|
83d4181a
|
2015-02-25T08:10:58
|
|
[lzw] Signedness fixes.
* src/lzw/ftzopen.c, src/lzw/ftzopen.h: Apply.
|
|
f57fc59e
|
2015-01-17T20:41:43
|
|
Run `src/tools/update-copyright'.
|
|
f796cf6c
|
2015-01-17T20:11:10
|
|
Normalize copyright notice format.
|
|
487913d9
|
2011-09-11T09:18:10
|
|
Slightly improve LZW_CLEAR handling.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_CODE>:
Ensure that subsequent (modulo garbage byte(s)) LZW_CLEAR codes are
handled as clear codes. This also re-sets old_code and old_char to
predictable values, which is a little better than using `random'
ones if the code following LZW_CLEAR is invalid.
|
|
83cb6c00
|
2011-09-11T09:13:45
|
|
Add explicit LZW decompression stack size limit.
Stack larger than 1<<LZW_MAX_BITS is never needed if prefix table is
constructed correctly. It's even less than that, see e.g.
libarchive code comment for a better size upper bound:
http://code.google.com/p/libarchive/source/browse/trunk/libarchive/archive_read_support_filter_compress.c?r=3635#121
This patch adds explicit stack size limit, enforced when stack is
realloced.
An alternative is to ensure that code < state->prefix[code - 256]
when traversing prefix table. Such check is less efficient and
should not be required if prefix table is constructed correctly in
the first place.
* src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Implement it.
|
|
86c3c69c
|
2011-09-11T09:08:40
|
|
Protect against loops in the prefix table.
LZW decompressor did not sufficiently check codes read from the
input LZW stream. A specially-crafted or corrupted input could
create a loop in the prefix table, which leads to memory usage
spikes, as there's no decompression stack size limit.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_START>: First
code in valid LZW stream must be 0..255.
<FT_LZW_PHASE_CODE>: In the special KwKwK case, code == free_ent,
code > free_ent is invalid.
|
|
f420757c
|
2009-08-01T00:30:14
|
|
lzw: Count the size of the memory object by ptrdiff_t.
|
|
a49db4f8
|
2009-03-20T07:30:43
|
|
Copyright.
|
|
0a05ba25
|
2009-03-20T07:19:45
|
|
Protect against malformed compressed data.
Problem reported by Tavis Ormandy <taviso@google.com>.
* src/lsw/ftzopen.c (ft_lzwstate_io): Test whether `state->prefix' is
zero.
|
|
1c8980ef
|
2007-05-25T07:11:12
|
|
* docs/CHANGES: Updated.
Formatting.
|
|
3e2f953a
|
2007-05-22T13:10:59
|
|
real fix for bug #19910. the .Z format is really badly designed :-(
|
|
0d0365ec
|
2007-05-22T09:53:44
|
|
avoid heap explosion in the case of malformed .Z font files
related to bug #19910, but not a bugfix yet
|
|
c6afa122
|
2006-05-02T22:22:16
|
|
* include/freetype/internal/ftmemory.h: s/new/newsz/ (for C++).
(FT_ALLOC): Remove redundant redefinition.
* builds/compiler/gcc-dev.mk (CFLAGS) [g++]: Don't use
`-Wstrict-prototypes'.
* src/base/ftstream.c (FT_Stream_EnterFrame): Add cast.
Formatting, copyright years.
|
|
9ca78256
|
2006-05-02T09:00:29
|
|
* include/freetype/internal/ftmemory.h, src/base/ftbitmap.c,
src/base/ftmac.c, src/base/ftrfork.c, src/lzw/ftzopen.c,
src/raster/ftrend1.c, src/sfnt/ttpost.c, src/truetype/ttgxvar.c,
src/type42/t42parse.c, src/winfonts/winfnt.c: hardening the code
against out-of-bounds conditions when allocating arrays. This is
for the cases where FT_NEW_ARRAY and FT_RENEW_ARRAY are not used
already. Introducing the new FT_ALLOC_MULT and FT_REALLOC_MULT
macros.
|
|
84cacd23
|
2005-10-23T19:25:41
|
|
formatting, comment clean-up
|
|
560d5fed
|
2005-10-21T09:08:28
|
|
Minor cleanups.
Copyright issues.
|
|
c1b6d082
|
2005-10-20T15:33:34
|
|
* src/base/ftdbgmem.c: fixes to better account for memory reallocations
* src/lzw/ftlzw2.c, src/lzw/ftzopen.h, src/lzw/ftzopen.c, src/lzw/rules.mk:
first version of LZW loader re-implementation. Apparently, saves about
260 KB of heap memory when loading tir24.pcf.Z
|