src


Log

Author Commit Date CI Message
Werner Lemberg b0103677 2017-09-23T00:40:28 [otvalid] Handle `GDEF' v1.2 and v1.3 tables. No validation of variation stuff yet. * src/otvalid/otvgdef.c (otv_MarkGlyphSets_validate): New function. (otv_GDEF_validate): Implement it.
Werner Lemberg 6756a185 2017-09-23T00:36:49 [otvalid] Handle `BASE' v1.1 table. No validation of variation stuff yet. * src/otvalid/otvbase.c (otv_BASE_validate): Implement it.
Werner Lemberg 3645982a 2017-09-22T07:53:25 [otvalid] Macros for 32bit offset support. * src/otvalid/otvcommn.h (OTV_OPTIONAL_TABLE32, OTV_OPTIONAL_OFFSET32, OTV_SIZE_CHECK32): New macros.
Werner Lemberg 21c235ec 2017-09-22T07:28:25 [otvalid] Whitespace.
Werner Lemberg 6d04bd99 2017-09-21T21:22:51 [truetype] Integer overflow (#52082). * src/truetype/ttinterp.c (Ins_MDRP): Avoid FT_ABS.
Werner Lemberg cf64e338 2017-09-21T11:42:48 [sfnt] Fix postscript name for default instance of variation fonts. Problem reported by Behdad. * src/sfnt/sfdriver.c (sfnt_get_ps_name): Test `is_default_instance'.
Werner Lemberg b19cdc9c 2017-09-21T11:02:35 [truetype] Fix `mmvar' array pointers, part 2. The previous commit was incomplete. * src/truetype/ttgxvar.c: Properly initialize sub-array offsets for `master' also.
Werner Lemberg 3b3cb32d 2017-09-21T09:03:20 [truetype] Fix `mmvar' array pointers. Without this change, clang's AddressSanitizer reports many runtime errors due to misaligned addresses. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Use multiples of pointer size for sub-array offsets into `mmvar'.
Werner Lemberg eaa9adf3 2017-09-20T08:00:05 [truetype] Integer overflows. Changes triggered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3429 * src/truetype/ttinterp.c (Ins_SHPIX, Ins_DELTAP): Use NEG_LONG. (Ins_MIAP): Use SUB_LONG.
John Tytgat b00be9f6 2017-09-19T07:12:03 [cff] Fix family name logic of pure CFF fontdata (#52056). 1. If `FamilyName' is present in the CFF font, use this for FT_Face's `family_name'. 2. Otherwise, use the face name and chop off any subset prefix. 3. If at this point FT_Face's `family_name' is set, use this together with the full name to determine the style. 4. Otherwise, use `CIDFontName' as FT_Face's `family_name'. 5. If we don't have a valid style, use "Regular". Previously, FT_Face's `family_name' entry for pure CFF fontdata nearly always was the fontname itself, instead of the `FamilyName' entry in the CFF font (assuming there is one). * src/cff/cffobjs.c (cff_face_init) [pure_cff]: Implement it.
Werner Lemberg 39ce3ac4 2017-09-16T19:08:17 * Version 2.8.1 released. ========================= Tag sources with `VER-2-8-1'. * docs/VERSION.TXT: Add entry for version 2.8.1. * docs/CHANGES: Updated. * README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj, builds/windows/vc2005/index.html, builds/windows/vc2008/freetype.vcproj, builds/windows/vc2008/index.html, builds/windows/vc2010/freetype.vcxproj, builds/windows/vc2010/index.html, builds/windows/visualc/freetype.dsp, builds/windows/visualc/freetype.vcproj, builds/windows/visualc/index.html, builds/windows/visualce/freetype.dsp, builds/windows/visualce/freetype.vcproj, builds/windows/visualce/index.html, builds/wince/vc2005-ce/freetype.vcproj, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/freetype.vcproj, builds/wince/vc2008-ce/index.html: s/2.8/2.8.1/, s/28/281/. * include/freetype/freetype.h (FREETYPE_PATCH): Set to 1. * builds/unix/configure.raw (version_info): Set to 21:0:15. * CMakeLists.txt (VERSION_PATCH): Set to 1.
Werner Lemberg 17eb2406 2017-09-14T22:39:51 Update fuzzer-bot URL.
Werner Lemberg 7cb6f217 2017-09-14T12:09:37 Formatting.
suzuki toshiya b757ddb1 2017-09-13T22:17:03 [sfnt] lowest gcc for vectors ( e1d0249e ) is changed to 4.7. __builtin_shuffle() was introduced in gcc-4.7. The lowest gcc to enable vector operation is delayed from 4.6 to 4.7. * src/sfnt/pngshim.c (premultiply_data): Fix cpp-macro to enable the vector operation, to change the lowest gcc version from 4.6 to 4.7.
suzuki toshiya 5ad84577 2017-09-13T15:49:15 [cache] Fix a possible overflow by signed integer comparison. Improve the code by 5d3ff05615dda6d1325ed612381a17a0df04c975 , issues are found by Behdad Esfahbod and Werner Lemberg. * src/cache/ftcbasic.c (FTC_ImageCache_Lookup): Replace a subtraction to check higher bit by a bit operation, and cpp-conditionalize for appropriate systems. Add better documentation to the comment. (FTC_ImageCache_LookupScaler): Ditto. (FTC_SBitCache_Lookup): Ditto. (FTC_SBitCache_LookupScaler): Ditto.
Werner Lemberg 96dcc8ad 2017-09-13T08:16:23 [autofit] Really fix #41334 (#52000). * src/autofit/aflatin.c (af_latin_hints_compute_segments): Set `segment->delta' everywhere.
suzuki toshiya 21658c31 2017-09-12T15:59:18 [autofit, sfnt] Fix for `make multi'. * src/autofit/afshaper.c: Include FT_ADVANCE_H, to use FT_Get_Advance() in it. * src/sfnt/ttcmap.c: Include FT_SERVICE_POSTSCRIPT_CMAPS_H to use PS_Unicodes in it, also include `ttpost.h' to use tt_face_get_ps_name() in it.
Werner Lemberg 3e4b7997 2017-09-11T08:51:44 * src/sfnt/ttkern.c (tt_face_load_kern): Reject format 2 tables. Reported by Behdad.
Werner Lemberg 0ab2b62d 2017-09-09T08:08:47 [autofit] Improve communication with ftgrid. * src/autofit/afhints.c (af_glyph_hints_get_segment_offset): Provide values in font units.
suzuki toshiya 3ef59e59 2017-09-09T01:28:24 [base] Remove a check for resource ID in the resource fork driver. LastResort.dfont has a marginal resource ID 0xFFFF for sfnt resource. Inside Macintosh: More Macintosh Toolbox, `Resource IDs' (1-46), tells that some IDs are reserved and should not be used. FreeType2 just uses resource ID to sort the fragmented resource. To accept the marginal fonts, the checking is removed. * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Remove res_id validity check, fix a trace message format.
suzuki toshiya 5c4e40d7 2017-09-09T00:59:33 [sfnt, truetype] Register the tags for marginal fonts. The first 32bit of standard TrueType variants is 0x00010000, `OTTO', `ttcf', `true' or `typ1'. 2 marginal dfonts on legacy Mac OS X, Keyboard.dfont and LastResort.dfont, have the sfnt resources starting 0xA5 followed by `kbd' or `lst'. Considering the following data could be parsed as conventional TrueType fonts, the header checking is updated to allow these tags. It seems that recent Mac OS X has already switched to normal TTF for these fonts. See the discussion at http://u88.n24.queensu.ca/exiftool/forum/index.php?topic=3931.0 * include/freetype/tttags.h (TTAG_0xA5kbd, TTAG_0xA5lst): New header tags for Keyboard.dfont and LastResort.dfont. * src/sfnt/sfobjs.c (sfnt_open_font): Accept the sfnt resource starts with TTAG_0xA5kbd or TTAG_0xA5lst. * src/truetype/ttobjs.c (tt_face_init): Accept the face with the format tag is TTAG_0xA5kbd or TTAG_0xA5lst.
Alexei Podtelezhnikov 22a7f5b8 2017-09-07T22:36:02 Branding fixes.
Werner Lemberg a3dd6d99 2017-09-05T23:02:04 Fix multiple calls of `FT_Bitmap_Convert'. The documentation of `FT_Bitmap_Convert' says that multiple calls do proper reallocation of the target FT_Bitmap object. However, this failed for the sequence non-empty bitmap empty bitmap non-empty bitmap Reason was that `FT_Bitmap_Convert' only reallocated the bitmap buffer if it became too small; it didn't make the buffer smaller. For an empty bitmap following a non-empty one, only the buffer dimension got set to zero, without deallocation. If the next call was a non-empty buffer again, an assertion in `ft_mem_qrealloc' was triggered. * src/base/ftbitmap.c (FT_Bitmap_Convert): Always reallocate target buffer to the correct size. * docs/CHANGES: Document it.
Werner Lemberg 7d017ba8 2017-09-05T15:28:21 [bdf] Fix size and resolution handling. * src/bdf/bdfdrivr.c (BDF_Face_Init): Use `SIZE' values if `POINT_SIZE', `RESOLUTION_X', or `RESOLUTION_Y' properties are missing. * docs/CHANGES: Document it.
Alexei Podtelezhnikov f0898b92 2017-08-25T21:40:01 Swap `ALLOC_MULT' arguments (#51833). * src/base/ftbitmap.c (ft_bitmap_assure_buffer): Updated. * src/winfonts/winfnt.c (FNT_Load_Glyph): Updated. * src/raster/ftrend1.c (ft_raster1_render): Updated.
Werner Lemberg e1d0249e 2017-08-23T08:18:22 [sfnt] Fix clang compilation (#51788). * src/sfnt/pngshim.c (premultiply_data): Use vectors instead of scalars. (vector_shuffle): New macro to take of a different built-in function name on clang.
Werner Lemberg bd28952e 2017-08-22T08:41:03 [base] Don't zero out allocated memory twice (#51816). Patch applied from bug report. * src/base/ftutil.c (ft_mem_qrealloc): Use low-level allocation to avoid unnecessary overhead.
Werner Lemberg 0aca17cf 2017-08-22T08:25:14 [truetype] Integer overflow. Changes triggered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3107 * src/truetype/ttinterp.c (Ins_MDRP, Ins_MIRP, Ins_ALIGNPTS): Use NEG_LONG.
Alexei Podtelezhnikov 7653c765 2017-08-17T21:28:32 [sfnt] Avoid synthetic unicode for symbol fonts with PUA. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=754574 * src/sfnt/sfobjs.c (sfnt_load_face): Check for FT_ENCODING_MS_SYMBOL.
Werner Lemberg cadd29de 2017-08-16T13:32:17 * src/sfnt/pngshim.c (premultiply_data): Fix compiler warnings.
Behdad Esfahbod c9d7c03f 2017-08-15T08:48:17 [sfnt] Speed up PNG image loading. This reduces the overhead of `premultiply_data' by 60%. * src/sfnt/pngshim.c (premultiply_data): Provide code which uses gcc's (and clang's) `vector_byte' attribute to process 4 pixels at a time.
Werner Lemberg b45043c4 2017-08-11T09:34:20 [sfnt, truetype] Improve handling of missing sbits. Requested by Behdad. Modern bitmap-only SFNTs like `NotoColorEmoji.ttf' don't contain entries in the bitmap strike(s) for empty glyphs. Instead, they rely that a space glyph gets created from the font's metrics data. This commit makes FreeType behave accordingly. * include/freetype/fterrdef.h (FT_Err_Missing_Bitmap): New error code. * src/sfnt/ttsbit.c (tt_sbit_decoder_load_image): Change error codes to make a distinction between a missing bitmap in a composite and a simple missing bitmap. * src/truetype/ttgload.c (TT_Load_Glyph): For a missing bitmap (in a bitmap-only font), synthesize an empty bitmap glyph if metrics are available.
Werner Lemberg f2e121ab 2017-08-10T12:56:50 [base] Minor API improvement for default variation axis setting. * src/base/ftmm.c (FT_Set_MM_Design_Coordinates, FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Allow coords==NULL if num_coords==0. * docs/CHANGES: Updated.
Werner Lemberg c87fec02 2017-08-09T07:45:12 [psnames] Really fix issue #49949. We now use a separate preprocessor macro to handle both definition and declaration of the glyph name arrays. * src/psnames/psmodule.c (DEFINE_PS_TABLE_DATA): New macro. * src/tools/glnames.py (StringTable::dump, StringTable::dump_sublist): Use `DEFINE_PS_TABLE_DATA'. (dump_encoding): Ditto. (main): Use `wb' mode for writing the output file, which works on Windows also. * src/psnames/pstables.h: Regenerated.
Alexei Podtelezhnikov 410f3799 2017-03-09T00:08:38 [smooth] Harmony LCD rendering. This is a new technology for LCD-optimized rendering. It capitalizes on the fact that each color channel grid is shifted by a third of a pixel. Therefore it is logical to render 3 separate monochrome bitmaps shifting the outline by 1/3 pixel, and then combine them. Importantly, the resulting output does not require additional LCD filtering. * src/smooth/ftsmooth.c (ft_smooth_render_generic) [!FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Implement new LCD-optimized rendering. * include/freetype/ftlcdfil.h, include/freetype/freetype.h, include/freetype/config/ftoption.h, devel/ftoption.h: Updated documentation.
Alexei Podtelezhnikov 5710ef98 2017-08-08T22:00:35 * src/smooth/ftsmooth.c (ft_smooth_render_generic): Clean up.
Alexei Podtelezhnikov a9d8e90c 2017-08-08T21:42:37 * src/sftnt/ttpost.c (format): Use otspec-compliant versions.
Werner Lemberg 17196b7c 2017-08-05T18:58:34 [truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2868 * src/truetype/ttinterp.c (Ins_ALIGNRP): Use NEG_LONG.
Werner Lemberg f43b3094 2017-08-05T18:22:17 [base, truetype] New function `FT_Get_Var_Axis_Flags'. The reserved `flags' field got a value in OpenType version 1.8.2; unfortunately, the public `FT_Var_Axis' structure misses the corresponding element. Since we can't add a new field, we add an access function. * src/base/ftmm.c (FT_Get_Var_Axis_Flags): New function. * include/freetype/ftmm.h (FT_VAR_AXIS_FLAG_HIDDEN): New macro. Updated. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Increase allocated memory of `mmvar' to hold axis flags. Fill the axis flags array. * docs/CHANGES: Updated.
Nikolaus Waxweiler 24e256ab 2017-08-04T08:25:31 [truetype] Fix metrics of B/W hinting in v40 mode. Phantom points are now saved outside v40 backwards compatibility mode. This fixes the jumping glyphs when switching between v35 and v40 monochrome mode. * src/truetype/ttgload.c (TT_Hint_Glyph): Fix inversed bool logic.
Nikolaus Waxweiler 7f44c2db 2017-08-03T06:15:30 [truetype] Do not set any ClearType flags in v40 monochrome mode. This fixes weird behavior of instructions that resulted in rendering differences between v35 and v40 in monochrome mode, e.g., in `timesbi.ttf'. * src/truetype/ttinterp.c (Ins_GETINFO) [TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Check `subpixel_hinting_lean'.
Werner Lemberg 7e508242 2017-08-01T12:44:35 * src/truetype/ttgxvar.c (TT_Get_MM_Var): Fix thinko.
Behdad Esfahbod 55bbb98f 2017-08-01T09:17:02 [truetype] Fix loading of named instances. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Preserve file position while loading the `avar' table.
Werner Lemberg ce367774 2017-08-01T08:24:51 [sfnt, truetype] Minor adjustments for OpenType 1.8.2. * src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now (tighter) limits. * src/truetype/ttgload.c (load_truetype_glyph): The new OpenType version explicitly allows all negative values for the number of contours if we have a composite glyph (this is for better backwards compatibility I guess), but it still recommends value -1.
Werner Lemberg 933f4cbe 2017-07-26T23:32:32 [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738 * src/cff/cf2hints.c (cf2_glyphpath_computeOffset, cf2_glyphpath_curveTo): Use ADD_INT32.
Werner Lemberg 38bdf22b 2017-07-13T10:28:09 [truetype] Improve code comment.
Werner Lemberg fe0a7d9d 2017-07-13T10:25:42 [base] Fix memory leak. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738362 * src/base/ftglyph.c (FT_Get_Glyph): Do proper deallocation in case of error.
Werner Lemberg 134de096 2017-07-12T22:16:37 [base] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2573 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use FT_PIX_CEIL_LONG and FT_PIX_ROUND_LONG.
Werner Lemberg 3d083fc2 2017-07-12T00:24:48 * src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo. Also improve tracing message. Problem reported as https://bugs.chromium.org/p/chromium/issues/detail?id=738919
Werner Lemberg 9ea83c78 2017-07-07T17:09:43 [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2517 * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32.
Werner Lemberg cf8d9b4c 2017-07-05T23:07:01 * src/sfnt/ttcmap.c (tt_cmap_unicode_class_rec): Fix warning.
Werner Lemberg 4261e497 2017-07-05T23:00:23 * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Fix warning (#51395).
Werner Lemberg 1c85479d 2017-07-04T08:08:54 [truetype] Prevent address overflow (#51365). * src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.
Alexei Podtelezhnikov c56d8851 2017-07-03T22:49:07 * src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code.
Werner Lemberg ca799e9b 2017-07-03T06:27:52 [truetype] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455 * src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG.
Alexei Podtelezhnikov abeb28f1 2017-07-01T16:48:32 * src/sfnt/sfobjs.c (sfnt_load_face): Ignore No_Unicode_Glyph_Name.
Ben Wagner 7819aeb6 2017-06-28T22:57:41 Avoid Microsoft compiler warnings (#51331). While clang's sanitizer recommends a cast to unsigned for safe negation (to handle -INT_MIN), both MSVC and Visualc emit warning C4146 if an unsigned value gets negated. * include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32), src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a subtraction.
Werner Lemberg 2e7bb5e8 2017-06-27T16:56:38 * src/cff/cffparse.c (do_fixed): Fix typo. Spotted by chris <chris@gcjd.org>.
Werner Lemberg dde8f5ab 2017-06-27T06:16:04 [truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391 * src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use NEG_LONG. * src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG.
Werner Lemberg b27cef27 2017-06-24T20:17:46 [truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364 * src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG.
Werner Lemberg 298e2ea5 2017-06-22T11:52:43 [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328 * src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and SUB_INT32. * src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG.
Alexei Podtelezhnikov 75cb071b 2017-06-21T22:52:37 [sfnt] Synthesize a Unicode charmap if one is missing. * src/sfnt/ttcmap.h (tt_cmap_unicode_class_rec): Declare it. * src/sfnt/ttcmap.c (tt_get_glyph_name, tt_cmap_unicode_init, tt_cmap_unicode_done, tt_cmap_unicode_char_index, tt_cmap_unicode_char_next, tt_cmap_unicode_class_rec): Implement synthetic Unicode charmap class. (tt_get_cmap_info): Make sure the callback is available. * src/sfnt/sfobjs.c (sfnt_load_face) [FT_CONFIG_OPTION_POSTSCRIPT_NAMES]: If Unicode charmap is missing, synthesize one. * include/freetype/config/ftoption.h: Document it. * devel/ftoption.h: Ditto.
Werner Lemberg 390048fa 2017-06-20T18:03:20 Remove deprecated comment.
Werner Lemberg 8c763fb1 2017-06-20T07:49:52 [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313 * src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32. * src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
Alexei Podtelezhnikov 7b727833 2017-06-17T23:28:14 [base, smooth] LCD filtering cleanups. * src/base/ftlcdlil.c (ft_lcd_filter_fir, _ft_lcd_filter_legacy): Clean up, start filtering from the bottom-left origin. * src/smooth/ftsmooth.c (ft_smooth_render_generic): Updated.
Werner Lemberg 4dc00cf5 2017-06-16T13:33:09 [truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278 * src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use ADD_LONG and SUB_LONG.
Werner Lemberg dbeb7bce 2017-06-15T19:39:50 [bdf, cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2244 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2261 * src/bdf/bdfdrivr.c (BDF_Face_Init): Replace calls to FT_ABS with direct code to avoid value negation. * src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32 and ADD_INT32.
Werner Lemberg 79e3789f 2017-06-14T07:51:04 * src/winfonts/winfnt.c (FNT_Face_Init): Don't set active encoding. FreeType only sets a default active encoding for Unicode.
Werner Lemberg 5c402d97 2017-06-13T06:56:48 [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218 * src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32. * src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.
Werner Lemberg 3ed3a961 2017-06-11T13:50:37 [cff] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210 * src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and ADD_INT32. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use ADD_INT32.
Werner Lemberg 5f2a72cb 2017-06-10T11:29:24 [truetype] Fix TT_Set_Var_Design. Reported by Nikolaus Waxweiler <madigens@gmail.com>. * src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the case where we have less input coordinates than axes.
Werner Lemberg 2c4fba9c 2017-06-10T11:03:41 * src/base/ftcalc.c (FT_DivFix): Fix embarrassing typo. Bug introduced 2017-05-28.
Werner Lemberg 9038837e 2017-06-09T20:42:46 [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186 * src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32. * src/truetype/ttinterp.c (Round_None, Round_To_Grid, Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid, Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG, SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG, FT_PAD_ROUND_LONG (Ins_SxVTL, Ins_MIRP): Use SUB_LONG. (_iup_worker_shift): Use SUB_LONG and ADD_LONG.
Werner Lemberg dcd8de27 2017-06-09T11:21:58 */*: Remove `OVERFLOW_' prefix. This increases readability.
Werner Lemberg 7bffeacd 2017-06-07T17:08:01 [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137 * src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use OVERFLOW_SUB_LONG.
Werner Lemberg 24848a3d 2017-06-06T12:05:04 [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32. * src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else branches.
Werner Lemberg 86670429 2017-06-05T06:20:53 [cff] Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2089 * src/cff/cffload.c (cff_blend_doBlend): User OVERFLOW_ADD_INT32.
Werner Lemberg 9fa8a299 2017-06-04T20:43:08 [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088 * src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32. * src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG, OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.
Werner Lemberg addb2ddd 2017-06-03T21:05:42 [base, cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068 * src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG. * src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32. * src/truetype/ttgload.c (compute_glyph_metrics): User OVERFLOW_SUB_LONG. * src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig, Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X, Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
Werner Lemberg 2c2e6403 2017-06-03T07:38:11 [bdf] Synchronize sanity checks with pcf driver. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2054 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2058 * src/bdf/bdfdrivr.c (BDF_Face_Init): Check font ascent and descent. Check AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y properties.
Werner Lemberg 1ea34322 2017-06-03T06:52:13 [cff, truetype] Integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057 * src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32. * src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG. (Ins_SUB): Use OVERFLOW_SUB_LONG. (Ins_NEG): Use NEG_LONG.
Werner Lemberg 0716c6ab 2017-06-02T19:24:03 [cff] Even more integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2046 * src/cff/cf2intrp.c (cf2_doStems, cf2_interpT2CharString): Use OVERFLOW_ADD_INT32.
Werner Lemberg 7a4276fb 2017-06-02T09:21:37 [cff] More integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032 * src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
Werner Lemberg 03b0cc2e 2017-06-02T09:16:52 [bdf] Don't left-shift negative numbers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2031 * src/bdf/bdfdrivr.c (BDF_Face_Init): Use multiplication.
Werner Lemberg 47a03e9b 2017-06-02T09:06:36 [bdf] Fix integer scanning routines. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2029 * src/bdf/bdflib.c (_bdf_atoul, _bdf_atol, _bdf_atous, _bdf_atos): Stop scanning if result would overflow.
Werner Lemberg 3802ca8b 2017-06-02T08:44:20 [cff] Fix integer overflows. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028 * src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c (cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32.
Werner Lemberg cd02d359 2017-06-01T17:05:39 [smooth] Some 32bit integer overflow run-time errors. * src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG, OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros. [!STANDALONE]: Include FT_INTERNAL_CALC_H. (gray_render_cubic): Use those macros where appropriate.
Werner Lemberg 0ad32623 2017-06-01T17:00:37 * src/base/ftglyph.c (FT_Get_Glyph): Check `slot->advance'.
Werner Lemberg 4a1f1a6d 2017-06-01T13:15:54 [psaux] 32bit integer overflow tun-time errors (#46149). * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where appropriate.
Werner Lemberg 8d435c46 2017-06-01T07:09:44 * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. Problem reported by Marek Kašík <mkasik@redhat.com>. The problematic font that exceeds the old limit is Padauk-Bold, version 3.002, containing bytecode generated by a buggy version of ttfautohint.
Werner Lemberg e66d7300 2017-05-31T16:16:50 [cff] 32bit integer overflow run-time errors 2/2 (#46149). This commit handles the new engine. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG, NEG_INT32): New macros. * src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32. * src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init, cf2_hintmap_map, cf2_glyphpath_hintPoint, cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset, cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and NEG_INT32 where appropriate. * src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend, cf2_interpT2CharString): Ditto. Also add some other code where needed to avoid overflow.
Werner Lemberg 9b710cd5 2017-05-30T22:35:41 [cff] 32bit integer overflow run-time errors 1/2 (#46149). This commit handles the old engine. * src/cff/cffgload.c: Include FT_INTERNAL_CALC_H. (cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where needed. * src/cff/cffparse.c: Include FT_INTERNAL_CALC_H. (power_ten_limits): New static array. (do_fixed): Use it to prevent multiplication overflow. (cff_parser_run): Use OVERFLOW_ADD_LONG.
Werner Lemberg 0e7b9f86 2017-05-30T22:22:19 [psaux] Correctly handle sequences of multiple number signs. * src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed): Return zero if we encounter more than a single sign.
Werner Lemberg f0146329 2017-05-29T21:04:27 [pcf] 32bit integer overflow run-time errors (#46149). * src/pcf/pcfread.c (pcf_get_accel): Add sanity checks for `fontAscent' and `fontDescent'. (pcf_load_font): Add sanity checks for global height. Add sanity checks for AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and RESOLUTION_Y properties.
Werner Lemberg fbe2fe4c 2017-05-29T13:29:28 Handle some integer overflow run-time errors (#46149, #48979). This commit (mainly for 32bit CPUs) is the first of a series of similar commits to handle known integer overflows. Basically, all of them are harmless, since they affect rendering of glyphs only, not posing security threats. It is expected that fuzzying will show up more overflows, to be fixed in due course. The idea is to mark places where overflows can occur, using macros that simply cast to unsigned integers, because overflow arithmetic is well defined in this case. Doing so suppresses run-time errors of sanitizers without adding computational overhead. * include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT, OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG, OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros. * src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply, FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled, ft_corner_orientation): Use new macros. * src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros.
Werner Lemberg 2e4188d8 2017-05-28T07:46:22 [cff] s/cf2_floatToFixed/cf2_doubleToFixed/. The new name better describes what the macro actually does; additionally, we don't need a trailing `f' for literals (there was only a single such instance in the code, but this caused a clang warning because the macro itself uses `double' literals). * src/cff/cf2blues.c, src/cff/cf2blues.h, src/cff/cf2fixed.h, src/cff/cf2font.c, src/cff/cf2hints.c: Updated.
Werner Lemberg 93572190 2017-05-28T07:20:09 Fix negation of INT_MIN and LONG_MIN (#46149). * src/base/ftcalc.c (FT_MOVE_SIGN): Add argument to pass unsigned value, to be used as the result. (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix, FT_MulFix, FT_Vector_NormLen): Updated.
Werner Lemberg a9331c0f 2017-05-27T15:50:25 [truetype] Fix handling of design coordinates (#51127). * src/truetype/ttgxvar.c (tt_set_mm_blend): Compute all design coordinates if we have to create the `blends->coord' array. (TT_Get_MM_Blend, TT_Get_Var_Design): Select default instance coordinates if no instance is selected yet.
Werner Lemberg 082f2faf 2017-05-24T07:40:46 [bdf, pcf] Support ISO646.1991-IRV character encoding (aka ASCII). Problem reported by Marek Kašík <mkasik@redhat.com>, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1451795 * src/bdf/bdfdrivr.c (BDF_Face_Init), src/pcf/pcfdrivr.c (PCF_Face_Init): Implement it.
Nikolaus Waxweiler a0455468 2017-05-20T07:28:46 [truetype] Always use interpreter v35 for B/W rendering (#51051). * src/truetype/ttgload.c (tt_loader_init) [TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Adjust `subpixel_hinting_lean', `grayscale_cleartype', and `vertical_lcd_lean' accordingly. * src/truetype/ttinterp.c (Ins_GETINFO): Updated. (TT_RunIns): Update `backward_compatibility' flag.