src


Log

Author Commit Date CI Message
Werner Lemberg bcf618b2 2015-11-02T06:50:49 [ftfuzzer] Add support for multiple files (patch #8779). Currently, libFuzzer only supports mutation of a single file. We circumvent this problem by using an uncompressed tar archive as multiple-file input for the fuzzer. This patch enables tests of `FT_Attach_Stream' and AFM/PFM parsing; a constructed tarball should contain a font file as the first element, and files to be attached as further elements. * src/tools/ftfuzzer/ftfuzzer.cc: Include libarchive headers. (archive_read_entry_data, parse_data): New functions. (LLVMFuzzerTestOneInput): Updated. * src/tools/ftfuzzer/ftmutator.cc: New file, providing a custom mutator for libFuzzer that can mutate tarballs in a sensible way.
Werner Lemberg 40cb1dc3 2015-10-31T19:08:27 Formatting.
Werner Lemberg 57cbb8c1 2015-10-31T18:47:26 [sfnt] Fix cmap 14 validation (#46346). * src/sfnt/ttcmap.c (tt_cmap14_validate): Check limit before accessing `numRanges' and `numMappings'. Fix size check for non-default UVS table.
Werner Lemberg 009cc150 2015-10-31T17:52:56 [sfnt] Handle infinite recursion in bitmap strikes (#46344). * src/sfnt/ttsbit.c (TT_SBitDecoder_LoadFunc, tt_sbit_decoder_load_bitmap, tt_sbit_decoder_load_byte_aligned, tt_sbit_decoder_load_bit_aligned, tt_sbit_decoder_load_png): Add argument for recursion depth. (tt_sbit_decoder_load_compound): Add argument for recursion depth. Increase recursion counter for recursive call. (tt_sbit_decoder_load_image): Add argument for recursion depth. Check recurse depth. (tt_face_load_sbit_image): Updated.
Werner Lemberg 4188deac 2015-10-30T08:07:56 Comments.
Werner Lemberg 02cfd714 2015-10-29T20:50:57 * src/autofit/afhints.c (af_glyph_hints_dump_points): Minor.
Werner Lemberg fba29fab 2015-10-27T21:04:48 [pfr] Add some safety guards (#46302). * src/pfr/pfrload.h (PFR_CHECK): Rename to... (PFR_CHECK_SIZE): ... this. (PFR_SIZE): [!PFR_CONFIG_NO_CHECKS]: Define to PFR_CHECK_SIZE. * src/pfr/pfrload.c (pfr_log_font_count): Check `count'. (pfr_extra_item_load_kerning_pairs): Remove tracing message. (pfr_phy_font_load): Use PFR_CHECK_SIZE where appropriate. Allocate `chars' after doing a size checks. * src/pfr/pfrsbit.c (pfr_load_bitmap_bits): Move test for invalid bitmap format to... (pfr_slot_load_bitmap): ... this function. Check bitmap size.
Werner Lemberg 4a3fce93 2015-10-27T19:27:39 [pfr] Formatting, improving comments.
Werner Lemberg 6a19a7d3 2015-10-26T15:40:22 [truetype] Fix sanitizing logic for `loca' (#46223). * src/truetype/ttpload.c (tt_face_load_loca): A thinko caused an incorrect adjustment of the number of glyphs, most often using far too large values.
Werner Lemberg 7f00fa64 2015-10-25T10:59:59 [autofit] Improve tracing. * src/autofit/afhints.c (af_print_idx, af_get_segment_index, af_get_edge_index): New functions. (af_glyph_hints_dump_points): Remove unnecessary `|', `[', and `]'. Add segment and edge index for each point. Slightly change printing order of some elements. Don't print `-1' but `--' for missing elements. (af_glyph_hints_dump_segments, af_glyph_hints_dump_edges): Remove unnecessary `|', `[', and `]'. Don't print `-1' but `--' for missing elements.
Werner Lemberg 07f27e1e 2015-10-24T15:22:13 Thinkos and omissions.
Werner Lemberg 6f09011f 2015-10-24T10:10:22 [sfnt] Sanitize bitmap strike glyph height. Problem reported by Nikolay Sivov <bunglehead@gmail.com>. * src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Avoid zero value for `metrics->height' by applying some heuristics.
Werner Lemberg e93d326c 2015-10-22T10:17:20 [sfnt, type42] Fix clang compiler warnings. * src/sfnt/sfobjs.c (sfnt_init_face): Initialize `offset'. * src/type42/t42parse.c (t42_parse_sfnts): Use proper cast.
Werner Lemberg f1c93439 2015-10-22T10:11:23 [cff] Avoid overflow/module arithmetic. This modifies the addition of subroutine number to subroutine bias from unsigned to signed, but does not change any results. * src/cff/cf2ft.c (cf2_initGlobalRegionBuffer, cf2_initLocalRegionBuffer): Change variable names from (unsigned) `idx' to (signed) `subrNum', since it is not an index until after the bias is added. * src/cff/cf2ft.h: Updated. * src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>: Updated similarly.
Werner Lemberg 59ae73fe 2015-10-22T09:26:00 [cid] Better check of `SubrCount' dictionary entry (#46272). * src/cid/cidload.c (cid_face_open): Add more sanity tests for `fd_bytes', `gd_bytes', `sd_bytes', and `num_subrs'.
Werner Lemberg e484d36b 2015-10-21T20:48:27 [base] Pacify compiler (#46266). * src/base/ftoutln.c (FT_Outline_EmboldenXY): Initialize `in' and `anchor'.
Werner Lemberg 87fefc59 2015-10-21T20:29:12 [type42] Fix heap buffer overflow (#46269). * src/type42/t42parse.c (t42_parse_sfnts): Fix off-by-one error in bounds checking.
Dave Arnold 3cfd5123 2015-10-21T14:07:25 [cff] Fix limit in assert for max hints. * src/cff/cf2interp.c (cf2_hintmask_setAll): Allow mask equal to the limit (96 bits).
Werner Lemberg 3066f5f5 2015-10-21T14:05:41 Revert erroneously applied commits.
Dave Arnold 748e3681 2015-10-21T13:58:43 [cff] Remove an assert (#46107). * src/cff/cf2hints.c (cf2_hintmap_insertHint): Ignore paired edges in wrong order.
Werner Lemberg e6593389 2015-10-21T08:04:29 [sfnt] Avoid unnecessarily large allocation for WOFFs (#46257). * src/sfnt/sfobjs.c (woff_open_font): Use WOFF's `totalSfntSize' only after thorough checks. Add tracing messages.
Werner Lemberg 649ca556 2015-10-21T07:01:45 [type42] Better check invalid `sfnts' array data (#46255). * src/type42/t42parse.c (t42_parse_sfnts): Table lengths must be checked individually against available data size.
Werner Lemberg 3eccc3a3 2015-10-20T22:31:57 [cid] Add a bunch of safety checks. * src/cid/cidload.c (parse_fd_array): Check `num_dicts' against stream size. (cid_read_subrs): Check largest offset against stream size. (cid_parse_dict): Move safety check to ... (cid_face_open): ... this function. Also test length of binary data and values of `SDBytes', `SubrMapOffset', `SubrCount', `CIDMapOffset', and `CIDCount'.
Werner Lemberg d47d372c 2015-10-20T12:24:36 [cid] Avoid segfault with malformed input (#46250). * src/cid/cidload.c (cid_read_subrs): Return a proper error code for unsorted offsets.
Werner Lemberg 3c582060 2015-10-20T06:57:28 * src/type1/t1afm.c (T1_Read_Metrics): Fix memory leak (#46229).
Bungeman ba8a528b 2015-10-19T23:27:06 [cid] Better handle invalid glyph stream offsets (#46221). * src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph length.
Werner Lemberg 24cee3a8 2015-10-19T23:00:28 [psaux] Fix tracing of negative numbers. Due to incorrect casting negative numbers were shown as very large (positive) integers on 64bit systems. * src/psaux/t1decode.c (t1_decoder_parse_charstrings) <op_none>: Use division instead of shift.
Werner Lemberg 5179c89f 2015-10-19T08:49:25 Comments.
Werner Lemberg dcfc4d9c 2015-10-18T16:47:06 [truetype] Better protection against malformed `fpgm' (#46223). * src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a malformed `fpgm' table more than once.
Werner Lemberg 7643b583 2015-10-17T15:51:29 * src/cid/cidgload.c (cid_load_glyph): Fix memory leak. Reported by Kostya Serebryany <kcc@google.com>.
Werner Lemberg b185747d 2015-10-17T14:21:41 [bdf] Prevent memory leak (#46217). * src/bdf/bdflib.c (_bdf_parse_glyphs) <STARTCHAR>: Check _BDF_GLYPH_BITS.
Werner Lemberg 797ca5ac 2015-10-17T11:57:16 Typo.
Werner Lemberg e1ca18d4 2015-10-17T11:51:27 [bdf] Use stream size to adjust number of glyphs. * src/bdf/bdflib.c (ACMSG17): New message macro. (_bdf_parse_t): Add member `size'. (bdf_load_font): Set `size'. (_bdf_parse_glyphs): Adjust `cnt' if necessary.
Werner Lemberg 0af21dcf 2015-10-17T09:29:52 * src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.
Werner Lemberg 38a3dd55 2015-10-17T09:15:37 Typo.
Werner Lemberg 0ba98da4 2015-10-17T09:11:02 * src/cid/cidgload.c (cid_glyph_load): Check file offsets (#46222).
Werner Lemberg 8edfcbed 2015-10-17T08:11:16 [psaux] Fix heap buffer overflow (#46221). * src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>: Fix limit check.
Werner Lemberg a5ecfb4c 2015-10-17T06:15:55 * src/cid/cidload.c (cid_parse_dict): Handle invalid input (#46220).
Kostya Serebryany 266976b1 2015-10-15T22:15:53 add src/tools/ftfuzzer/README
Bungeman 65d89804 2015-10-15T23:50:16 [bdf] Fix memory leak (#46213). * src/bdf/bdflib.c (bdf_load_font): Always go to label `Fail' in case of error.
Werner Lemberg 24a1fcdf 2015-10-15T21:50:15 [truetype] Add TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES (#46208). * devel/ftoption.h, include/freetype/config/ftoption.h (TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES): New configuration macro. * src/truetype/ttinterp.c (MAX_RUNNABLE_OPCODES): Removed. (TT_RunIns): Updated.
Werner Lemberg 837ad9d4 2015-10-15T21:15:45 * src/truetype/ttinterp.c (TT_RunIns): Fix bytecode stack tracing. The used indices were off by 1.
Werner Lemberg 8b76eaf0 2015-10-15T18:28:43 * src/tools/ftfuzzer/ftfuzzer.cc: Handle fixed sizes (#46211).
Werner Lemberg e03214e1 2015-10-15T16:58:13 [base] Compute MD5 checksums only if explicitly requested. This improves profiling accuracy. * src/base/ftobjs.c (FT_Render_Glyph_Internal): Implement it.
Werner Lemberg 6de2a355 2015-10-15T08:40:12 Minor.
Werner Lemberg 2a20c92c 2015-10-14T15:23:15 [base] Use `FT_' namespace for MD5 functions (#42366). * src/base/ftobjs.c (MD5_*): Define as `FT_MD5_*'. Undefine HAVE_OPENSSL.
Werner Lemberg 8539915d 2015-10-13T20:43:19 [type1] Correctly handle missing MM axis names (#46202). * src/type1/t1load.c (T1_Get_MM_Var): Implement it.
Werner Lemberg 58b61b6e 2015-10-13T18:26:18 [pcf] Quickly exit if font index < 0. Similar to other font formats, this commit makes the parser no longer check the whole PCF file but only the header and the TOC if we just want to get the number of available faces (and a proper recognition of the font format). * src/pcf/pcfdrivr.c (PCF_Face_Init): Updated. Exit quickly if face_index < 0. * src/pcfread.c (pcf_load_font): Add `face_index' argument. Exit quickly if face_index < 0. * src/pcf/pcf.h: Updated.
Werner Lemberg bdb56bba 2015-10-13T11:51:13 [ftfuzzer] Handle TTCs and MM/GX variations. This patch also contains various other improvements. * src/tools/ftfuzzer/ftfuzzer.cc: Add preprocessor guard to reject pre-C++11 compilers. (FT_Global): New class. Use it to provide a global constructor and destructor for the `FT_Library' object. (setIntermediateAxis): New function to select an (arbitrary) instance. (LLVMFuzzerTestOneInput): Loop over all faces and named instances. Also call `FT_Set_Char_Size'.
Werner Lemberg 43a96eb2 2015-10-13T11:18:55 [truetype] Refine some GX sanity tests. Use the `gvar' table size instead of the remaining bytes in the stream. * src/truetype/ttgxvar.h (GX_BlendRec): New field `gvar_size'. * src/truetype/ttgxvar.c (ft_var_load_gvar): Set `gvar_size'. (ft_var_readpackedpoints, ft_var_readpackeddeltas: New argument `size'. (tt_face_vary_cvt, TT_Vary_Apply_Glyph_Deltas): Updated.
Werner Lemberg 052f6c56 2015-10-13T08:24:32 [truetype] Another GX sanity test. * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Check `tupleCount'. Add tracing message.
Werner Lemberg 7ef0d866 2015-10-13T08:14:20 [truetype] Fix memory leak for broken GX fonts (#46188). * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Fix scope of deallocation.
Werner Lemberg f96094ee 2015-10-13T07:13:56 [truetype] Fix commit from 2015-10-10. * src/truetype/ttgxvar.c (ft_var_load_gvar): Add missing error handling body to condition.
Werner Lemberg 4f7f6f6e 2015-10-11T07:55:25 [sfnt] Improve extraction of number of named instances. * src/sfnt/sfobjs.c (sfnt_init_face) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Check number of instances against `fvar' table size.
Alexei Podtelezhnikov c14ae9c5 2015-10-10T22:28:26 * src/base/ftoutln.c (FT_Outline_Get_Orientation): Fix overflow (#46149).
Werner Lemberg 8de39a79 2015-10-10T13:34:11 [sfnt] Fix infinite loops with broken cmaps (#46167). * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next): Take care of border condidions (i.e., if the loops exit naturally).
Werner Lemberg da34673e 2015-10-10T10:21:27 [truetype] More sanity tests for GX handling. These tests should mainly help avoid unnecessarily large memory allocations in case of malformed fonts. * src/truetype/ttgxvar.c (ft_var_readpackedpoints, ft_var_readpackeddeltas): Check number of points against stream size. (ft_var_load_avar): Check `pairCount' against table length. (ft_var_load_gvar): Check `globalCoordCount' and `glyphCount' against table length. (tt_face_vary_cvt): Check `tupleCount' and `offsetToData'. Fix trace. (TT_Vary_Apply_Glyph_Deltas): Fix trace. Free `sharedpoints' to avoid memory leak.
Werner Lemberg c220d8b4 2015-10-10T08:13:04 [truetype] Better protection against malformed GX data (#46166). * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Correctly handle empty `localpoints' array.
Werner Lemberg d353f6e0 2015-10-10T06:54:46 * src/pcf/pcfread.c (pcf_read_TOC): Check stream size (#46162).
Werner Lemberg c12956e7 2015-10-09T09:38:32 * src/gzip/ftgzip.c (FT_Stream_OpenGzip): Use real stream size.
Werner Lemberg d98053c9 2015-10-08T23:17:41 [pcf] Protect against invalid number of TOC entries (#46159). * src/pcf/pcfread.c (pcf_read_TOC): Check number of TOC entries against size of data stream.
Werner Lemberg 06c2d332 2015-10-08T21:31:57 [type42] Protect against invalid number of glyphs (#46159). * src/type42/t42parse.c (t42_parse_charstrings): Check number of `CharStrings' dictionary entries against size of data stream.
Werner Lemberg 983b00ec 2015-10-08T18:44:45 [sfnt] Fix some signed overflows (#46149). * src/sfnt/ttsbit.c (tt_face_load_strike_metrics) <TT_SBIT_TABLE_TYPE_SBIX>: Use `FT_MulDiv'.
Werner Lemberg 12112241 2015-10-08T08:55:15 [type1] Protect against invalid number of subroutines (#46150). * src/type1/t1load.c (parse_subrs): Check number of `Subrs' dictionary entries against size of data stream.
Kostya Serebryany dde84f25 2015-10-07T22:18:22 [ftfuzzer] Add support for LLVM's LibFuzzer. * src/tools/ftfuzzer/ftfuzzer.cc, src/tools/runinput.cc: New files.
Alexei Podtelezhnikov 6eb6158d 2015-10-06T22:39:54 [smooth] Faster alternative line renderer. This implementation renders the entire line segment at once without subdividing it into scanlines. The main speed improvement comes from reducing the number of divisions to just two per line segment, which is a bare minimum to calculate cell coverage in a smooth rasterizer. Notably, the progression from cell to cell does not itself require any divisions at all. The speed improvement is more noticeable at larger sizes. * src/smooth/ftgrays.c (gray_render_line): New implementation.
Werner Lemberg 066a4913 2015-10-06T07:55:32 [cff] Return correct PS names from pure CFF (#46130). * src/cff/cffdrivr.c (cff_get_ps_name): Use SFNT service only for SFNT.
Werner Lemberg 30fe5e76 2015-10-04T13:08:08 [base] Replace left shifts with multiplication (#46118). * src/base/ftglyph.c (ft_bitmap_glyph_bbox, FT_Get_Glyph): Do it.
Werner Lemberg 8cabd919 2015-10-04T08:18:01 * Version 2.6.1 released. ========================= Tag sources with `VER-2-6-1'. * docs/VERSION.DLL: Update documentation and bump version number to 2.6.1. * README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj, builds/windows/vc2005/index.html, builds/windows/vc2008/freetype.vcproj, builds/windows/vc2008/index.html, builds/windows/vc2010/freetype.vcxproj, builds/windows/vc2010/index.html, builds/windows/visualc/freetype.dsp, builds/windows/visualc/freetype.vcproj, builds/windows/visualc/index.html, builds/windows/visualce/freetype.dsp, builds/windows/visualce/freetype.vcproj, builds/windows/visualce/index.html, builds/wince/vc2005-ce/freetype.vcproj, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/freetype.vcproj, builds/wince/vc2008-ce/index.html: s/2.6/2.6.1/, s/26/261/. * include/freetype/freetype.h (FREETYPE_PATCH): Set to 1. * builds/unix/configure.raw (version_info): Set to 18:1:12. * CMakeLists.txt (VERSION_PATCH): Set to 1. * src/autofit/afmodule.c [AF_DEBUG_AUTOFIT]: Ensure C linking for dumping functions.
Werner Lemberg b260dc9f 2015-10-04T07:39:22 [bzip2, gzip] Avoid access of unitialized memory (#46109). * src/bzip2/ftbzip2.c (ft_bzip2_file_fill_input), src/gzip/ftgzip.c (ft_gzip_file_fill_input): In case of an error, adjust the limit to avoid copying uninitialized memory.
Werner Lemberg 53838ce0 2015-10-03T21:12:25 [bzip2, gzip] Avoid access of unitialized memory (#46109). * src/bzip2/ftbzip2.c (ft_bzip2_file_fill_output), src/gzip/ftgzip.c (ft_gzip_file_fill_output): In case of an error, adjust the limit to avoid copying uninitialized memory.
Alexei Podtelezhnikov e2dae8fe 2015-10-01T22:03:34 [smooth] Clean up worker. * src/smooth/ftgrays.c (gray_TWorker): Remove never used fields.
Werner Lemberg 90e437e3 2015-10-01T20:00:27 [sfnt] Make `tt_cmap4_char_map_linear' more robust (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Take care of border conditions (i.e., if the loop exits naturally).
Werner Lemberg fab67b85 2015-10-01T16:47:05 * src/autofit/afranges.c (af_deva_nonbase_uniranges): Fix ranges. They should be a subset of `af_deva_uniranges'.
Werner Lemberg f68bd408 2015-10-01T16:43:45 afranges.c: Add some comments.
Werner Lemberg 5f8f44d2 2015-10-01T14:16:03 [sfnt] Make `tt_cmap4_char_map_linear' faster (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Use inner loop to reject too large glyph indices.
Alexei Podtelezhnikov 8bbcfb2c 2015-09-30T23:08:53 [smooth] Clean up worker. * src/smooth/ftgrays.c (gray_TWorker): Remove lightly used `last_ey'. (gray_start_cell, gray_render_line): Update.
Werner Lemberg dbd04269 2015-09-30T17:52:42 [autofit] Replace `no-base' with `non-base'. * src/autofit/*: Do it.
Werner Lemberg 2ff83a5c 2015-09-30T14:44:29 [sfnt] Rewrite `tt_cmap4_char_map_linear' (#46078). * src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Add code to better skip invalid segments. If searching the next character, provide a more efficient logic to speed up the code.
Werner Lemberg 8651f37a 2015-09-30T10:26:10 [truetype] Adjust number of glyphs for malformed `loca' tables. * src/truetype/ttpload.c (tt_face_load_loca): Implement it.
Werner Lemberg 52aad9df 2015-09-29T12:38:11 [raster] Minor style fix.
Werner Lemberg 483007fc 2015-09-29T11:22:15 [pshinter] Avoid harmless overflow (#45984). * src/pshinter/pshglob.c (psh_blues_set_zones): Fix it.
Werner Lemberg a3046567 2015-09-28T09:45:56 [autofit] Add support for Lao script. Thanks to Danh Hong <danhhong@gmail.com> for guidance with blue zone characters! * src/autofit/afblue.dat: Add blue zone data for Lao. * src/autofit/afblue.c, src/autofit/afblue.h: Regenerated. * src/autofit/afscript.h: Add Lao standard characters. * src/autofit/afranges.c: Add Lao data. * src/autofit/afstyles.h: Add Lao data.
suzuki toshiya fb5268cf 2015-09-28T02:01:43 [base] Fix a leak by broken sfnt-PS or resource fork (#46028). open_face_from_buffer() frees passed buffer if valid font is not found. But if copying to the buffer is failed, the allocated buffer should be freed within the caller. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free the buffer `sfnt_ps' if an error caused before calling open_face_from_buffer(). (Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if an error caused before calling open_face_from_buffer();
suzuki toshiya 8a05d250 2015-09-28T01:40:21 [mac] Fix buffer size calculation for LWFN font. * src/base/ftmac.c (read_lwfn): Cast post_size to FT_ULong to prevent confused copy by too large chunk size.
Alexei Podtelezhnikov d8a44ff9 2015-09-26T22:33:55 Remove unused macro.
Werner Lemberg 19188a9a 2015-09-26T16:57:17 [autofit] Minor tracing improvement. * src/autofit/aflatin.c (af_latin_metrics_scale_dim): Don't emit blue zones header line if there are no blue zones.
Werner Lemberg 41877539 2015-09-26T15:19:54 [bzip2, gzip, lzw] Harmonize function signatures with prototype. Suggested by Hin-Tak Leung. * src/bzip2/ftbzip2.c (ft_bzip2_stream_io), src/gzip/ftgzip.c (ft_gzip_stream_io), src/lzw/ftlzw.c (ft_lzw_stream_io): Do it.
Hin-Tak Leung 265ade8e 2015-09-26T14:51:30 Add new FT_LOAD_COMPUTE_METRICS load flag. * include/freetype/freetype.h (FT_LOAD_COMPUTE_METRICS): New macro. * src/truetype/ttgload.c (compute_glyph_metrics): Usage.
Werner Lemberg d57f2271 2015-09-26T08:44:26 * src/base/ftobjs.c (Mac_Read_sfnt_Resource): Add cast.
Werner Lemberg d7f456ee 2015-09-26T08:37:14 Formatting, minor comment corrections.
Werner Lemberg 2439c515 2015-09-25T16:54:28 [type1] Protect against invalid number of glyphs (#46029). * src/type1/t1load.c (parse_charstrings): Check number of `CharStrings' dictionary entries against size of data stream.
Werner Lemberg 5339c75e 2015-09-24T13:39:44 [sfnt] Better checks for invalid cmaps (2/2) (#46019). While the current code in `FT_Get_Next_Char' correctly rejects out-of-bounds glyph indices, it can be extremely slow for malformed cmaps that use 32bit values. This commit tries to improve that. * src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next, tt_cmap12_char_map_binary, tt_cmap13_next, tt_cmap13_char_map_binary): Reject glyph indices larger than or equal to the number of glyphs.
Werner Lemberg c409eb18 2015-09-24T12:39:38 [base, sfnt] Better checks for invalid cmaps (1/2). * src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds glyph indices. (FT_Get_First_Char): Updated. * src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character codes greater than 0xFFFF. (tt_cmap8_char_index): Avoid integer overflow in computation of glyph index. (tt_cmap8_char_next): Avoid integer overflows in computation of both next character code and glyph index. (tt_cmap10_char_index): Fix unsigned integer logic. (tt_cmap10_char_next): Avoid integer overflow in computation of next character code. (tt_cmap12_next): Avoid integer overflows in computation of both next character code and glyph index. (tt_cmap12_char_map_binary): Ditto. (tt_cmap12_char_next): Simplify. (tt_cmap13_char_map_binary): Avoid integer overflow in computation of next character code. (tt_cmap13_char_next): Simplify.
Werner Lemberg cbdf13e5 2015-09-24T12:14:38 Formatting, documentation improvements.
suzuki toshiya e982f5b7 2015-09-21T23:07:22 [base] Check too long POST and sfnt resource (#45919). * src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length of the resource fork for Mac OS. The resource fork larger than 16 MB can be written but could not be handled correctly, at least in Carbon routine. See https://support.microsoft.com/en-us/kb/130437 * src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x' for `%p' formatter. * src/base/ftbase.c (Mac_Read_POST_Resource): Check the fragment and total size of the concatenated POST resource before buffer allocation. (Mac_Read_sfnt_Resource): Check the declared size of sfnt resource before buffer allocation. * src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT): Check the total resource size before buffer allocation.
Werner Lemberg 730b6d74 2015-09-19T12:41:12 [sfnt] Improve handling of invalid SFNT table entries (#45987). This patch fixes weaknesses in function `tt_face_load_font_dir'. - It incorrectly assumed that valid tables are always at the beginning. As a consequence, some valid tables after invalid entries (which are ignored) were never seen. - Duplicate table entries (this is, having the same tag) were not rejected. - The number of valid tables was sometimes too large, leading to access of invalid tables. * src/sfnt/ttload.c (check_table_dir): Add argument to return number of valid tables. Add another tracing message. (tt_face_load_font_dir): Only allocate table array for valid entries as returned by `check_table_dir'. Reject duplicate tables and adjust number of valid tables accordingly.
Werner Lemberg cb7a5122 2015-09-19T07:58:03 [pcf] Improve `FT_ABS' fix from 2015-09-17 (#45999). * src/pcf/pcfread.c (pcf_load_font): Do first the cast to FT_Short, then take the absolute value. Also apply FT_ABS to `height'.
Werner Lemberg f28c95c4 2015-09-17T19:30:26 [type42] Fix memory leak (#45989). * src/type42/t42parse.c (t42_parse_charstrings): Allow only a single `CharStrings' array.
Werner Lemberg 4942c2bb 2015-09-17T17:56:53 [psaux] Fix memory leak (#45986). * src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_MM_BBOX>: Free `temp' in case of error.