kern data allocation.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31543
* include/freetype/internal/fttrace.h: Add 'afmparse' trace
component.
* src/psaux/afmparse.c (FT_COMPONENT): Define.
(afm_parse_track_kern, afm_parse_kern_pairs): Protect against
allocations bombs.
Add tracing.
(afm_parse_kern_data): Don't allow multiple kern data sections.
|
|
2468e59a
|
2021-05-20T22:20:36
|
|
[type42] Avoid some memory zeroing.
* src/type42/t42objs.c (T42_Open_Face): Tweak allocation macro.
* src/type42/t42parse.c (t42_parse_sfnts): Ditto.
|
|
06e21ffe
|
2021-05-18T14:49:50
|
|
[gzip] Use exact type for `ft_gzip_alloc` and `ft_gzip_free`.
While a function pointer may be cast to another function pointer
type, it is required to cast the function pointer back to the
original function pointer type before calling it. If a parameter is
a pointer the exact pointer type is required. Using a pointer to a
different underlying type is technically undefined behavior. The
wrapper functions `ft_gzip_alloc` and `ft_gzip_free` took
`FT_Memory` (a `FT_MemoryRec_*`) instead of `voidpf` (`void*`), so
when gzip calls these callbacks through `alloc_func` or `free_func`
it invokes undefined behavior. On most platforms this works out as
expected, but newer undefined behavior detectors and targets like
wasm can detect this and will produce an error.
* src/gzip/ftgzip.c (ft_gzip_alloc, ft_gzip_free): Update signatures
to exactly match `alloc_func` and `free_func`, respectively.
Internally, cast the `void*` opaque pointer to `FT_Memory`.
|
|
1bc801b0
|
2021-05-16T23:12:01
|
|
[sfnt] Additional guards on the POST table.
Fixes timeout (#1055) analyzed by Ben Wagner, reported as
https://crbug.com/1194092
* src/sfnt/ttload.c (tt_face_load_post): Check POST format.
* src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode
charmap only if the glyph names exist.
* src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and
".null".
|
|
de151657
|
2021-05-13T23:08:31
|
|
[psaux] Use doubling allocation strategy for CF2_ArrStack.
Fixes timeout reported as
https://crbug.com/1206181
* src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it.
* src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.
|
|
2d3f5dd2
|
2021-05-12T17:24:35
|
|
* src/smooth/ftgrays.c (FT_MAX_GRAY_SPANS): Increase from 10 to 16.
Ten was barely enough for two slanted stems. Sixteen can actually fit
a bit more complicated scanlines.
|
|
c653b8d2
|
2021-05-12T16:17:21
|
|
* src/smooth/ftgrays.c (FT_GRAY_SET): Adjust for better code.
|
|
8f43d324
|
2021-05-12T00:04:59
|
|
[smooth] Faster bitmap sweeping.
Selecting the fill rule or checking the direct mode each time we call
`gray_hline' is sub-optimal. This effectively splits the direct mode
into a separate code path while inlining `gray_hline' and saving 5-7%
of rendering time.
* src/smooth/ftgrays.c (gray_hline): Eliminated in favor of...
(FT_FILL_RULE, FT_GRAY_SET): ... these new macros...
(gray_sweep): ... inlined here.
(gray_sweep_direct): New function that handles the direct span buffer.
(gray_TWorker): Remove the span buffer.
(gray_raster_render, gray_convert_glyph): Updated.
|
|
b0702645
|
2021-05-10T22:06:01
|
|
* src/smooth/ftgrays.c (gray_hline): Simplify even-odd computations.
It is too bad the even-odd rule is not used much.
|
|
967a34ee
|
2021-05-07T19:17:48
|
|
[type1] Avoid MM memory zeroing.
* src/type1/t1load.c (t1_allocate_blend, parse_blend_design_map):
Tweak allocation macros.
* src/type1/t1objs.c (T1_Face_Done): Minor.
|
|
2f62d8e0
|
2021-05-07T09:33:41
|
|
* src/bdf/bdflib.c (_bdf_list_ensure): Tweak allocation macro.
|
|
79ed536d
|
2021-05-06T23:46:46
|
|
* src/psaux/psobjs.c (ps_parser_load_field): Tweak allocation macro.
|
|
44c59414
|
2021-05-06T22:54:03
|
|
* src/sfnt/sfobjs.c (sfnt_load_face): Tweak allocation macro.
|
|
998c7c0f
|
2021-05-06T22:51:37
|
|
* src/cid/cidload.c (cid_read_subrs): Tweak allocation macro.
|
|
2d957848
|
2021-05-06T22:49:13
|
|
* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Tweak allocation.
|
|
8150ed0d
|
2021-05-05T23:30:46
|
|
[cff,psaux] Avoid memory zeroing (contd.).
* src/cff/cffload.c (cff_blend_doBlend, cff_blend_build_vector): Tweak
allocation macros.
* src/psaux/psarrst.c (cf2_arrstack_setNumElements): Ditto.
* src/psaux/psstack.c (cf2_stack_init): Ditto.
|
|
82fd32d6
|
2021-05-03T13:49:14
|
|
* src/cid/cidload.c (cid_hex_to_binary): Improve return value.
Add argument to return the actual number of bytes that were decoded.
The actual number of bytes decoded can be quite variable depending
on the number of ignored 'whitespace' bytes or early termination
with `>`.
(cid_face_open): Updated to use this calculated value. This avoids
trusting `parser->binary_length` is always be correct and reading
uninitialized bits if fewer are actually decoded.
First reported as
https://crbug.com/1203240
|
|
66630d88
|
2021-05-03T22:40:16
|
|
[sfnt] Streamline POST format 2.0 handing.
To reduce memory allocations, we read an entire Pascal-string buffer
and convert it to a C-string buffer. We also reject tables with
Postscript glyph names exceeding 63 bytes.
* src/sfnt/ttpost.c (load_format20): Implement it.
(load_post_names): Check the minimal POST table size.
(load_format25, tt_face_free_ps_names): Updated accordingly.
|
|
ec95f9c9
|
2021-05-02T18:30:22
|
|
[bdf,pcf] Avoid memory zeroing (contd.).
* src/bdf/bdflib.c (bdf_create_property, _bdf_add_comment,
_bdf_add_property, bdf_load_font): Tweak allocation macros.
* src/pcf/pcfread.c (pcf_get_properties, pcf_get_metrics): Ditto.
|
|
d911cb53
|
2021-05-01T23:49:11
|
|
* src/cid/cidload.c (cid_read_subrs): Tweak allocaton macro.
|
|
dc42f826
|
2021-05-01T12:46:44
|
|
[sfnt] Avoid some memory zeroing.
* src/sfnt/sfobjs.c (sfnt_open_font, sfnt_init_face,
tt_name_ascii_from_{utf16,other}): Tweak allocaton macros.
* src/sfnt/ttload.c (tt_face_load_name): Ditto.
|
|
b8968d66
|
2021-05-01T12:24:44
|
|
* src/sfnt/ttpost.c (load_format_{20,25}): Tweak allocaton macros.
|
|
2583b608
|
2021-05-01T09:22:26
|
|
* src/sfnt/pngshim.c (Load_SBit_Png): Tweak allocaton macro.
|
|
56ae9430
|
2021-05-01T09:14:04
|
|
[truetype] Avoid some memory zeroing.
* src/truetype/ttinterp.c (Init_Context): Tweak allocation macro.
* src/truetype/ttpload.c (tt_face_load_cvt): Ditto.
|
|
c177cc35
|
2021-05-01T09:09:52
|
|
[woff2] Avoid some memory zeroing.
* src/sfnt/sfwoff2.c (store_loca, woff2_open_font): Tweak macros.
|
|
4e1c6a12
|
2021-04-30T09:35:21
|
|
* src/gzip/ftgzip.c (ft_gzip_alloc): Zero out memory again.
|
|
f631542d
|
2021-04-27T11:39:58
|
|
[lzw] Preserve decompression stack when relocating to heap.
* src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Copy stack when
relocating to heap.
|
|
c213c8a9
|
2021-04-27T08:54:19
|
|
* src/cid/cidgload.c (cid_load_glyph): Restore the glyph_length check.
|
|
2ec6feaf
|
2021-04-27T13:28:35
|
|
* src/psmodule.c (ps_unicodes_init): Ignore empty glyph names.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33637
|
|
caff87b1
|
2021-04-26T22:45:40
|
|
* src/sfnt/sfobjs.c (sfnt_init_face): Revert macro change.
|
|
8750e843
|
2021-04-26T17:21:51
|
|
[cff] Avoid some memory zeroing.
* src/cff/cffparse.c (cff_parser_init): Tweak memory macro.
* src/cff/cffload.c (cff_index_load_offsets, cff_index_get_pointers,
cff_charset_load, cff_vstore_load): Ditto.
|
|
618d0834
|
2021-04-26T17:14:28
|
|
[pfr] Avoid some memory zeroing.
* src/pfr/pfrobjs.c (pfr_face_init) : Tweak memory macro.
* src/pfr/pfrload.c (pfr_extra_item_load_stem_snaps,
pfr_phy_font_load): Ditto.
|
|
b0a28197
|
2021-04-26T17:10:28
|
|
* src/winfonts/winfnt.c (FNT_Face_Init): Tweak memory macro.
|
|
deee5b70
|
2021-04-26T17:07:44
|
|
[psaux,psnames] Avoid some memory zeroing.
* src/psaux/psstack.c (cf2_stack_init): Tweak memory macro.
* src/psnames/psmodule.c (ps_unicodes_init): Ditto.
|
|
270ff52f
|
2021-04-25T23:40:59
|
|
[base] Avoid some memory zeroing.
* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Use FT_QNEW_ARRAY.
* src/base/ftsnames.c (FT_Get_Sfnt_{Name,LangTag}): Ditto.
|
|
c2d28314
|
2021-04-25T23:33:15
|
|
[bdf,pcf] Avoid some memory zeroing.
* src/pcf/pcfread.c (pcf_read_TOC, pcf_get_properties, pcf_load_font):
Tweak memory macros.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Ditto.
* src/bdf/bdflib.c (_bdf_readstreami, bdf_create_property,
_bdf_parse_glyphs, _bdf_parse_start): Ditto.
(_bdf_add_property): Do not handle zero size.
|
|
c78f78fa
|
2021-04-24T22:38:48
|
|
* src/cff/cffload.c (cff_index_get_pointers): s/FT_QALLOC/FT_ALLOC/.
|
|
0bd5d95d
|
2021-04-23T22:04:05
|
|
* src/base/ftobjs.c (Mac_Read_POST_Resource): s/FT_ALLOC/FT_QALLOC/.
* builds/mac/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.
|
|
e6e5b67d
|
2021-04-23T21:33:03
|
|
* src/sdf/ftsdf.c (sdf_{edge,contour,shape}_new): Use FT_QALLOC.
|
|
6ada59ab
|
2021-04-23T19:22:51
|
|
[sfnt] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string,
sfnt_get_var_ps_name): Do not zero out the buffer.
* src/sfnt/sfobjs.c (sfnt_init_face): Ditto.
* src/sfnt/sfwoff.c (woff_open_font): Ditto.
* src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
|
|
ec9e5114
|
2021-04-23T14:03:03
|
|
[cff,type1,type42] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/cff/cffload.c (cff_index_get_pointers, cff_index_get_name):
Do not zero out the buffer.
* src/cff/cffdrivr.c (cff_ps_get_font_info): Ditto.
* src/type1/t1load.c (parse_subrs, parse_charstrings,
parse_blend_axis_types): Ditto.
* src/type1/t1parse.c (T1_New_Parser, T1_Get_Private_Dict): Ditto.
* src/type42/t42parse.c (t42_parser_init): Ditto.
|
|
baa0f71d
|
2021-04-23T13:48:34
|
|
[cid] s/FT_ALLOC/FT_QALLOC/ and clean up.
* src/cid/cidgload.c (cid_load_glyph): Do not zero out the buffer.
* src/cid/cidload.c (cid_face_open, cid_read_subrs): Ditto.
|
|
b3438ccb
|
2021-04-23T08:35:02
|
|
[pfr] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/pfr/pfrload.c (pfr_extra_item_load_font_id, pfr_aux_name_load):
Do not zero out the buffer.
|
|
1e525c62
|
2021-04-23T08:24:22
|
|
[bzip2,gzip] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/bzip2/ftbzip2.c (ft_bzip2_alloc): Do not zero out the buffer.
* src/gzip/ftgzip.c (ft_gzip_alloc, FT_Stream_OpenGzip): Ditto.
|
|
a0fb6dbc
|
2021-04-23T00:05:18
|
|
[pcf,bdf,winfonts] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/pcf/pcfread.c (pcf_interpret_style): Do not zero out the buffer.
* src/bdf/bdfdrivr.c (bdf_interpret_style): Ditto.
* src/winfonts/winfnt.c (FNT_Face_Init, FNT_Load_Glyph): Ditto.
|
|
23f85c8a
|
2021-04-22T23:34:08
|
|
[cache] Optimize SBit copying.
* src/cache/ftcsbits.c (ftc_snode_load): Do not initialize the buffer.
(ftc_sbit_copy_bitmap): Accept zero size, s/FT_ALLOC/FT_QALLOC/.
|
|
93715ab2
|
2021-04-22T23:07:01
|
|
[gxvalid,otvalid] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/gxvalid/gxvmod.c (gxv_load_table): Do not zero out the buffer.
* src/otvalid/otvmod.c (otv_load_table): Ditto.
|
|
90b97a83
|
2021-04-22T23:00:40
|
|
[psaux] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/psaux/psobjs.c (ps_table_done, ps_parser_load_field): Do not
zero out the buffer.
|
|
44b1ebe5
|
2021-04-22T22:34:05
|
|
[base] s/FT_ALLOC/FT_QALLOC/ for initialized buffers.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream,
Mac_Read_sfnt_Resource): Do not zero out the buffer.
* src/base/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.
* src/base/ftrfork.c (raccess_make_file_name,
raccess_guess_darwin_hfsplus, raccess_guess_darwin_newvfs): Ditto.
|
|
8a459e51
|
2021-04-20T22:53:13
|
|
[cache] Restore SBit copying for unowned (BDF) bitmaps.
* src/cache/ftcsbits.c (ftc_sbit_copy_bitmap): Restore.
(ftc_snode_load): Check ownership and copy unowned bitmaps.
|
|
361465de
|
2021-04-20T22:31:28
|
|
Bitmap tracing.
|
|
e662a950
|
2021-04-19T12:49:16
|
|
[sfnt] Return in 'COLR' v1 when layer pointer outside table
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): Add missing return
when paint pointer outside table.
(read_paint): Add missing return when paint pointer outside table.
|