From 22befeef82ff8ab7100c0e40f93f748597674b31 Mon Sep 17 00:00:00 2001 From: Alexei Podtelezhnikov Date: Thu, 7 Oct 2021 22:41:56 -0400 Subject: [PATCH] Signedness revisions. This eliminates explicit casting by switching to unsigned fields. The revisions mostly impact the handling of CID fonts. * include/freetype/fttypes.h (FT_Data): Change to unsigned `length`. * include/freetype/t1tables.h (CID_FaceDictRec): Ditto for `sd_bytes`. (CID_FaceInfoRec): Ditto for `gd_bytes` and `gd_bytes`. * include/freetype/internal/tttypes.h (TT_LoaderRec): Ditto for `byte_len`. * src/cid/cidgload.c (cid_load_glyph): Updated. * src/cid/cidload.h (cid_get_offset): Update argument. * src/cid/cidload.c (cid_get_offset, cid_read_subrs, cid_face_open): Updated. * src/cff/cffgload.c (cff_get_glyph_data, cff_free_glyph_data): Updated. * src/psaux/psft.c (cf2_getT1SeacComponent): Updated. * src/truetype/ttgload.c (TT_Process_Composite_Glyph, load_truetype_glyph): Updated. --- docs/CHANGES | 12 ++++++++++++ include/freetype/fttypes.h | 2 +- include/freetype/internal/tttypes.h | 2 +- include/freetype/t1tables.h | 6 +++--- src/cff/cffgload.c | 4 ++-- src/cid/cidgload.c | 14 +++++++------- src/cid/cidload.c | 21 ++++++++++----------- src/cid/cidload.h | 2 +- src/psaux/psft.c | 6 +++--- src/truetype/ttgload.c | 17 ++++++++--------- 10 files changed, 48 insertions(+), 38 deletions(-) diff --git a/docs/CHANGES b/docs/CHANGES index 7dab3e7d7..958845114 100644 --- a/docs/CHANGES +++ b/docs/CHANGES @@ -1,3 +1,15 @@ +CHANGES BETWEEN 2.11.0 and 2.11.1 + + I. IMPORTANT CHANGES + + - Some fields in the `CID_FaceDictRec`, `CID_FaceInfoRec`, and + `FT_Data` structures have been changed from signed to unsigned + type, which better reflects the actual usage. It is also an + additional means to protect against malformed input. + + +====================================================================== + CHANGES BETWEEN 2.10.4 and 2.11.0 I. IMPORTANT CHANGES diff --git a/include/freetype/fttypes.h b/include/freetype/fttypes.h index d5ca1c4f4..37f73538d 100644 --- a/include/freetype/fttypes.h +++ b/include/freetype/fttypes.h @@ -413,7 +413,7 @@ FT_BEGIN_HEADER typedef struct FT_Data_ { const FT_Byte* pointer; - FT_Int length; + FT_UInt length; } FT_Data; diff --git a/include/freetype/internal/tttypes.h b/include/freetype/internal/tttypes.h index d0e9eeb44..651131c8d 100644 --- a/include/freetype/internal/tttypes.h +++ b/include/freetype/internal/tttypes.h @@ -1734,7 +1734,7 @@ FT_BEGIN_HEADER FT_UInt glyph_index; FT_Stream stream; - FT_Int byte_len; + FT_UInt byte_len; FT_Short n_contours; FT_BBox bbox; diff --git a/include/freetype/t1tables.h b/include/freetype/t1tables.h index 546ec1c00..1f5bc1586 100644 --- a/include/freetype/t1tables.h +++ b/include/freetype/t1tables.h @@ -360,7 +360,7 @@ FT_BEGIN_HEADER FT_UInt num_subrs; FT_ULong subrmap_offset; - FT_Int sd_bytes; + FT_UInt sd_bytes; } CID_FaceDictRec; @@ -415,8 +415,8 @@ FT_BEGIN_HEADER FT_ULong xuid[16]; FT_ULong cidmap_offset; - FT_Int fd_bytes; - FT_Int gd_bytes; + FT_UInt fd_bytes; + FT_UInt gd_bytes; FT_ULong cid_count; FT_Int num_dicts; diff --git a/src/cff/cffgload.c b/src/cff/cffgload.c index 831b3ae1d..97e8f9c1c 100644 --- a/src/cff/cffgload.c +++ b/src/cff/cffgload.c @@ -59,7 +59,7 @@ *pointer = (FT_Byte*)data.pointer; - *length = (FT_ULong)data.length; + *length = data.length; return error; } @@ -94,7 +94,7 @@ data.pointer = *pointer; - data.length = (FT_Int)length; + data.length = (FT_UInt)length; face->root.internal->incremental_interface->funcs->free_glyph_data( face->root.internal->incremental_interface->object, &data ); diff --git a/src/cid/cidgload.c b/src/cid/cidgload.c index bd0a7e7fb..e3e6832f6 100644 --- a/src/cid/cidgload.c +++ b/src/cid/cidgload.c @@ -63,7 +63,7 @@ #endif - FT_TRACE1(( "cid_load_glyph: glyph index %d\n", glyph_index )); + FT_TRACE1(( "cid_load_glyph: glyph index %u\n", glyph_index )); #ifdef FT_CONFIG_OPTION_INCREMENTAL @@ -80,11 +80,11 @@ goto Exit; p = (FT_Byte*)glyph_data.pointer; - fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes ); + fd_select = cid_get_offset( &p, cid->fd_bytes ); if ( glyph_data.length != 0 ) { - glyph_length = (FT_ULong)( glyph_data.length - cid->fd_bytes ); + glyph_length = glyph_data.length - cid->fd_bytes; if ( !FT_QALLOC( charstring, glyph_length ) ) FT_MEM_COPY( charstring, glyph_data.pointer + cid->fd_bytes, @@ -104,7 +104,7 @@ /* For ordinary fonts read the CID font dictionary index */ /* and charstring offset from the CIDMap. */ { - FT_UInt entry_len = (FT_UInt)( cid->fd_bytes + cid->gd_bytes ); + FT_UInt entry_len = cid->fd_bytes + cid->gd_bytes; FT_ULong off1, off2; @@ -114,10 +114,10 @@ goto Exit; p = (FT_Byte*)stream->cursor; - fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes ); - off1 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes ); + fd_select = cid_get_offset( &p, cid->fd_bytes ); + off1 = cid_get_offset( &p, cid->gd_bytes ); p += cid->fd_bytes; - off2 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes ); + off2 = cid_get_offset( &p, cid->gd_bytes ); FT_FRAME_EXIT(); if ( fd_select >= (FT_ULong)cid->num_dicts || diff --git a/src/cid/cidload.c b/src/cid/cidload.c index 768509a38..ed5fb1ab5 100644 --- a/src/cid/cidload.c +++ b/src/cid/cidload.c @@ -41,7 +41,7 @@ /* read a single offset */ FT_LOCAL_DEF( FT_ULong ) cid_get_offset( FT_Byte* *start, - FT_Byte offsize ) + FT_UInt offsize ) { FT_ULong result; FT_Byte* p = *start; @@ -275,7 +275,7 @@ if ( (FT_ULong)num_dicts > stream->size / 100 ) { FT_TRACE0(( "parse_fd_array: adjusting FDArray size" - " (from %ld to %ld)\n", + " (from %ld to %lu)\n", num_dicts, stream->size / 100 )); num_dicts = (FT_Long)( stream->size / 100 ); @@ -560,12 +560,12 @@ /* read the subrmap's offsets */ if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset ) || - FT_FRAME_ENTER( ( num_subrs + 1 ) * (FT_UInt)dict->sd_bytes ) ) + FT_FRAME_ENTER( ( num_subrs + 1 ) * dict->sd_bytes ) ) goto Fail; p = (FT_Byte*)stream->cursor; for ( count = 0; count <= num_subrs; count++ ) - offsets[count] = cid_get_offset( &p, (FT_Byte)dict->sd_bytes ); + offsets[count] = cid_get_offset( &p, dict->sd_bytes ); FT_FRAME_EXIT(); @@ -805,7 +805,7 @@ face->root.stream->size - parser->data_offset ) { FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" )); - FT_TRACE0(( " (from %ld to %ld bytes)\n", + FT_TRACE0(( " (from %lu to %lu bytes)\n", parser->binary_length, face->root.stream->size - parser->data_offset )); parser->binary_length = face->root.stream->size - @@ -833,10 +833,10 @@ /* sanity tests */ - if ( cid->fd_bytes < 0 || cid->gd_bytes < 1 ) + if ( cid->gd_bytes == 0 ) { FT_ERROR(( "cid_face_open:" - " Invalid `FDBytes' or `GDBytes' value\n" )); + " Invalid `GDBytes' value\n" )); error = FT_THROW( Invalid_File_Format ); goto Exit; } @@ -853,7 +853,7 @@ } binary_length = face->cid_stream->size - cid->data_offset; - entry_len = (FT_ULong)( cid->fd_bytes + cid->gd_bytes ); + entry_len = cid->fd_bytes + cid->gd_bytes; for ( n = 0; n < cid->num_dicts; n++ ) { @@ -879,8 +879,7 @@ dict->private_dict.blue_fuzz = 1; } - if ( dict->sd_bytes < 0 || - ( dict->num_subrs && dict->sd_bytes < 1 ) ) + if ( dict->num_subrs && dict->sd_bytes == 0 ) { FT_ERROR(( "cid_face_open: Invalid `SDBytes' value\n" )); error = FT_THROW( Invalid_File_Format ); @@ -907,7 +906,7 @@ if ( (FT_Int)dict->num_subrs < 0 || ( dict->sd_bytes && dict->num_subrs > ( binary_length - dict->subrmap_offset ) / - (FT_UInt)dict->sd_bytes ) ) + dict->sd_bytes ) ) { FT_ERROR(( "cid_face_open: Invalid `SubrCount' value\n" )); error = FT_THROW( Invalid_File_Format ); diff --git a/src/cid/cidload.h b/src/cid/cidload.h index 456685c2a..ee1d48650 100644 --- a/src/cid/cidload.h +++ b/src/cid/cidload.h @@ -37,7 +37,7 @@ FT_BEGIN_HEADER FT_LOCAL( FT_ULong ) cid_get_offset( FT_Byte** start, - FT_Byte offsize ); + FT_UInt offsize ); FT_LOCAL( FT_Error ) cid_face_open( CID_Face face, diff --git a/src/psaux/psft.c b/src/psaux/psft.c index 41c16542c..ac72d8259 100644 --- a/src/psaux/psft.c +++ b/src/psaux/psft.c @@ -742,13 +742,13 @@ /* For ordinary fonts get the character data stored in the face record. */ { glyph_data.pointer = type1->charstrings[glyph_index]; - glyph_data.length = (FT_Int)type1->charstrings_len[glyph_index]; + glyph_data.length = type1->charstrings_len[glyph_index]; } if ( !error ) { FT_Byte* charstring_base = (FT_Byte*)glyph_data.pointer; - FT_ULong charstring_len = (FT_ULong)glyph_data.length; + FT_ULong charstring_len = glyph_data.length; FT_ASSERT( charstring_base + charstring_len >= charstring_base ); @@ -778,7 +778,7 @@ face = (T1_Face)decoder->builder.face; data.pointer = buf->start; - data.length = (FT_Int)( buf->end - buf->start ); + data.length = (FT_UInt)( buf->end - buf->start ); if ( face->root.internal->incremental_interface ) face->root.internal->incremental_interface->funcs->free_glyph_data( diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c index bb948e43a..9136c171b 100644 --- a/src/truetype/ttgload.c +++ b/src/truetype/ttgload.c @@ -1392,7 +1392,7 @@ FT_READ_USHORT( n_ins ) ) return error; - FT_TRACE5(( " Instructions size = %d\n", n_ins )); + FT_TRACE5(( " Instructions size = %hu\n", n_ins )); /* check it */ max_ins = loader->face->max_profile.maxSizeOfInstructions; @@ -1400,10 +1400,10 @@ { /* don't trust `maxSizeOfInstructions'; */ /* only do a rough safety check */ - if ( (FT_Int)n_ins > loader->byte_len ) + if ( n_ins > loader->byte_len ) { FT_TRACE1(( "TT_Process_Composite_Glyph:" - " too many instructions (%d) for glyph with length %d\n", + " too many instructions (%hu) for glyph with length %u\n", n_ins, loader->byte_len )); return FT_THROW( Too_Many_Hints ); } @@ -1686,7 +1686,7 @@ FT_ZERO( &inc_stream ); FT_Stream_OpenMemory( &inc_stream, glyph_data.pointer, - (FT_ULong)glyph_data.length ); + glyph_data.length ); loader->stream = &inc_stream; } @@ -1694,8 +1694,7 @@ #endif /* FT_CONFIG_OPTION_INCREMENTAL */ - offset = tt_face_get_location( face, glyph_index, - (FT_UInt*)&loader->byte_len ); + offset = tt_face_get_location( face, glyph_index, &loader->byte_len ); if ( loader->byte_len > 0 ) { @@ -1714,7 +1713,7 @@ error = face->access_glyph_frame( loader, glyph_index, face->glyf_offset + offset, - (FT_UInt)loader->byte_len ); + loader->byte_len ); if ( error ) goto Exit; @@ -1849,7 +1848,7 @@ /* (which consists of 10 bytes) */ error = face->access_glyph_frame( loader, glyph_index, face->glyf_offset + offset + 10, - (FT_UInt)loader->byte_len - 10 ); + loader->byte_len - 10 ); if ( error ) goto Exit; @@ -2105,7 +2104,7 @@ FT_UInt num_base_subgs = gloader->base.num_subglyphs; FT_Stream old_stream = loader->stream; - FT_Int old_byte_len = loader->byte_len; + FT_UInt old_byte_len = loader->byte_len; FT_GlyphLoader_Add( gloader );