kmx git

Commit	Date	Message
748e3681	2015-10-21T13:58:43	[cff] Remove an assert (#46107). * src/cff/cf2hints.c (cf2_hintmap_insertHint): Ignore paired edges in wrong order.
e6593389	2015-10-21T08:04:29	[sfnt] Avoid unnecessarily large allocation for WOFFs (#46257). * src/sfnt/sfobjs.c (woff_open_font): Use WOFF's `totalSfntSize' only after thorough checks. Add tracing messages.
649ca556	2015-10-21T07:01:45	[type42] Better check invalid `sfnts' array data (#46255). * src/type42/t42parse.c (t42_parse_sfnts): Table lengths must be checked individually against available data size.
3eccc3a3	2015-10-20T22:31:57	[cid] Add a bunch of safety checks. * src/cid/cidload.c (parse_fd_array): Check `num_dicts' against stream size. (cid_read_subrs): Check largest offset against stream size. (cid_parse_dict): Move safety check to ... (cid_face_open): ... this function. Also test length of binary data and values of `SDBytes', `SubrMapOffset', `SubrCount', `CIDMapOffset', and `CIDCount'.
d47d372c	2015-10-20T12:24:36	[cid] Avoid segfault with malformed input (#46250). * src/cid/cidload.c (cid_read_subrs): Return a proper error code for unsorted offsets.
5cf83a53	2015-10-20T07:19:44	* CMakeLists.txt: Enable shared library builds on MinGW (#46233).
3c582060	2015-10-20T06:57:28	* src/type1/t1afm.c (T1_Read_Metrics): Fix memory leak (#46229).
ba8a528b	2015-10-19T23:27:06	[cid] Better handle invalid glyph stream offsets (#46221). * src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph length.
2961b66c	2015-10-19T23:17:25	Typo.
24cee3a8	2015-10-19T23:00:28	[psaux] Fix tracing of negative numbers. Due to incorrect casting negative numbers were shown as very large (positive) integers on 64bit systems. * src/psaux/t1decode.c (t1_decoder_parse_charstrings) <op_none>: Use division instead of shift.
5179c89f	2015-10-19T08:49:25	Comments.
14213b54	2015-10-18T18:15:04	[truetype] Improve TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46223). * devel/ftoption.h, include/freetype/config/ftoption.h: Surround it with #ifndef ... #endif, as suggested in the tracker issue.
dcfc4d9c	2015-10-18T16:47:06	[truetype] Better protection against malformed `fpgm' (#46223). * src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a malformed `fpgm' table more than once.
7643b583	2015-10-17T15:51:29	* src/cid/cidgload.c (cid_load_glyph): Fix memory leak. Reported by Kostya Serebryany <kcc@google.com>.
b185747d	2015-10-17T14:21:41	[bdf] Prevent memory leak (#46217). * src/bdf/bdflib.c (_bdf_parse_glyphs) <STARTCHAR>: Check _BDF_GLYPH_BITS.
797ca5ac	2015-10-17T11:57:16	Typo.
e1ca18d4	2015-10-17T11:51:27	[bdf] Use stream size to adjust number of glyphs. * src/bdf/bdflib.c (ACMSG17): New message macro. (_bdf_parse_t): Add member `size'. (bdf_load_font): Set `size'. (_bdf_parse_glyphs): Adjust `cnt' if necessary.
0af21dcf	2015-10-17T09:29:52	* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.
38a3dd55	2015-10-17T09:15:37	Typo.
0ba98da4	2015-10-17T09:11:02	* src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222).
8edfcbed	2015-10-17T08:11:16	[psaux] Fix heap buffer overflow (#46221). * src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>: Fix limit check.
a5ecfb4c	2015-10-17T06:15:55	* src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220).
266976b1	2015-10-15T22:15:53	add src/tools/ftfuzzer/README
65d89804	2015-10-15T23:50:16	[bdf] Fix memory leak (#46213). * src/bdf/bdflib.c (bdf_load_font): Always go to label `Fail' in case of error.
24a1fcdf	2015-10-15T21:50:15	[truetype] Add TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46208). * devel/ftoption.h, include/freetype/config/ftoption.h (TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES): New configuration macro. * src/truetype/ttinterp.c (MAX_RUNNABLE_OPCODES): Removed. (TT_RunIns): Updated.
911171ac	2015-10-15T21:22:16	Minor.
837ad9d4	2015-10-15T21:15:45	* src/truetype/ttinterp.c (TT_RunIns): Fix bytecode stack tracing. The used indices were off by 1.
8b76eaf0	2015-10-15T18:28:43	* src/tools/ftfuzzer/ftfuzzer.cc: Handle fixed sizes (#46211).
e03214e1	2015-10-15T16:58:13	[base] Compute MD5 checksums only if explicitly requested. This improves profiling accuracy. * src/base/ftobjs.c (FT_Render_Glyph_Internal): Implement it.
6de2a355	2015-10-15T08:40:12	Minor.
2a20c92c	2015-10-14T15:23:15	[base] Use `FT_' namespace for MD5 functions (#42366). * src/base/ftobjs.c (MD5_): Define as `FT_MD5_'. Undefine HAVE_OPENSSL.
8539915d	2015-10-13T20:43:19	[type1] Correctly handle missing MM axis names (#46202). * src/type1/t1load.c (T1_Get_MM_Var): Implement it.
58b61b6e	2015-10-13T18:26:18	[pcf] Quickly exit if font index < 0. Similar to other font formats, this commit makes the parser no longer check the whole PCF file but only the header and the TOC if we just want to get the number of available faces (and a proper recognition of the font format). * src/pcf/pcfdrivr.c (PCF_Face_Init): Updated. Exit quickly if face_index < 0. * src/pcfread.c (pcf_load_font): Add `face_index' argument. Exit quickly if face_index < 0. * src/pcf/pcf.h: Updated.
bdb56bba	2015-10-13T11:51:13	[ftfuzzer] Handle TTCs and MM/GX variations. This patch also contains various other improvements. * src/tools/ftfuzzer/ftfuzzer.cc: Add preprocessor guard to reject pre-C++11 compilers. (FT_Global): New class. Use it to provide a global constructor and destructor for the `FT_Library' object. (setIntermediateAxis): New function to select an (arbitrary) instance. (LLVMFuzzerTestOneInput): Loop over all faces and named instances. Also call `FT_Set_Char_Size'.
43a96eb2	2015-10-13T11:18:55	[truetype] Refine some GX sanity tests. Use the `gvar' table size instead of the remaining bytes in the stream. * src/truetype/ttgxvar.h (GX_BlendRec): New field `gvar_size'. * src/truetype/ttgxvar.c (ft_var_load_gvar): Set `gvar_size'. (ft_var_readpackedpoints, ft_var_readpackeddeltas: New argument `size'. (tt_face_vary_cvt, TT_Vary_Apply_Glyph_Deltas): Updated.
052f6c56	2015-10-13T08:24:32	[truetype] Another GX sanity test. * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Check `tupleCount'. Add tracing message.
7ef0d866	2015-10-13T08:14:20	[truetype] Fix memory leak for broken GX fonts (#46188). * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Fix scope of deallocation.
f96094ee	2015-10-13T07:13:56	[truetype] Fix commit from 2015-10-10. * src/truetype/ttgxvar.c (ft_var_load_gvar): Add missing error handling body to condition.
b9880aa0	2015-10-12T10:13:26	[unix] Make MKDIR_P actually work. * builds/unix/configure.raw: Fix underquoting of `INSTALL' and `MKDIR_P'. Problem reported by Dan Liddell <lddll@yahoo.com>.
4f7f6f6e	2015-10-11T07:55:25	[sfnt] Improve extraction of number of named instances. * src/sfnt/sfobjs.c (sfnt_init_face) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Check number of instances against `fvar' table size.
a724dcf5	2015-10-11T05:50:07	Split off ChangeLog.25.
c14ae9c5	2015-10-10T22:28:26	* src/base/ftoutln.c (FT_Outline_Get_Orientation): Fix overflow (#46149).
8de39a79	2015-10-10T13:34:11	[sfnt] Fix infinite loops with broken cmaps (#46167). * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next): Take care of border condidions (i.e., if the loops exit naturally).
da34673e	2015-10-10T10:21:27	[truetype] More sanity tests for GX handling. These tests should mainly help avoid unnecessarily large memory allocations in case of malformed fonts. * src/truetype/ttgxvar.c (ft_var_readpackedpoints, ft_var_readpackeddeltas): Check number of points against stream size. (ft_var_load_avar): Check `pairCount' against table length. (ft_var_load_gvar): Check `globalCoordCount' and `glyphCount' against table length. (tt_face_vary_cvt): Check `tupleCount' and `offsetToData'. Fix trace. (TT_Vary_Apply_Glyph_Deltas): Fix trace. Free `sharedpoints' to avoid memory leak.
c220d8b4	2015-10-10T08:13:04	[truetype] Better protection against malformed GX data (#46166). * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Correctly handle empty `localpoints' array.
d353f6e0	2015-10-10T06:54:46	* src/pcf/pcfread.c (pcf_read_TOC): Check stream size (#46162).
c12956e7	2015-10-09T09:38:32	* src/gzip/ftgzip.c (FT_Stream_OpenGzip): Use real stream size.
d98053c9	2015-10-08T23:17:41	[pcf] Protect against invalid number of TOC entries (#46159). * src/pcf/pcfread.c (pcf_read_TOC): Check number of TOC entries against size of data stream.
06c2d332	2015-10-08T21:31:57	[type42] Protect against invalid number of glyphs (#46159). * src/type42/t42parse.c (t42_parse_charstrings): Check number of `CharStrings' dictionary entries against size of data stream.
983b00ec	2015-10-08T18:44:45	[sfnt] Fix some signed overflows (#46149). * src/sfnt/ttsbit.c (tt_face_load_strike_metrics) <TT_SBIT_TABLE_TYPE_SBIX>: Use `FT_MulDiv'.
12112241	2015-10-08T08:55:15	[type1] Protect against invalid number of subroutines (#46150). * src/type1/t1load.c (parse_subrs): Check number of `Subrs' dictionary entries against size of data stream.
dde84f25	2015-10-07T22:18:22	[ftfuzzer] Add support for LLVM's LibFuzzer. * src/tools/ftfuzzer/ftfuzzer.cc, src/tools/runinput.cc: New files.
6eb6158d	2015-10-06T22:39:54	[smooth] Faster alternative line renderer. This implementation renders the entire line segment at once without subdividing it into scanlines. The main speed improvement comes from reducing the number of divisions to just two per line segment, which is a bare minimum to calculate cell coverage in a smooth rasterizer. Notably, the progression from cell to cell does not itself require any divisions at all. The speed improvement is more noticeable at larger sizes. * src/smooth/ftgrays.c (gray_render_line): New implementation.
066a4913	2015-10-06T07:55:32	[cff] Return correct PS names from pure CFF (#46130). * src/cff/cffdrivr.c (cff_get_ps_name): Use SFNT service only for SFNT.
30fe5e76	2015-10-04T13:08:08	[base] Replace left shifts with multiplication (#46118). * src/base/ftglyph.c (ft_bitmap_glyph_bbox, FT_Get_Glyph): Do it.
8cabd919	2015-10-04T08:18:01	* Version 2.6.1 released. ========================= Tag sources with `VER-2-6-1'. * docs/VERSION.DLL: Update documentation and bump version number to 2.6.1. * README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj, builds/windows/vc2005/index.html, builds/windows/vc2008/freetype.vcproj, builds/windows/vc2008/index.html, builds/windows/vc2010/freetype.vcxproj, builds/windows/vc2010/index.html, builds/windows/visualc/freetype.dsp, builds/windows/visualc/freetype.vcproj, builds/windows/visualc/index.html, builds/windows/visualce/freetype.dsp, builds/windows/visualce/freetype.vcproj, builds/windows/visualce/index.html, builds/wince/vc2005-ce/freetype.vcproj, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/freetype.vcproj, builds/wince/vc2008-ce/index.html: s/2.6/2.6.1/, s/26/261/. * include/freetype/freetype.h (FREETYPE_PATCH): Set to 1. * builds/unix/configure.raw (version_info): Set to 18:1:12. * CMakeLists.txt (VERSION_PATCH): Set to 1. * src/autofit/afmodule.c [AF_DEBUG_AUTOFIT]: Ensure C linking for dumping functions.
b260dc9f	2015-10-04T07:39:22	[bzip2, gzip] Avoid access of unitialized memory (#46109). * src/bzip2/ftbzip2.c (ft_bzip2_file_fill_input), src/gzip/ftgzip.c (ft_gzip_file_fill_input): In case of an error, adjust the limit to avoid copying uninitialized memory.
53838ce0	2015-10-03T21:12:25	[bzip2, gzip] Avoid access of unitialized memory (#46109). * src/bzip2/ftbzip2.c (ft_bzip2_file_fill_output), src/gzip/ftgzip.c (ft_gzip_file_fill_output): In case of an error, adjust the limit to avoid copying uninitialized memory.
e2dae8fe	2015-10-01T22:03:34	[smooth] Clean up worker. * src/smooth/ftgrays.c (gray_TWorker): Remove never used fields.
90e437e3	2015-10-01T20:00:27	[sfnt] Make `tt_cmap4_char_map_linear' more robust (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Take care of border conditions (i.e., if the loop exits naturally).
feb1f138	2015-10-01T17:39:31	CHANGES: Updated.
fab67b85	2015-10-01T16:47:05	* src/autofit/afranges.c (af_deva_nonbase_uniranges): Fix ranges. They should be a subset of `af_deva_uniranges'.
f68bd408	2015-10-01T16:43:45	afranges.c: Add some comments.
5f8f44d2	2015-10-01T14:16:03	[sfnt] Make `tt_cmap4_char_map_linear' faster (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Use inner loop to reject too large glyph indices.
8bbcfb2c	2015-09-30T23:08:53	[smooth] Clean up worker. * src/smooth/ftgrays.c (gray_TWorker): Remove lightly used `last_ey'. (gray_start_cell, gray_render_line): Update.
dbd04269	2015-09-30T17:52:42	[autofit] Replace `no-base' with `non-base'. * src/autofit/*: Do it.
2ff83a5c	2015-09-30T14:44:29	[sfnt] Rewrite `tt_cmap4_char_map_linear' (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Add code to better skip invalid segments. If searching the next character, provide a more efficient logic to speed up the code.
8651f37a	2015-09-30T10:26:10	[truetype] Adjust number of glyphs for malformed `loca' tables. * src/truetype/ttpload.c (tt_face_load_loca): Implement it.
52aad9df	2015-09-29T12:38:11	[raster] Minor style fix.
483007fc	2015-09-29T11:22:15	[pshinter] Avoid harmless overflow (#45984). * src/pshinter/pshglob.c (psh_blues_set_zones): Fix it.
a3046567	2015-09-28T09:45:56	[autofit] Add support for Lao script. Thanks to Danh Hong <danhhong@gmail.com> for guidance with blue zone characters! * src/autofit/afblue.dat: Add blue zone data for Lao. * src/autofit/afblue.c, src/autofit/afblue.h: Regenerated. * src/autofit/afscript.h: Add Lao standard characters. * src/autofit/afranges.c: Add Lao data. * src/autofit/afstyles.h: Add Lao data.
fb5268cf	2015-09-28T02:01:43	[base] Fix a leak by broken sfnt-PS or resource fork (#46028). open_face_from_buffer() frees passed buffer if valid font is not found. But if copying to the buffer is failed, the allocated buffer should be freed within the caller. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free the buffer `sfnt_ps' if an error caused before calling open_face_from_buffer(). (Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if an error caused before calling open_face_from_buffer();
8a05d250	2015-09-28T01:40:21	[mac] Fix buffer size calculation for LWFN font. * src/base/ftmac.c (read_lwfn): Cast post_size to FT_ULong to prevent confused copy by too large chunk size.
3dffe8ef	2015-09-27T11:30:17	Add ChangeLog entry.
d8a44ff9	2015-09-26T22:33:55	Remove unused macro.
19188a9a	2015-09-26T16:57:17	[autofit] Minor tracing improvement. * src/autofit/aflatin.c (af_latin_metrics_scale_dim): Don't emit blue zones header line if there are no blue zones.
41877539	2015-09-26T15:19:54	[bzip2, gzip, lzw] Harmonize function signatures with prototype. Suggested by Hin-Tak Leung. * src/bzip2/ftbzip2.c (ft_bzip2_stream_io), src/gzip/ftgzip.c (ft_gzip_stream_io), src/lzw/ftlzw.c (ft_lzw_stream_io): Do it.
b8398720	2015-09-09T18:56:46	Stray character in ChangeLog.21. Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>
265ade8e	2015-09-26T14:51:30	Add new FT_LOAD_COMPUTE_METRICS load flag. * include/freetype/freetype.h (FT_LOAD_COMPUTE_METRICS): New macro. * src/truetype/ttgload.c (compute_glyph_metrics): Usage.
d57f2271	2015-09-26T08:44:26	* src/base/ftobjs.c (Mac_Read_sfnt_Resource): Add cast.
d7f456ee	2015-09-26T08:37:14	Formatting, minor comment corrections.
2439c515	2015-09-25T16:54:28	[type1] Protect against invalid number of glyphs (#46029). * src/type1/t1load.c (parse_charstrings): Check number of `CharStrings' dictionary entries against size of data stream.
5339c75e	2015-09-24T13:39:44	[sfnt] Better checks for invalid cmaps (2/2) (#46019). While the current code in `FT_Get_Next_Char' correctly rejects out-of-bounds glyph indices, it can be extremely slow for malformed cmaps that use 32bit values. This commit tries to improve that. * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next, tt_cmap12_char_map_binary, tt_cmap13_next, tt_cmap13_char_map_binary): Reject glyph indices larger than or equal to the number of glyphs.
c409eb18	2015-09-24T12:39:38	[base, sfnt] Better checks for invalid cmaps (1/2). * src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds glyph indices. (FT_Get_First_Char): Updated. * src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character codes greater than 0xFFFF. (tt_cmap8_char_index): Avoid integer overflow in computation of glyph index. (tt_cmap8_char_next): Avoid integer overflows in computation of both next character code and glyph index. (tt_cmap10_char_index): Fix unsigned integer logic. (tt_cmap10_char_next): Avoid integer overflow in computation of next character code. (tt_cmap12_next): Avoid integer overflows in computation of both next character code and glyph index. (tt_cmap12_char_map_binary): Ditto. (tt_cmap12_char_next): Simplify. (tt_cmap13_char_map_binary): Avoid integer overflow in computation of next character code. (tt_cmap13_char_next): Simplify.
cbdf13e5	2015-09-24T12:14:38	Formatting, documentation improvements.
e982f5b7	2015-09-21T23:07:22	[base] Check too long POST and sfnt resource (#45919). * src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length of the resource fork for Mac OS. The resource fork larger than 16 MB can be written but could not be handled correctly, at least in Carbon routine. See https://support.microsoft.com/en-us/kb/130437 * src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x' for `%p' formatter. * src/base/ftbase.c (Mac_Read_POST_Resource): Check the fragment and total size of the concatenated POST resource before buffer allocation. (Mac_Read_sfnt_Resource): Check the declared size of sfnt resource before buffer allocation. * src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT): Check the total resource size before buffer allocation.
730b6d74	2015-09-19T12:41:12	[sfnt] Improve handling of invalid SFNT table entries (#45987). This patch fixes weaknesses in function `tt_face_load_font_dir'. - It incorrectly assumed that valid tables are always at the beginning. As a consequence, some valid tables after invalid entries (which are ignored) were never seen. - Duplicate table entries (this is, having the same tag) were not rejected. - The number of valid tables was sometimes too large, leading to access of invalid tables. * src/sfnt/ttload.c (check_table_dir): Add argument to return number of valid tables. Add another tracing message. (tt_face_load_font_dir): Only allocate table array for valid entries as returned by `check_table_dir'. Reject duplicate tables and adjust number of valid tables accordingly.
cb7a5122	2015-09-19T07:58:03	[pcf] Improve `FT_ABS' fix from 2015-09-17 (#45999). * src/pcf/pcfread.c (pcf_load_font): Do first the cast to FT_Short, then take the absolute value. Also apply FT_ABS to `height'.
f28c95c4	2015-09-17T19:30:26	[type42] Fix memory leak (#45989). * src/type42/t42parse.c (t42_parse_charstrings): Allow only a single `CharStrings' array.
4942c2bb	2015-09-17T17:56:53	[psaux] Fix memory leak (#45986). * src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_MM_BBOX>: Free `temp' in case of error.
7d364b7e	2015-09-17T16:31:58	[psaux] Improve tracing message. * src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_MM_BBOX>: Handle plural correctly.
c838c4f7	2015-09-17T16:22:40	[pcf] Fix integer overflows (#45985). * src/pcf/pcfread.c (pcf_load_font): Use FT_MulDiv.
9db9adda	2015-09-17T13:42:59	[pcf] Use FT_ABS for some property values (#45893). * src/pcf/pcfread.c (pcf_load_font): Take absolute values for AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y. In tracing mode, add warnings.
bd0438a4	2015-09-16T18:05:43	Minor fixes for some clang warnings. * src/base/ftoutln.c (FT_Outline_EmboldenXY): Cast, possible missing initialization. * src/truetype/ttgload.c (TT_Process_Composite_Component): Cast.
19cb1127	2015-09-15T08:52:36	[type1, type42] Fix memory leaks (#45966). * src/type1/t1load.c (parse_blend_axis_types): Handle multiple axis names. (parse_blend_design_map): Allow only a single design map. (parse_encoding): Handle multiple encoding vectors. * src/type42/t42parse.c (t42_parse_encoding): Handle multiple encoding vectors.
7f0f4011	2015-09-15T07:23:53	[truetype] Fix integer type (#45965). * src/truetype/ttobjs.c (tt_synth_sfnt_checksum): Implement it.
577daf1c	2015-09-15T07:10:16	* src/pcf/pcfread.c (pcf_load_font): Fix integer overflow (#45964).
581c7e2a	2015-09-15T06:49:06	[type1, type42] Check encoding array size (#45961). * src/type1/t1load.c (parse_encoding), src/type42/t42parse.c (t42_parse_encoding): Do it.
3ea0d2c6	2015-09-13T23:19:34	* src/base/ftcalc.c (FT_MulFix) [FT_LONG64]: Improve.
7962a15d	2015-09-14T00:38:26	[type1] Fix another potential buffer overflow (#45955). * src/type1/t1parse (T1_Get_Private_Dict): Assure that check for `eexec' doesn't exceed `limit'.

748e3681

2015-10-21T13:58:43

[cff] Remove an assert (#46107). * src/cff/cf2hints.c (cf2_hintmap_insertHint): Ignore paired edges in wrong order.

e6593389

2015-10-21T08:04:29

[sfnt] Avoid unnecessarily large allocation for WOFFs (#46257). * src/sfnt/sfobjs.c (woff_open_font): Use WOFF's `totalSfntSize' only after thorough checks. Add tracing messages.

649ca556

2015-10-21T07:01:45

[type42] Better check invalid `sfnts' array data (#46255). * src/type42/t42parse.c (t42_parse_sfnts): Table lengths must be checked individually against available data size.

3eccc3a3

2015-10-20T22:31:57

[cid] Add a bunch of safety checks. * src/cid/cidload.c (parse_fd_array): Check `num_dicts' against stream size. (cid_read_subrs): Check largest offset against stream size. (cid_parse_dict): Move safety check to ... (cid_face_open): ... this function. Also test length of binary data and values of `SDBytes', `SubrMapOffset', `SubrCount', `CIDMapOffset', and `CIDCount'.

d47d372c

2015-10-20T12:24:36

[cid] Avoid segfault with malformed input (#46250). * src/cid/cidload.c (cid_read_subrs): Return a proper error code for unsorted offsets.

5cf83a53

2015-10-20T07:19:44

* CMakeLists.txt: Enable shared library builds on MinGW (#46233).

3c582060

2015-10-20T06:57:28

* src/type1/t1afm.c (T1_Read_Metrics): Fix memory leak (#46229).

ba8a528b

2015-10-19T23:27:06

[cid] Better handle invalid glyph stream offsets (#46221). * src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph length.

2961b66c

2015-10-19T23:17:25

Typo.

24cee3a8

2015-10-19T23:00:28

[psaux] Fix tracing of negative numbers. Due to incorrect casting negative numbers were shown as very large (positive) integers on 64bit systems. * src/psaux/t1decode.c (t1_decoder_parse_charstrings) <op_none>: Use division instead of shift.

5179c89f

2015-10-19T08:49:25

Comments.

14213b54

2015-10-18T18:15:04

[truetype] Improve TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46223). * devel/ftoption.h, include/freetype/config/ftoption.h: Surround it with #ifndef ... #endif, as suggested in the tracker issue.

dcfc4d9c

2015-10-18T16:47:06

[truetype] Better protection against malformed `fpgm' (#46223). * src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a malformed `fpgm' table more than once.

7643b583

2015-10-17T15:51:29

* src/cid/cidgload.c (cid_load_glyph): Fix memory leak. Reported by Kostya Serebryany <kcc@google.com>.

b185747d

2015-10-17T14:21:41

[bdf] Prevent memory leak (#46217). * src/bdf/bdflib.c (_bdf_parse_glyphs) <STARTCHAR>: Check _BDF_GLYPH_BITS.

797ca5ac

2015-10-17T11:57:16

Typo.

e1ca18d4

2015-10-17T11:51:27

[bdf] Use stream size to adjust number of glyphs. * src/bdf/bdflib.c (ACMSG17): New message macro. (_bdf_parse_t): Add member `size'. (bdf_load_font): Set `size'. (_bdf_parse_glyphs): Adjust `cnt' if necessary.

0af21dcf

2015-10-17T09:29:52

* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.

38a3dd55

2015-10-17T09:15:37

Typo.

0ba98da4

2015-10-17T09:11:02

* src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222).

8edfcbed

2015-10-17T08:11:16

[psaux] Fix heap buffer overflow (#46221). * src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>: Fix limit check.

a5ecfb4c

2015-10-17T06:15:55

* src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220).

266976b1

2015-10-15T22:15:53

add src/tools/ftfuzzer/README

65d89804

2015-10-15T23:50:16

[bdf] Fix memory leak (#46213). * src/bdf/bdflib.c (bdf_load_font): Always go to label `Fail' in case of error.

24a1fcdf

2015-10-15T21:50:15

[truetype] Add TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46208). * devel/ftoption.h, include/freetype/config/ftoption.h (TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES): New configuration macro. * src/truetype/ttinterp.c (MAX_RUNNABLE_OPCODES): Removed. (TT_RunIns): Updated.

911171ac

2015-10-15T21:22:16

Minor.

837ad9d4

2015-10-15T21:15:45

* src/truetype/ttinterp.c (TT_RunIns): Fix bytecode stack tracing. The used indices were off by 1.

8b76eaf0

2015-10-15T18:28:43

* src/tools/ftfuzzer/ftfuzzer.cc: Handle fixed sizes (#46211).

e03214e1

2015-10-15T16:58:13

[base] Compute MD5 checksums only if explicitly requested. This improves profiling accuracy. * src/base/ftobjs.c (FT_Render_Glyph_Internal): Implement it.

6de2a355

2015-10-15T08:40:12

Minor.

2a20c92c

2015-10-14T15:23:15

[base] Use `FT_' namespace for MD5 functions (#42366). * src/base/ftobjs.c (MD5_*): Define as `FT_MD5_*'. Undefine HAVE_OPENSSL.

8539915d

2015-10-13T20:43:19

[type1] Correctly handle missing MM axis names (#46202). * src/type1/t1load.c (T1_Get_MM_Var): Implement it.

58b61b6e

2015-10-13T18:26:18

[pcf] Quickly exit if font index < 0. Similar to other font formats, this commit makes the parser no longer check the whole PCF file but only the header and the TOC if we just want to get the number of available faces (and a proper recognition of the font format). * src/pcf/pcfdrivr.c (PCF_Face_Init): Updated. Exit quickly if face_index < 0. * src/pcfread.c (pcf_load_font): Add `face_index' argument. Exit quickly if face_index < 0. * src/pcf/pcf.h: Updated.

bdb56bba

2015-10-13T11:51:13

[ftfuzzer] Handle TTCs and MM/GX variations. This patch also contains various other improvements. * src/tools/ftfuzzer/ftfuzzer.cc: Add preprocessor guard to reject pre-C++11 compilers. (FT_Global): New class. Use it to provide a global constructor and destructor for the `FT_Library' object. (setIntermediateAxis): New function to select an (arbitrary) instance. (LLVMFuzzerTestOneInput): Loop over all faces and named instances. Also call `FT_Set_Char_Size'.

43a96eb2

2015-10-13T11:18:55

[truetype] Refine some GX sanity tests. Use the `gvar' table size instead of the remaining bytes in the stream. * src/truetype/ttgxvar.h (GX_BlendRec): New field `gvar_size'. * src/truetype/ttgxvar.c (ft_var_load_gvar): Set `gvar_size'. (ft_var_readpackedpoints, ft_var_readpackeddeltas: New argument `size'. (tt_face_vary_cvt, TT_Vary_Apply_Glyph_Deltas): Updated.

052f6c56

2015-10-13T08:24:32

[truetype] Another GX sanity test. * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Check `tupleCount'. Add tracing message.

7ef0d866

2015-10-13T08:14:20

[truetype] Fix memory leak for broken GX fonts (#46188). * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Fix scope of deallocation.

f96094ee

2015-10-13T07:13:56

[truetype] Fix commit from 2015-10-10. * src/truetype/ttgxvar.c (ft_var_load_gvar): Add missing error handling body to condition.

b9880aa0

2015-10-12T10:13:26

[unix] Make MKDIR_P actually work. * builds/unix/configure.raw: Fix underquoting of `INSTALL' and `MKDIR_P'. Problem reported by Dan Liddell <lddll@yahoo.com>.

4f7f6f6e

2015-10-11T07:55:25

[sfnt] Improve extraction of number of named instances. * src/sfnt/sfobjs.c (sfnt_init_face) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Check number of instances against `fvar' table size.

a724dcf5

2015-10-11T05:50:07

Split off ChangeLog.25.

c14ae9c5

2015-10-10T22:28:26

* src/base/ftoutln.c (FT_Outline_Get_Orientation): Fix overflow (#46149).

8de39a79

2015-10-10T13:34:11

[sfnt] Fix infinite loops with broken cmaps (#46167). * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next): Take care of border condidions (i.e., if the loops exit naturally).

da34673e

2015-10-10T10:21:27

[truetype] More sanity tests for GX handling. These tests should mainly help avoid unnecessarily large memory allocations in case of malformed fonts. * src/truetype/ttgxvar.c (ft_var_readpackedpoints, ft_var_readpackeddeltas): Check number of points against stream size. (ft_var_load_avar): Check `pairCount' against table length. (ft_var_load_gvar): Check `globalCoordCount' and `glyphCount' against table length. (tt_face_vary_cvt): Check `tupleCount' and `offsetToData'. Fix trace. (TT_Vary_Apply_Glyph_Deltas): Fix trace. Free `sharedpoints' to avoid memory leak.

c220d8b4

2015-10-10T08:13:04

[truetype] Better protection against malformed GX data (#46166). * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Correctly handle empty `localpoints' array.

d353f6e0

2015-10-10T06:54:46

* src/pcf/pcfread.c (pcf_read_TOC): Check stream size (#46162).

c12956e7

2015-10-09T09:38:32

* src/gzip/ftgzip.c (FT_Stream_OpenGzip): Use real stream size.

d98053c9

2015-10-08T23:17:41

[pcf] Protect against invalid number of TOC entries (#46159). * src/pcf/pcfread.c (pcf_read_TOC): Check number of TOC entries against size of data stream.

06c2d332

2015-10-08T21:31:57

[type42] Protect against invalid number of glyphs (#46159). * src/type42/t42parse.c (t42_parse_charstrings): Check number of `CharStrings' dictionary entries against size of data stream.

983b00ec

2015-10-08T18:44:45

[sfnt] Fix some signed overflows (#46149). * src/sfnt/ttsbit.c (tt_face_load_strike_metrics) <TT_SBIT_TABLE_TYPE_SBIX>: Use `FT_MulDiv'.

12112241

2015-10-08T08:55:15

[type1] Protect against invalid number of subroutines (#46150). * src/type1/t1load.c (parse_subrs): Check number of `Subrs' dictionary entries against size of data stream.

dde84f25

2015-10-07T22:18:22

[ftfuzzer] Add support for LLVM's LibFuzzer. * src/tools/ftfuzzer/ftfuzzer.cc, src/tools/runinput.cc: New files.

6eb6158d

2015-10-06T22:39:54

[smooth] Faster alternative line renderer. This implementation renders the entire line segment at once without subdividing it into scanlines. The main speed improvement comes from reducing the number of divisions to just two per line segment, which is a bare minimum to calculate cell coverage in a smooth rasterizer. Notably, the progression from cell to cell does not itself require any divisions at all. The speed improvement is more noticeable at larger sizes. * src/smooth/ftgrays.c (gray_render_line): New implementation.

066a4913

2015-10-06T07:55:32

[cff] Return correct PS names from pure CFF (#46130). * src/cff/cffdrivr.c (cff_get_ps_name): Use SFNT service only for SFNT.

30fe5e76

2015-10-04T13:08:08

[base] Replace left shifts with multiplication (#46118). * src/base/ftglyph.c (ft_bitmap_glyph_bbox, FT_Get_Glyph): Do it.

8cabd919

2015-10-04T08:18:01

* Version 2.6.1 released. ========================= Tag sources with `VER-2-6-1'. * docs/VERSION.DLL: Update documentation and bump version number to 2.6.1. * README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj, builds/windows/vc2005/index.html, builds/windows/vc2008/freetype.vcproj, builds/windows/vc2008/index.html, builds/windows/vc2010/freetype.vcxproj, builds/windows/vc2010/index.html, builds/windows/visualc/freetype.dsp, builds/windows/visualc/freetype.vcproj, builds/windows/visualc/index.html, builds/windows/visualce/freetype.dsp, builds/windows/visualce/freetype.vcproj, builds/windows/visualce/index.html, builds/wince/vc2005-ce/freetype.vcproj, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/freetype.vcproj, builds/wince/vc2008-ce/index.html: s/2.6/2.6.1/, s/26/261/. * include/freetype/freetype.h (FREETYPE_PATCH): Set to 1. * builds/unix/configure.raw (version_info): Set to 18:1:12. * CMakeLists.txt (VERSION_PATCH): Set to 1. * src/autofit/afmodule.c [AF_DEBUG_AUTOFIT]: Ensure C linking for dumping functions.

b260dc9f

2015-10-04T07:39:22

[bzip2, gzip] Avoid access of unitialized memory (#46109). * src/bzip2/ftbzip2.c (ft_bzip2_file_fill_input), src/gzip/ftgzip.c (ft_gzip_file_fill_input): In case of an error, adjust the limit to avoid copying uninitialized memory.

53838ce0

2015-10-03T21:12:25

[bzip2, gzip] Avoid access of unitialized memory (#46109). * src/bzip2/ftbzip2.c (ft_bzip2_file_fill_output), src/gzip/ftgzip.c (ft_gzip_file_fill_output): In case of an error, adjust the limit to avoid copying uninitialized memory.

e2dae8fe

2015-10-01T22:03:34

[smooth] Clean up worker. * src/smooth/ftgrays.c (gray_TWorker): Remove never used fields.

90e437e3

2015-10-01T20:00:27

[sfnt] Make `tt_cmap4_char_map_linear' more robust (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Take care of border conditions (i.e., if the loop exits naturally).

feb1f138

2015-10-01T17:39:31

CHANGES: Updated.

fab67b85

2015-10-01T16:47:05

* src/autofit/afranges.c (af_deva_nonbase_uniranges): Fix ranges. They should be a subset of `af_deva_uniranges'.

f68bd408

2015-10-01T16:43:45

afranges.c: Add some comments.

5f8f44d2

2015-10-01T14:16:03

[sfnt] Make `tt_cmap4_char_map_linear' faster (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Use inner loop to reject too large glyph indices.

8bbcfb2c

2015-09-30T23:08:53

[smooth] Clean up worker. * src/smooth/ftgrays.c (gray_TWorker): Remove lightly used `last_ey'. (gray_start_cell, gray_render_line): Update.

dbd04269

2015-09-30T17:52:42

[autofit] Replace `no-base' with `non-base'. * src/autofit/*: Do it.

2ff83a5c

2015-09-30T14:44:29

[sfnt] Rewrite `tt_cmap4_char_map_linear' (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Add code to better skip invalid segments. If searching the next character, provide a more efficient logic to speed up the code.

8651f37a

2015-09-30T10:26:10

[truetype] Adjust number of glyphs for malformed `loca' tables. * src/truetype/ttpload.c (tt_face_load_loca): Implement it.

52aad9df

2015-09-29T12:38:11

[raster] Minor style fix.

483007fc

2015-09-29T11:22:15

[pshinter] Avoid harmless overflow (#45984). * src/pshinter/pshglob.c (psh_blues_set_zones): Fix it.

a3046567

2015-09-28T09:45:56

[autofit] Add support for Lao script. Thanks to Danh Hong <danhhong@gmail.com> for guidance with blue zone characters! * src/autofit/afblue.dat: Add blue zone data for Lao. * src/autofit/afblue.c, src/autofit/afblue.h: Regenerated. * src/autofit/afscript.h: Add Lao standard characters. * src/autofit/afranges.c: Add Lao data. * src/autofit/afstyles.h: Add Lao data.

fb5268cf

2015-09-28T02:01:43

[base] Fix a leak by broken sfnt-PS or resource fork (#46028). open_face_from_buffer() frees passed buffer if valid font is not found. But if copying to the buffer is failed, the allocated buffer should be freed within the caller. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free the buffer `sfnt_ps' if an error caused before calling open_face_from_buffer(). (Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if an error caused before calling open_face_from_buffer();

8a05d250

2015-09-28T01:40:21

[mac] Fix buffer size calculation for LWFN font. * src/base/ftmac.c (read_lwfn): Cast post_size to FT_ULong to prevent confused copy by too large chunk size.

3dffe8ef

2015-09-27T11:30:17

Add ChangeLog entry.

d8a44ff9

2015-09-26T22:33:55

Remove unused macro.

19188a9a

2015-09-26T16:57:17

[autofit] Minor tracing improvement. * src/autofit/aflatin.c (af_latin_metrics_scale_dim): Don't emit blue zones header line if there are no blue zones.

41877539

2015-09-26T15:19:54

[bzip2, gzip, lzw] Harmonize function signatures with prototype. Suggested by Hin-Tak Leung. * src/bzip2/ftbzip2.c (ft_bzip2_stream_io), src/gzip/ftgzip.c (ft_gzip_stream_io), src/lzw/ftlzw.c (ft_lzw_stream_io): Do it.

b8398720

2015-09-09T18:56:46

Stray character in ChangeLog.21. Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>

265ade8e

2015-09-26T14:51:30

Add new FT_LOAD_COMPUTE_METRICS load flag. * include/freetype/freetype.h (FT_LOAD_COMPUTE_METRICS): New macro. * src/truetype/ttgload.c (compute_glyph_metrics): Usage.

d57f2271

2015-09-26T08:44:26

* src/base/ftobjs.c (Mac_Read_sfnt_Resource): Add cast.

d7f456ee

2015-09-26T08:37:14

Formatting, minor comment corrections.

2439c515

2015-09-25T16:54:28

[type1] Protect against invalid number of glyphs (#46029). * src/type1/t1load.c (parse_charstrings): Check number of `CharStrings' dictionary entries against size of data stream.

5339c75e

2015-09-24T13:39:44

[sfnt] Better checks for invalid cmaps (2/2) (#46019). While the current code in `FT_Get_Next_Char' correctly rejects out-of-bounds glyph indices, it can be extremely slow for malformed cmaps that use 32bit values. This commit tries to improve that. * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next, tt_cmap12_char_map_binary, tt_cmap13_next, tt_cmap13_char_map_binary): Reject glyph indices larger than or equal to the number of glyphs.

c409eb18

2015-09-24T12:39:38

[base, sfnt] Better checks for invalid cmaps (1/2). * src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds glyph indices. (FT_Get_First_Char): Updated. * src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character codes greater than 0xFFFF. (tt_cmap8_char_index): Avoid integer overflow in computation of glyph index. (tt_cmap8_char_next): Avoid integer overflows in computation of both next character code and glyph index. (tt_cmap10_char_index): Fix unsigned integer logic. (tt_cmap10_char_next): Avoid integer overflow in computation of next character code. (tt_cmap12_next): Avoid integer overflows in computation of both next character code and glyph index. (tt_cmap12_char_map_binary): Ditto. (tt_cmap12_char_next): Simplify. (tt_cmap13_char_map_binary): Avoid integer overflow in computation of next character code. (tt_cmap13_char_next): Simplify.

cbdf13e5

2015-09-24T12:14:38

Formatting, documentation improvements.

e982f5b7

2015-09-21T23:07:22

[base] Check too long POST and sfnt resource (#45919). * src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length of the resource fork for Mac OS. The resource fork larger than 16 MB can be written but could not be handled correctly, at least in Carbon routine. See https://support.microsoft.com/en-us/kb/130437 * src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x' for `%p' formatter. * src/base/ftbase.c (Mac_Read_POST_Resource): Check the fragment and total size of the concatenated POST resource before buffer allocation. (Mac_Read_sfnt_Resource): Check the declared size of sfnt resource before buffer allocation. * src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT): Check the total resource size before buffer allocation.

730b6d74

2015-09-19T12:41:12

[sfnt] Improve handling of invalid SFNT table entries (#45987). This patch fixes weaknesses in function `tt_face_load_font_dir'. - It incorrectly assumed that valid tables are always at the beginning. As a consequence, some valid tables after invalid entries (which are ignored) were never seen. - Duplicate table entries (this is, having the same tag) were not rejected. - The number of valid tables was sometimes too large, leading to access of invalid tables. * src/sfnt/ttload.c (check_table_dir): Add argument to return number of valid tables. Add another tracing message. (tt_face_load_font_dir): Only allocate table array for valid entries as returned by `check_table_dir'. Reject duplicate tables and adjust number of valid tables accordingly.

cb7a5122

2015-09-19T07:58:03

[pcf] Improve `FT_ABS' fix from 2015-09-17 (#45999). * src/pcf/pcfread.c (pcf_load_font): Do first the cast to FT_Short, then take the absolute value. Also apply FT_ABS to `height'.

f28c95c4

2015-09-17T19:30:26

[type42] Fix memory leak (#45989). * src/type42/t42parse.c (t42_parse_charstrings): Allow only a single `CharStrings' array.

4942c2bb

2015-09-17T17:56:53

[psaux] Fix memory leak (#45986). * src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_MM_BBOX>: Free `temp' in case of error.

7d364b7e

2015-09-17T16:31:58

[psaux] Improve tracing message. * src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_MM_BBOX>: Handle plural correctly.

c838c4f7

2015-09-17T16:22:40

[pcf] Fix integer overflows (#45985). * src/pcf/pcfread.c (pcf_load_font): Use FT_MulDiv.

9db9adda

2015-09-17T13:42:59

[pcf] Use FT_ABS for some property values (#45893). * src/pcf/pcfread.c (pcf_load_font): Take absolute values for AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y. In tracing mode, add warnings.

bd0438a4

2015-09-16T18:05:43

Minor fixes for some clang warnings. * src/base/ftoutln.c (FT_Outline_EmboldenXY): Cast, possible missing initialization. * src/truetype/ttgload.c (TT_Process_Composite_Component): Cast.

19cb1127

2015-09-15T08:52:36

[type1, type42] Fix memory leaks (#45966). * src/type1/t1load.c (parse_blend_axis_types): Handle multiple axis names. (parse_blend_design_map): Allow only a single design map. (parse_encoding): Handle multiple encoding vectors. * src/type42/t42parse.c (t42_parse_encoding): Handle multiple encoding vectors.

7f0f4011

2015-09-15T07:23:53

[truetype] Fix integer type (#45965). * src/truetype/ttobjs.c (tt_synth_sfnt_checksum): Implement it.

577daf1c

2015-09-15T07:10:16

* src/pcf/pcfread.c (pcf_load_font): Fix integer overflow (#45964).

581c7e2a

2015-09-15T06:49:06

[type1, type42] Check encoding array size (#45961). * src/type1/t1load.c (parse_encoding), src/type42/t42parse.c (t42_parse_encoding): Do it.

3ea0d2c6

2015-09-13T23:19:34

* src/base/ftcalc.c (FT_MulFix) [FT_LONG64]: Improve.

7962a15d

2015-09-14T00:38:26

[type1] Fix another potential buffer overflow (#45955). * src/type1/t1parse (T1_Get_Private_Dict): Assure that check for `eexec' doesn't exceed `limit'.

kc3-lang/freetype

Log