|
642bc759
|
2018-11-22T10:29:35
|
|
[cff] Fix memory overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9869
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10869
* src/cff/cffparse.c (destruct_t2s_item, cff_parser_run): Store
evaluated T2 charstrings in separately allocated memory.
|
|
78db9eec
|
2018-11-10T15:39:19
|
|
[smooth] Placeholder only for library-enabled LCD filtering.
* src/smooth/ftsmooth.c (ft_smooth_init): Add disabled
`FT_Library_SetLcdFilter' call.
|
|
58e48e92
|
2018-11-09T12:14:35
|
|
[psaux] Add safety guard (#54985).
* src/psaux/psobjs.c (cff_builder_close_contour): Do it.
|
|
181033d3
|
2018-11-08T21:04:56
|
|
[ftstroke] Fix unpredictable failures (#54986).
* src/base/ftstroke.c (ft_sroke_border_lineto): Fix lineto check.
|
|
81c31f62
|
2018-11-08T07:54:47
|
|
[ftstroke] Fix unpredictable failures (#54976).
* src/base/ftstroke.c (ft_sroke_border_close): Set the start tags.
|
|
fb0d66d0
|
2018-11-07T00:47:44
|
|
[truetype] Fix VF check from 2018-09-12 (#54973).
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Use correct
offsets for estimates.
|
|
fbd24523
|
2018-11-06T11:15:31
|
|
[pshinter] Fix numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11242
* src/pshinter/pshrec.c (ps_dimension_add_t1stem): Implement it.
|
|
5b86f53d
|
2018-11-06T11:08:41
|
|
[psaux] Fix timeout in old CFF engine.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11260
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_sqrt> [CFF_CONFIG_OPTION_OLD_ENGINE]: Fix potential endless
loop.
|
|
cc288e38
|
2018-11-04T22:09:16
|
|
Minor.
|
|
1f43affc
|
2018-11-04T13:11:16
|
|
* src/truetype/ttgxvar.c: Use enum definitions.
|
|
d95a12b8
|
2018-11-03T23:02:58
|
|
* src/truetype/ttgxvar.c (ft_var_apply_tuple): Adjust condition.
|
|
547f82f2
|
2018-11-03T23:00:36
|
|
* src/truetype/ttgxvar.c (ft_var_apply_tuple): Tracing tweaks.
|
|
ce3feb0b
|
2018-11-03T22:43:21
|
|
Revert due to specs: [truetype] Speed up variation IUP.
This reverts commit 1e4496c54c010843c1bac56e5d344115d1a49620.
|
|
dfa86d65
|
2018-11-03T22:36:52
|
|
Revert "[truetype] Speed up variation IUP."
This reverts commit 1e4496c54c010843c1bac56e5d344115d1a49620.
|
|
61d50756
|
2018-11-02T20:42:25
|
|
* src/truetype/ttgxvar.c (ft_var_get_item_delta): Fixed logic.
Reported and tested by Behdad.
|
|
339c451a
|
2018-11-02T10:10:10
|
|
[autofit] Prevent SEGV.
See
https://bugs.ghostscript.com/show_bug.cgi?id=697545
for more details on how the bug was found.
* src/autofit/afloader.c (af_loader_load_glyph): Propagate error
code.
|
|
1e4496c5
|
2018-10-31T23:17:33
|
|
[truetype] Speed up variation IUP.
* src/truetype/ttgxvar.c (tt_delta_interpolate): Separate trivial
snapping to the same position from true interpolation.
|
|
ba03310b
|
2018-10-31T22:01:36
|
|
* src/type1/t1load.c (t1_set_mm_blend): Optimized.
|
|
300da33d
|
2018-10-31T21:55:40
|
|
* src/truetype/ttgxvar.c (ft_var_get_item_delta): Optimized.
|
|
c13635ee
|
2018-10-29T21:25:10
|
|
[base] Fix numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11080
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use `MUL_LONG'.
|
|
ba62f9d8
|
2018-10-29T21:11:36
|
|
[cff] Fix numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10988
* src/cff/cffparse.c (cff_parser_run)
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use `NEG_LONG'.
|
|
3e8ec291
|
2018-10-26T23:23:48
|
|
[sfnt] Make `head' timestamps unsigned.
It's been more than 2^31 seconds since 1904.
* include/freetype/tttables.h (TT_Header): Change field types.
* src/sfnt/ttload.c (tt_face_load_generic_header): Updated.
|
|
d71f2bc1
|
2018-10-26T22:52:25
|
|
Revert "Align FreeType with standard C memory management."
This reverts commit 877aa1b2cc662978aae61ed4d5c6ea8ba56b2fe7.
|
|
bfe53294
|
2018-10-27T00:07:53
|
|
[psaux] Fix numeric overflow.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11157
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_blend>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Fix integer overflow.
|
|
f56830ed
|
2018-10-20T07:27:47
|
|
Avoid endless loop while tracing (#54858).
* src/type1/t1load.c (parse_buildchar): Guard tracing stuff with
FT_DEBUG_LEVEL_TRACE.
|
|
912e174c
|
2018-10-07T09:28:52
|
|
A missing Unicode cmap is not a fatal error.
This is a follow-up to the previous commit.
* src/cff/cffobjs.c (cff_face_init), src/sfnt/sfobjs.c
(sfnt_load_face), src/type1/t1objs.c (T1_Face_Init),
src/type42/t42objs.c (T42_Face_Init): Implement it.
|
|
885f5b0b
|
2018-10-07T09:03:05
|
|
Fix handling of FT_CONFIG_OPTION_ADOBE_GLYPH_LIST (#54794).
* src/cff/cffcmap.c (cff_cmap_unicode_init), src/psaux/t1cmap.c
(t1_cmap_unicode_init), src/sfnt/ttcmap.c (tt_cmap_unicode_init):
Check `unicodes_init' field.
|
|
0a178144
|
2018-10-07T08:59:56
|
|
Whitespace.
|
|
f262d15d
|
2018-10-07T07:40:37
|
|
Minor comment improvement.
|
|
9817571c
|
2018-10-03T08:04:55
|
|
[ftgrays] Fix typo in stand-alone mode (#54771).
* src/smooth/ftgrays.c (FT_THROW) [STANDALONE_ &&
FT_DEBUG_LEVEL_TRACE]: Fix call to `FT_ERR_CAT'.
|
|
d280ae1e
|
2018-10-02T20:45:16
|
|
[psaux] Fix segfault.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_callothersubr> [CFF_CONFIG_OPTION_OLD_ENGINE]: Check
argument.
|
|
6b660f12
|
2018-10-02T16:48:59
|
|
[psaux] Fix numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10768
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use NEG_INT.
|
|
83fc524d
|
2018-10-02T16:36:49
|
|
[pshinter] Handle numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10550
* src/pshinter/pshglob.c (psh_blues_snap_stem): Mask numeric
overflow.
|
|
877aa1b2
|
2018-09-27T21:17:36
|
|
Align FreeType with standard C memory management.
* include/freetype/ftsystem.h: Include FT_TYPES_H.
(*FT_Alloc_Func, *FT_Realloc_Func): Use size_t for the size arguments.
* src/raster/ftmisc.h: Ditto.
* builds/amiga/src/base/ftsystem.c, builds/unix/ftsystem.c,
* builds/vms/ftsystem.c, src/base/ftsystem.c (ft_alloc, ft_realloc):
Use size_t for the size arguments.
* src/base/ftdbgmem.c (ft_mem_debug_alloc, ft_mem_debug_realloc): Use
FT_Offset, aka size_t, for the size arguments.
|
|
4500c701
|
2018-09-26T22:04:50
|
|
Typo.
|
|
a9af6914
|
2018-09-25T09:10:09
|
|
Fix handing of `FT_Bool'.
Before this commit we had code like
(FT_Bool)( globals->glyph_styles[gindex] & 0x8000)
Since `FT_Bool' is defined to be an `unsigned char', the code
evaluated to something like
(unsigned char)( 0x8532 & 0x8000)
which in turn expanded to
(unsigned char)( 0x8000)
and finally yielded 0x00 – i.e., false – not as expected.
Problem reported and analyzed by Tony Smith <tony.smith@macro4.com>.
* include/freetype/fttypes.h (FT_BOOL): Add a comparison against
zero so that we always have a Boolean expression.
*/*: Replace castings to `FT_Bool' with calls to `FT_BOOL' where
possible.
|
|
0f122fef
|
2018-09-23T21:46:26
|
|
[bdf] Speed up charmap access.
This makes FT_Get_Char_Index and FT_Get_Next_Char 4-5 times faster.
* src/bdf/bdfdrivr.c (bdf_cmap_char_{index,next}): Help binary search
with continuous prediction.
|
|
793a9ff9
|
2018-09-22T14:38:00
|
|
* src/base/ftobjs.c (ft_glyphslot_reset_bimap): Another tweak.
This one should be clearer. When the rounded monochrome bbox collapses
we add a pixel that covers most if not all original cbox.
|
|
f26d5775
|
2018-09-21T20:34:58
|
|
* src/base/ftobjs.c (ft_glyphslot_reset_bimap): Further tweak.
|
|
335528e1
|
2018-09-21T11:26:37
|
|
Improve auto-hinter handling of bitmap fonts (#54681).
For bitmap fonts, `FT_Load_Glyph' should either return an error or
not set the format to `FT_GLYPH_FORMAT_OUTLINE'. However, in this
case `FT_Load_Glyph' calls into the auto-hinter which calls back
into `FT_Load_Glyph' with `FT_LOAD_NO_SCALE' in the flags, which
marks the glyph as `FT_GLYPH_FORMAT_OUTLINE' with an empty path
(even though it doesn't have any path). It appears that the
auto-hinter should not be called when the face doesn't have
outlines. The current test for using the auto-hinter in
`FT_Load_Glyph' checks if the driver supports scalable outlines, but
not if the face supports scalable outlines.
* src/base/ftobjs.c (FT_Load_Glyph): Directly check whether we have
scalable outlines.
|
|
c168cc3b
|
2018-09-21T11:09:27
|
|
[raster] Fix disappearing vertical lines (#54589).
* src/raster/ftraster.c (Vertical_Sweep_Span): Handle special case
where both left and right outline exactly pass pixel centers.
|
|
493aa68f
|
2018-09-21T08:32:22
|
|
[base] Some comments.
|
|
2a9850c4
|
2018-09-20T22:40:32
|
|
* src/base/ftobjs.c (ft_glyphslot_reset_bimap): Tiny rounding tweak.
This adds pixels in case a contour goes through the center
and they need to be turned on in the b/w rasterizer.
|
|
c1b21f47
|
2018-09-20T22:14:46
|
|
[pcf] Replace charmap implementation.
PCF comes with charmap lookup table, aka PCF encodings. Using it
directly makes FT_Get_Char_Index and FT_Get_Next_Char 4-5 times
faster than the original BDF-like binary searches.
* src/pcf/pcf.h (PCF_EncodingRec): Removed.
(PCF_FaceRec): Remove `nencodings' and `encodings'.
* src/pcf/pcfdrivr.c (pcf_cmap_char_{index,next}): Replaced.
* src/pcf/pcfread.c (pcf_get_encodings): Store data differently.
|
|
8e950680
|
2018-09-20T06:26:34
|
|
[base] Remove unused function `FT_GlyphLoader_CopyPoints'.
* include/freetype/internal/ftgloadr.h, src/base/ftgloadr.c
(FT_GlyphLoader_CopyPoints): Do it.
|
|
7f93c977
|
2018-09-19T22:45:45
|
|
[pcf] Prepare to replace charmap implementation.
* src/pcf/pcf.h (PCF_Face): Updated to include...
(PCF_EncRec): ... this new structure to store charmap geometry.
* src/pcf/pcfread.c (pcf_get_encodings): Store charmap geometry.
|
|
d629c2ba
|
2018-09-18T17:11:48
|
|
Remove unused fields.
* src/pcf.h (PCF_FaceRec): Remove `charmap' and `charmap_handle'.
* src/bdfdrvr.h (BDF_FaceRec): Ditto.
* src/winfonts/winfnt.h (FNT_FaceRec): Ditto.
|
|
dfddc2d9
|
2018-09-17T08:03:57
|
|
[pshinter] Handle numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10396
* src/pshinter/pshglob.c: Include FT_INTERNAL_CALC_H.
(psh_blues_snap_stems): Mask numeric overflow.
|
|
de0aabcd
|
2018-09-15T06:14:18
|
|
[sfnt] Comment fix.
|
|
10e54d04
|
2018-09-13T21:47:35
|
|
[truetype] Some fixes for VF checks.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10317
* src/truetype/ttgxvar.c (ft_var_load_gvar): Properly exit memory
frame if we have invalid glyph variation data offsets.
(tt_face_vary_cvt): Protect against missing `tuplecoords' array.
Fix typo.
|
|
7665914c
|
2018-09-13T08:58:49
|
|
* src/sfnt/sfdriver.c (sfnt_get_var_ps_name): Fix last commit.
|
|
a5818ed1
|
2018-09-13T08:46:44
|
|
* src/sfnt/sfdriver.c (sfnt_get_var_ps_name): Check `result'.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10316
|
|
6b53300b
|
2018-09-12T08:08:09
|
|
[sfnt] Better PS name handling (#54629).
* src/sfnt/sfdriver (IS_WIN, IS_APPLE): Omit language ID checks.
(get_win_string, get_apple_string): Return NULL when the PostScript
font name characters is not according to specification.
(get_win_string): Make trace output work if the high byte if
non-zero.
(sfnt_get_var_ps_name, sfnt_get_ps_name): Previously we preferred
Win PS name (when there is also an Apple PS name); change this into
a fallback to Apple PS name in case the Win PS name is invalid.
|
|
65681e6d
|
2018-09-12T07:40:49
|
|
[truetype] Improve VF check.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10255
* src/truetype/ttgxvar.c (ft_var_load_gvar): Use better limit check
for `tupleCount'.
|
|
53c5e4bd
|
2018-09-12T07:27:30
|
|
* src/truetype/ttgxvar.c (ft_var_load_gvar): Check `glyphoffsets'.
|
|
7b855ed9
|
2018-09-10T23:41:04
|
|
* src/pshinter/pshrec.c (t2_hints_stems): Mask numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10215
|
|
fea435fb
|
2018-09-09T09:46:29
|
|
[sfnt] Comment improvement.
|
|
1c04eed7
|
2018-09-07T06:40:55
|
|
[truetype] Fix assertion failure.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212
* src/truetype/ttgload.c (load_truetype_glyph): Reintroduce
`opened_frame' (removed in a change from 2018-08-26) to handle
dealloation of the second frame.
|
|
76a52465
|
2018-09-03T09:08:47
|
|
*/*: s/PSNames/psnames/.
Only tracing messages are affected.
|
|
475f6d25
|
2018-09-03T09:00:58
|
|
[sfnt] Fix heap buffer overflow in CPAL handling.
* src/sfnt/ttcpal.c (tt_face_palette_set): Fix boundary test.
(tt_face_load_cpal): Updated.
|
|
9be656bb
|
2018-09-01T11:01:52
|
|
Remove `FT_Outline_{New,Done}_Internal'.
These public API functions(!) were always undocumented and have
escaped all clean-up efforts until now.
* include/freetype/ftoutln.h (FT_Outline_New_Internal,
FT_Outline_Done_Internal): Removed.
* src/base/ftoutln.h (FT_Outline_New_Internal,
FT_Outline_Done_Internal): Merge into...
(FT_Outline_New, FT_Outline_Done): ... these functions.
* docs/README: Updated.
|
|
809d5125
|
2018-08-31T22:49:19
|
|
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Check glyph format.
|
|
c6df41e3
|
2018-08-31T20:10:38
|
|
Whitespace.
|
|
9a323e47
|
2018-08-31T20:09:21
|
|
* src/base/ftdebug.c (FT_Throw): Restore missing `FT_UNUSED' calls.
|
|
aff04e91
|
2018-08-31T14:57:36
|
|
* src/base/ftdebug.c (FT_Throw): Reduce chattiness.
|
|
83525bdd
|
2018-08-31T07:37:15
|
|
Minor comments.
|
|
0d4ca138
|
2018-08-31T06:53:52
|
|
* src/autofit/afhints.c (af_glyph_hints_reload): Add initialization.
|
|
1dacbd89
|
2018-08-30T23:28:30
|
|
Consolidate bitmap presetting and size assessment.
* include/freetype/internal/ftobjs.h (ft_glyphslot_preset_bitmap):
Change return type.
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Return the bitmap
size assessment.
* src/raster/ftrend1.c (ft_raster1_render): Use it to refuse the
rendering of enourmous or far-fetched outlines.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto.
|
|
ca980b4c
|
2018-08-30T21:51:18
|
|
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Correct mono.
|
|
d20dc392
|
2018-08-30T14:09:04
|
|
[errors] Introduce `FT_Error_String'.
* include/freetype/fterrors.h (FT_Error_String),
src/base/fterrors.c (FT_Error_String): Implement `FT_Error_String'.
* src/base/ftbase.c, src/base/Jamfile (_source),
src/base/rules.mk (BASE_SRC): Add `fterrors.c' to the build logic.
* src/base/ftdebug.c (FT_Throw): Use `FT_Error_String'.
|
|
c0ccf750
|
2018-08-30T09:56:09
|
|
[autofit] Trace `before' and `after' edges of strong points.
* src/autofit/afhints.h (AF_PointRec) [FT_DEBUG_AUTOFIT]: New arrays
`before' and `after'.
* src/autofit/afhints.c (af_get_strong_edge_index): New auxiliary
function.
(af_glyph_hints_dump_points): Trace `before' and `after' edges.
(af_glyph_hints_align_strong_points) [FT_DEBUG_AUTOFIT]: Set
`before' and `after' information.
|
|
21c2b390
|
2018-08-30T09:52:08
|
|
Minor.
|
|
5d93a3fc
|
2018-08-30T01:12:22
|
|
[base] Overflow-resistant bitmap presetting.
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Implement it.
|
|
934a6159
|
2018-08-29T15:28:21
|
|
Fix numeric overflows.
* src/pshint/pshalgo.c (psh_hint_align, psh_hint_align_light,
psh_hint_table_find_strong_points): Fix numeric overflows.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10083
|
|
3915a18b
|
2018-08-29T06:53:54
|
|
[cff] Fix handling of `roll' op in old engine.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10080
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use modulo for loop count, as
documented in the specification.
|
|
ae3afbc4
|
2018-08-26T15:40:16
|
|
* src/truetype/ttobjs.c (tt_size_read_bytecode): Trace CVT values.
|
|
13034e54
|
2018-08-26T12:22:51
|
|
* src/pshint/pshalgo.c (psh_hint_overlap): Fix numeric overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10057
|
|
4738dcc4
|
2018-08-26T12:03:33
|
|
Minor tracing adjustments.
* src/base/ftstream.c (FT_Stream_EnterFrame, FT_Stream_ExitFrame):
Trace.
* src/truetype/ttgload.c (TT_Access_Glyph_Frame): Remove tracing.
|
|
6e339b8d
|
2018-08-26T11:59:02
|
|
[truetype] Avoid nested frames.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10054
* src/truetype/ttgload.c (load_truetype_glyph): Don't use variable
`opened_frame' to trace whether a frame must be closed at the end of
function: This fails because `TT_Vary_Apply_Glyph_Deltas' (which
gets called for space glyphs) uses a frame by itself. Instead,
close the frame after loading the header, then use another frame for
the remaining part of the glyph later on.
Also avoid calling `tt_get_metrics' twice under some circumstances.
|
|
b287c80b
|
2018-08-26T06:39:43
|
|
Various minor clean-ups.
* src/base/ftapi.c: Remove. Unused.
* src/base/Jamfile (_sources): Updated.
* src/base/ftstream.c (FT_Stream_ReleaseFrame): Remove redundant
code.
|
|
195728d5
|
2018-08-25T12:17:30
|
|
* src/tools/docmaker: Remove `docmaker'.
`Docmaker' has now upgraded to `docwriter', a pip package available at
https://pypi.org/project/docwriter/
|
|
77f0814a
|
2018-08-23T17:53:54
|
|
Add macros for handling over-/underflowing `FT_Int64' values.
* include/freetype/internal/ftcalc.h (ADD_INT64, SUB_INT64,
MUL_INT64, DIV_INT64) [FT_LONG64]: New macros.
* src/base/ftcalc.c (ft_corner_orientation) [FT_LONG64]: Use
`SUB_INT64' and `MUL_INT64'.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10028
|
|
45524679
|
2018-08-22T10:31:05
|
|
[truetype] Improve legibility of `glyf' parsing.
* src/truetype/ttgload.c (ON_CURVE_POINT, X_SHORT_VECTOR,
Y_SHORT_VECTOR, REPEAT_FLAG, X_POSITIVE, SAME_X, Y_POSITIVE, SAME_Y,
OVERLAP_SIMPLE): New macros.
(TT_Load_Simple_Glyph): Use new macros to make code more readable.
Remove useless adjustment of `outline->tags' elements.
|
|
a3e842f9
|
2018-08-22T09:55:38
|
|
Minor formatting and documentation fixes.
|
|
0a33b44e
|
2018-08-21T10:52:14
|
|
* src/sfnt/ttcpal.c (tt_face_load_cpal): Add missing safety check.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9981
|
|
4dc0d48f
|
2018-08-18T14:39:20
|
|
[psaux] Avoid slow PS font parsing in case of error.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9955
* src/psaux/psobjs.c (ps_parser_to_bytes): Set `parser->cursor' even
in case of error to avoid potential re-scanning.
|
|
2550fc75
|
2018-08-18T13:38:48
|
|
[cff] Fix heap buffer overflow in old engine.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9967
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_blend> [CFF_CONFIG_OPTION_OLD_ENGINE]: `num_designs' must be
non-zero.
|
|
efa2a3ba
|
2018-08-15T23:49:07
|
|
Revert BDF copyright years.
|
|
af9662e6
|
2018-08-15T22:58:11
|
|
Ouch. BDF copyright year.
|
|
923fcbcd
|
2018-08-15T22:50:06
|
|
[bdf] Don't track duplicate encodings.
There is no harm except some umbiguity in broken fonts with duplicate
encodings.
* src/bdf/bdflib.c (_bdf_parse_glyphs): Remove duplicate tracking.
(_bdf_parse_t): Remove large `have' bitfield.
|
|
a0dd16fb
|
2018-08-15T18:13:17
|
|
Don't use `trace_' prefix for FT_COMPONENT arguments.
* include/freetype/internal/ftdebug.h (FT_TRACE_COMP,
FT_TRACE_COMP_): New auxiliary macros to add `trace_' prefix.
(FT_TRACE): Use `FT_TRACE_COMP'.
*/* (FT_COMPONENT): Updated.
|
|
1d7b034c
|
2018-08-14T15:48:17
|
|
Use formatting string in FT_TRACEX calls for non-simple arguments.
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_hstem, cff_op_hintmask, cff_op_hlineto, cff_op_vhcurveto>:
Do it.
* src/psaux/pshints.c (cf2_hintmap_build): Ditto.
* src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_cmdHSTEM,
cf2_cmdVSTEM, cf2_cmdHLINETO, cf2_cmdRRCURVETO, cf2_cmdCALLSUBR,
cf2_escHSTEM3, cf2_cmdHINTMASK, cf2_cmdHVCURVETO>: Ditto.
* src/truetype/ttinterp.c (TT_RunIns): Ditto.
|
|
e001a17d
|
2018-08-14T07:10:57
|
|
[bdf] Remove unused fields.
* src/bdf/bdf.h (bdf_font_t): Remove `nmod', `umod', and `modified',
which were set but never used.
* src/bdf/bdflib.c (_bdf_parse_{glyphs,properties}, bdf_load_font):
Updated accordingly.
|
|
44db1add
|
2018-08-14T10:01:00
|
|
[cff] Fix another segv in old engine.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9872
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
[CFF_CONFIG_OPTION_OLD_ENGINE]: Disallow invalid T1 opcodes in
dictionaries.
|
|
1937b557
|
2018-08-14T07:54:25
|
|
[cff] Fix missing error handling.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9865
* src/psaux/cffparse.c (cff_parser_run)
[CFF_CONFIG_OPTION_OLD_ENGINE]: Don't ignore return value of
`parse_charstrings_old'.
|
|
ac2ea865
|
2018-08-13T21:33:24
|
|
[bdf] Remove unused overflow storage.
* src/bdf/bdf.h (bdf_glyphlist_t): Remove this type.
(bdf_font_t): Remove `overflow' field.
* src/bdf/bdflib.c (bdf_free_font): Remove `overflow' freeing.
|
|
757bdf1a
|
2018-08-14T02:02:26
|
|
[cff] Fix segv.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9864
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_random> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use top dict's
`random' field directly if parsing dictionaries.
|
|
f5fe6e2f
|
2018-08-13T09:01:53
|
|
[bdf] Use unsigned types.
* src/bdf/bdf.h (bdf_glyph_t): Unsign `encoding'.
(bdf_font_t): Unsign `default_char'.
* src/bdf/bdfdrivr.h (BDF_encoding_el): Unsign `enc'.
* src/bdf/bdflib.c (_bdf_add_property, _bdf_parse_glyphs,
_bdf_parse_start): Updated accordingly.
* src/bdf/bdfdrivr.c (bdf_cmap_char_{index,next}): Ditto.
|
|
50486df1
|
2018-08-13T08:46:53
|
|
* src/type42/t42parse.c (t42_parse_sfnts): One more format check.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9832
|
|
5b904409
|
2018-08-11T06:41:35
|
|
* src/base/ftcalc.c (FT_Matrix_Check): Fix integer overflow.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9811
|