55bbb98f5c
[truetype] Fix loading of named instances.
...
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Preserve file position
while loading the `avar' table.
8 years ago
ce367774d2
[sfnt, truetype] Minor adjustments for OpenType 1.8.2.
...
* src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now
(tighter) limits.
* src/truetype/ttgload.c (load_truetype_glyph): The new OpenType
version explicitly allows all negative values for the number of
contours if we have a composite glyph (this is for better backwards
compatibility I guess), but it still recommends value -1.
8 years ago
933f4cbe79
[cff] Integer overflow.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2738
* src/cff/cf2hints.c (cf2_glyphpath_computeOffset,
cf2_glyphpath_curveTo): Use ADD_INT32.
8 years ago
38bdf22bfe
[truetype] Improve code comment.
8 years ago
fe0a7d9df5
[base] Fix memory leak.
...
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=738362
* src/base/ftglyph.c (FT_Get_Glyph): Do proper deallocation in case
of error.
8 years ago
134de096e0
[base] Integer overflow.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2573
* src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use
FT_PIX_CEIL_LONG and FT_PIX_ROUND_LONG.
8 years ago
b5cab5c9ca
Document how to scale manually.
8 years ago
229a5535b5
CHANGES: Add information on global metrics rounding.
...
I missed to add this important information.
8 years ago
3d083fc213
* src/truetype/ttpload.c (tt_face_get_location): Off-by-one typo.
...
Also improve tracing message.
Problem reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=738919
8 years ago
39af82ebbf
Changelog: typo, chromium issue id is 2276 instead of 2278
...
Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>
8 years ago
9ea83c7889
[cff] Integer overflow.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2517
* src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32.
8 years ago
762de5e285
Tweak suggested use of `lsb_delta' and `rsb_delta'.
8 years ago
cf8d9b4ce3
* src/sfnt/ttcmap.c (tt_cmap_unicode_class_rec): Fix warning.
8 years ago
4261e497d8
* src/truetype/ttgxvar.c (FT_Stream_SeekSet): Fix warning ( #51395 ).
8 years ago
1c85479d2d
[truetype] Prevent address overflow ( #51365 ).
...
* src/truetype/ttgxvar.c (FT_Stream_SeekSet): Add guard.
8 years ago
c56d8851ea
* src/base/ftlcdfil.c (ft_lcd_filter_fir): Improve code.
8 years ago
ca799e9be5
[truetype] Integer overflow.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455
* src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG.
8 years ago
abeb28f161
* src/sfnt/sfobjs.c (sfnt_load_face): Ignore No_Unicode_Glyph_Name.
8 years ago
7819aeb622
Avoid Microsoft compiler warnings ( #51331 ).
...
While clang's sanitizer recommends a cast to unsigned for safe
negation (to handle -INT_MIN), both MSVC and Visualc emit warning
C4146 if an unsigned value gets negated.
* include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32),
src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a
subtraction.
8 years ago
2e7bb5e825
* src/cff/cffparse.c (do_fixed): Fix typo.
...
Spotted by chris <chris@gcjd.org>.
8 years ago
dde8f5abbe
[truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391
* src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use
NEG_LONG.
* src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG.
8 years ago
b27cef27ff
[truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364
* src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG.
8 years ago
298e2ea5a6
[cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328
* src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and
SUB_INT32.
* src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG.
8 years ago
75cb071b3f
[sfnt] Synthesize a Unicode charmap if one is missing.
...
* src/sfnt/ttcmap.h (tt_cmap_unicode_class_rec): Declare it.
* src/sfnt/ttcmap.c (tt_get_glyph_name, tt_cmap_unicode_init,
tt_cmap_unicode_done, tt_cmap_unicode_char_index,
tt_cmap_unicode_char_next, tt_cmap_unicode_class_rec): Implement
synthetic Unicode charmap class.
(tt_get_cmap_info): Make sure the callback is available.
* src/sfnt/sfobjs.c (sfnt_load_face)
[FT_CONFIG_OPTION_POSTSCRIPT_NAMES]: If Unicode charmap is missing,
synthesize one.
* include/freetype/config/ftoption.h: Document it.
* devel/ftoption.h: Ditto.
8 years ago
390048fa46
Remove deprecated comment.
8 years ago
c8829e4bc1
Fix pkg-config in freetype-config for cross-compiling ( #51274 ).
...
* builds/unix/unix-def.in (PKG_CONFIG): New variable.
(freetype-config): Use it in sed expression.
* builds/unix/freetype-config.in: s/pkg-config/%PKG_CONFIG%/.
8 years ago
8c763fb1be
[cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313
* src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32.
* src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
8 years ago
7b7278334c
[base, smooth] LCD filtering cleanups.
...
* src/base/ftlcdlil.c (ft_lcd_filter_fir, _ft_lcd_filter_legacy):
Clean up, start filtering from the bottom-left origin.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Updated.
8 years ago
4dc00cf5c0
[truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278
* src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use
ADD_LONG and SUB_LONG.
8 years ago
dbeb7bce7f
[bdf, cff] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2244
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2261
* src/bdf/bdfdrivr.c (BDF_Face_Init): Replace calls to FT_ABS with
direct code to avoid value negation.
* src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32 and
ADD_INT32.
8 years ago
79e3789f81
* src/winfonts/winfnt.c (FNT_Face_Init): Don't set active encoding.
...
FreeType only sets a default active encoding for Unicode.
8 years ago
5c402d97af
[cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218
* src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32.
* src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.
8 years ago
3ed3a96181
[cff] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210
* src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and
ADD_INT32.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use
ADD_INT32.
8 years ago
5f2a72cbc7
[truetype] Fix TT_Set_Var_Design.
...
Reported by Nikolaus Waxweiler <madigens@gmail.com>.
* src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the
case where we have less input coordinates than axes.
8 years ago
2c4fba9c91
* src/base/ftcalc.c (FT_DivFix): Fix embarrassing typo.
...
Bug introduced 2017-05-28.
8 years ago
9038837ee2
[cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186
* src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32.
* src/truetype/ttinterp.c (Round_None, Round_To_Grid,
Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid,
Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG,
SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG,
FT_PAD_ROUND_LONG
(Ins_SxVTL, Ins_MIRP): Use SUB_LONG.
(_iup_worker_shift): Use SUB_LONG and ADD_LONG.
8 years ago
96d26926d1
Provide more macros for flooring, ceiling, and rounding.
...
These versions don't produce run-time errors due to integer
overflow.
* include/freetype/internal/ftobjs.h: Include FT_INTERNAL_CALC_H.
(FT_PAD_ROUND_LONG, FT_PAD_CEIL_LONG, FT_PIX_ROUND_LONG,
FT_PIX_CEIL_LONG): New macros.
(FT_PAD_ROUND_INT32, FT_PAD_CEIL_INT32, FT_PIX_ROUND_INT32,
FT_PIX_CEIL_INT32): New macros.
8 years ago
faf34d29e2
Remove unused macros.
...
* include/freetype/internal/ftcalc.h (ADD_INT, SUB_INT, MUL_INT,
NEG_INT): Deleted.
8 years ago
dcd8de272f
*/*: Remove `OVERFLOW_' prefix.
...
This increases readability.
8 years ago
7bffeacd7e
[cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137
* src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32.
* src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use
OVERFLOW_SUB_LONG.
8 years ago
24848a3d58
[cff] Integer overflow.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
* src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else
branches.
8 years ago
8667042997
[cff] Integer overflow.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2089
* src/cff/cffload.c (cff_blend_doBlend): User OVERFLOW_ADD_INT32.
8 years ago
9fa8a2997f
[cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088
* src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32.
* src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG,
OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.
8 years ago
addb2dddb6
[base, cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068
* src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
* src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c
(cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32.
* src/truetype/ttgload.c (compute_glyph_metrics): User
OVERFLOW_SUB_LONG.
* src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig,
Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X,
Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
8 years ago
c9a9cf5915
* builds/unix/freetype-config.in: Fix pkg-config test ( #51162 ).
...
Patch directly taken from bug report.
8 years ago
2c2e6403b7
[bdf] Synchronize sanity checks with pcf driver.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2054
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2058
* src/bdf/bdfdrivr.c (BDF_Face_Init): Check font ascent and descent.
Check AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and
RESOLUTION_Y properties.
8 years ago
1ea343228d
[cff, truetype] Integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057
* src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32.
* src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG.
(Ins_SUB): Use OVERFLOW_SUB_LONG.
(Ins_NEG): Use NEG_LONG.
8 years ago
c5a225413f
ftcalc.h: Avoid left-shift of negative numbers.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055
* include/freetype/internal/ftcalc.h (INT_TO_F26DOT6,
INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
8 years ago
0716c6ab7a
[cff] Even more integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2046
* src/cff/cf2intrp.c (cf2_doStems, cf2_interpT2CharString): Use
OVERFLOW_ADD_INT32.
8 years ago
7a4276fb90
[cff] More integer overflows.
...
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
8 years ago
Behdad Esfahbod
Werner Lemberg
Hin-Tak Leung
Alexei Podtelezhnikov
Ben Wagner
Tony Theodore