6bda921da0
[ftfuzzer] Update README file.
9 years ago
bcf618b256
[ftfuzzer] Add support for multiple files (patch #8779 ).
...
Currently, libFuzzer only supports mutation of a single file. We
circumvent this problem by using an uncompressed tar archive as
multiple-file input for the fuzzer.
This patch enables tests of `FT_Attach_Stream' and AFM/PFM parsing;
a constructed tarball should contain a font file as the first
element, and files to be attached as further elements.
* src/tools/ftfuzzer/ftfuzzer.cc: Include libarchive headers.
(archive_read_entry_data, parse_data): New functions.
(LLVMFuzzerTestOneInput): Updated.
* src/tools/ftfuzzer/ftmutator.cc: New file, providing a custom
mutator for libFuzzer that can mutate tarballs in a sensible way.
9 years ago
40cb1dc3ac
Formatting.
9 years ago
57cbb8c148
[sfnt] Fix cmap 14 validation ( #46346 ).
...
* src/sfnt/ttcmap.c (tt_cmap14_validate): Check limit before
accessing `numRanges' and `numMappings'.
Fix size check for non-default UVS table.
9 years ago
009cc15035
[sfnt] Handle infinite recursion in bitmap strikes ( #46344 ).
...
* src/sfnt/ttsbit.c (TT_SBitDecoder_LoadFunc,
tt_sbit_decoder_load_bitmap, tt_sbit_decoder_load_byte_aligned,
tt_sbit_decoder_load_bit_aligned, tt_sbit_decoder_load_png): Add
argument for recursion depth.
(tt_sbit_decoder_load_compound): Add argument for recursion depth.
Increase recursion counter for recursive call.
(tt_sbit_decoder_load_image): Add argument for recursion depth.
Check recurse depth.
(tt_face_load_sbit_image): Updated.
9 years ago
4188deacf3
Comments.
9 years ago
02cfd71498
* src/autofit/afhints.c (af_glyph_hints_dump_points): Minor.
9 years ago
017db03ec5
* CMakeLists.txt: Remove code to set MSVC's /FD compiler switch.
...
Problem reported by David Capello <davidcapello@gmail.com>; see
http://lists.nongnu.org/archive/html/freetype-devel/2015-10/msg00108.html
for details.
9 years ago
fba29fabb3
[pfr] Add some safety guards ( #46302 ).
...
* src/pfr/pfrload.h (PFR_CHECK): Rename to...
(PFR_CHECK_SIZE): ... this.
(PFR_SIZE): [!PFR_CONFIG_NO_CHECKS]: Define to PFR_CHECK_SIZE.
* src/pfr/pfrload.c (pfr_log_font_count): Check `count'.
(pfr_extra_item_load_kerning_pairs): Remove tracing message.
(pfr_phy_font_load): Use PFR_CHECK_SIZE where appropriate.
Allocate `chars' after doing a size checks.
* src/pfr/pfrsbit.c (pfr_load_bitmap_bits): Move test for invalid
bitmap format to...
(pfr_slot_load_bitmap): ... this function.
Check bitmap size.
9 years ago
4a3fce93c2
[pfr] Formatting, improving comments.
9 years ago
6a19a7d332
[truetype] Fix sanitizing logic for `loca' ( #46223 ).
...
* src/truetype/ttpload.c (tt_face_load_loca): A thinko caused an
incorrect adjustment of the number of glyphs, most often using far
too large values.
9 years ago
7f00fa6462
[autofit] Improve tracing.
...
* src/autofit/afhints.c (af_print_idx, af_get_segment_index,
af_get_edge_index): New functions.
(af_glyph_hints_dump_points): Remove unnecessary `|', `[', and `]'.
Add segment and edge index for each point.
Slightly change printing order of some elements.
Don't print `-1' but `--' for missing elements.
(af_glyph_hints_dump_segments, af_glyph_hints_dump_edges): Remove
unnecessary `|', `[', and `]'.
Don't print `-1' but `--' for missing elements.
9 years ago
07f27e1e43
Thinkos and omissions.
9 years ago
6f09011fe6
[sfnt] Sanitize bitmap strike glyph height.
...
Problem reported by Nikolay Sivov <bunglehead@gmail.com>.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Avoid zero value
for `metrics->height' by applying some heuristics.
9 years ago
e93d326c8b
[sfnt, type42] Fix clang compiler warnings.
...
* src/sfnt/sfobjs.c (sfnt_init_face): Initialize `offset'.
* src/type42/t42parse.c (t42_parse_sfnts): Use proper cast.
9 years ago
f1c93439b9
[cff] Avoid overflow/module arithmetic.
...
This modifies the addition of subroutine number to subroutine bias
from unsigned to signed, but does not change any results.
* src/cff/cf2ft.c (cf2_initGlobalRegionBuffer,
cf2_initLocalRegionBuffer): Change variable names from (unsigned)
`idx' to (signed) `subrNum', since it is not an index until after
the bias is added.
* src/cff/cf2ft.h: Updated.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdCALLSUBR>:
Updated similarly.
9 years ago
59ae73fe16
[cid] Better check of `SubrCount' dictionary entry ( #46272 ).
...
* src/cid/cidload.c (cid_face_open): Add more sanity tests for
`fd_bytes', `gd_bytes', `sd_bytes', and `num_subrs'.
9 years ago
5dedbc048f
Improve documentation of `FT_Get_MM_Var' and `FT_MM_Var'.
9 years ago
e484d36b2b
[base] Pacify compiler ( #46266 ).
...
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Initialize `in' and
`anchor'.
9 years ago
87fefc594e
[type42] Fix heap buffer overflow ( #46269 ).
...
* src/type42/t42parse.c (t42_parse_sfnts): Fix off-by-one error in
bounds checking.
9 years ago
3cfd51233c
[cff] Fix limit in assert for max hints.
...
* src/cff/cf2interp.c (cf2_hintmask_setAll): Allow mask equal to the
limit (96 bits).
9 years ago
3066f5f53d
Revert erroneously applied commits.
9 years ago
748e368173
[cff] Remove an assert ( #46107 ).
...
* src/cff/cf2hints.c (cf2_hintmap_insertHint): Ignore paired edges
in wrong order.
9 years ago
e6593389cf
[sfnt] Avoid unnecessarily large allocation for WOFFs ( #46257 ).
...
* src/sfnt/sfobjs.c (woff_open_font): Use WOFF's `totalSfntSize'
only after thorough checks.
Add tracing messages.
9 years ago
649ca5562d
[type42] Better check invalid `sfnts' array data ( #46255 ).
...
* src/type42/t42parse.c (t42_parse_sfnts): Table lengths must be
checked individually against available data size.
9 years ago
3eccc3a3f8
[cid] Add a bunch of safety checks.
...
* src/cid/cidload.c (parse_fd_array): Check `num_dicts' against
stream size.
(cid_read_subrs): Check largest offset against stream size.
(cid_parse_dict): Move safety check to ...
(cid_face_open): ... this function.
Also test length of binary data and values of `SDBytes',
`SubrMapOffset', `SubrCount', `CIDMapOffset', and `CIDCount'.
9 years ago
d47d372c96
[cid] Avoid segfault with malformed input ( #46250 ).
...
* src/cid/cidload.c (cid_read_subrs): Return a proper error code for
unsorted offsets.
9 years ago
5cf83a5335
* CMakeLists.txt: Enable shared library builds on MinGW ( #46233 ).
9 years ago
3c582060b2
* src/type1/t1afm.c (T1_Read_Metrics): Fix memory leak ( #46229 ).
9 years ago
ba8a528b19
[cid] Better handle invalid glyph stream offsets ( #46221 ).
...
* src/cid/cidgload.c (cid_load_glyph): Check minimum size of glyph
length.
9 years ago
2961b66c70
Typo.
9 years ago
24cee3a8a3
[psaux] Fix tracing of negative numbers.
...
Due to incorrect casting negative numbers were shown as very large
(positive) integers on 64bit systems.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings) <op_none>:
Use division instead of shift.
9 years ago
5179c89f61
Comments.
9 years ago
14213b5409
[truetype] Improve TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES ( #46223 ).
...
* devel/ftoption.h, include/freetype/config/ftoption.h: Surround it
with #ifndef ... #endif, as suggested in the tracker issue.
9 years ago
dcfc4d9c21
[truetype] Better protection against malformed `fpgm' ( #46223 ).
...
* src/truetype/ttobjs.c (tt_size_init_bytecode): Don't execute a
malformed `fpgm' table more than once.
9 years ago
7643b5839b
* src/cid/cidgload.c (cid_load_glyph): Fix memory leak.
...
Reported by Kostya Serebryany <kcc@google.com>.
9 years ago
b185747dd6
[bdf] Prevent memory leak ( #46217 ).
...
* src/bdf/bdflib.c (_bdf_parse_glyphs) <STARTCHAR>: Check
_BDF_GLYPH_BITS.
9 years ago
797ca5acb5
Typo.
9 years ago
e1ca18d449
[bdf] Use stream size to adjust number of glyphs.
...
* src/bdf/bdflib.c (ACMSG17): New message macro.
(_bdf_parse_t): Add member `size'.
(bdf_load_font): Set `size'.
(_bdf_parse_glyphs): Adjust `cnt' if necessary.
9 years ago
0af21dcf13
* src/cid/cidload.c (cid_parse_dict): Check `[FG]DBytes' size.
9 years ago
38a3dd5566
Typo.
9 years ago
0ba98da472
* src/cid/cidgload.c (cid_glyph_load): Check file offsets ( #46222 ).
9 years ago
8edfcbed53
[psaux] Fix heap buffer overflow ( #46221 ).
...
* src/psaux/t1decode.c (t1_decoder_parse_charstring) <operator 12>:
Fix limit check.
9 years ago
a5ecfb4ce6
* src/cid/cidload.c (cid_parse_dict): Handle invalid input ( #46220 ).
9 years ago
266976b163
add src/tools/ftfuzzer/README
9 years ago
65d8980491
[bdf] Fix memory leak ( #46213 ).
...
* src/bdf/bdflib.c (bdf_load_font): Always go to label `Fail' in
case of error.
9 years ago
24a1fcdfce
[truetype] Add TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES ( #46208 ).
...
* devel/ftoption.h, include/freetype/config/ftoption.h
(TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES): New configuration macro.
* src/truetype/ttinterp.c (MAX_RUNNABLE_OPCODES): Removed.
(TT_RunIns): Updated.
9 years ago
911171ac49
Minor.
9 years ago
837ad9d411
* src/truetype/ttinterp.c (TT_RunIns): Fix bytecode stack tracing.
...
The used indices were off by 1.
9 years ago
8b76eaf092
* src/tools/ftfuzzer/ftfuzzer.cc: Handle fixed sizes ( #46211 ).
9 years ago
Werner Lemberg
Dave Arnold
StudioEtrange
Bungeman
Kostya Serebryany