This code is taken from the type1 module.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9510
* src/cid/cidload.c (parse_fd_array): Set some private dict default
values.
(cid_face_open): Do the sanitizing.
Fix some tracing messages.
* src/base/ftcalc.c (FT_Matrix_Check): New base function to properly
reject degenerate font matrices.
* include/freetype/internal/ftcalc.h: Updated.
* src/cff/cffparse.c (cff_parse_font_matrix), src/cid/cidload.c
(cid_parse_font_matrix), src/type1/t1load.c (t1_parse_font_matrix),
src/type42/t42parse.c (t42_parse_font_matrix): Use
`FT_Matrix_Check'.
This monster commit was created by applying Nikhil's scripts
`docconverter.py' and `markify.py' to all C header and source files,
followed up by minor manual clean-up.
No change in functionality, of course.
I used commit f7419907bc6044b9b7057f9789866426c804ba82 from
https://github.com/nikramakrishnan/freetype-docs.git.
* src/cff/cffload.c (FT_fdot14ToFixed): Fix casting.
(cff_blend_doBlend): Don't left-shift negative numbers.
Handle 5-byte numbers byte by byte to avoid alignment issues.
* src/cff/cffparse.c (cff_parse): Handle 5-byte numbers byte by byte
to avoid alignment issues.
* src/cid/cidload (cid_read_subrs): Do nothing if we don't have any
subrs.
* src/psaux/t1decode.c (t1_decode_parse_charstring): Fix tracing.
* src/tools/glnames.py (main): Put `DEFINE_PSTABLES' guard around
definition of `ft_get_adobe_glyph_index'.
* src/psnames/pstables.h: Regenerated.
* src/psnames/psmodule.c: Inlude `pstables.h' twice to get both
declaration and definition.
* src/truetype/ttgxvar.c (FT_fdot14ToFixed, FT_intToFixed): Fix
casting.
* src/cid/cidload.c (parse_fd_array): Check `num_dicts' against
stream size.
(cid_read_subrs): Check largest offset against stream size.
(cid_parse_dict): Move safety check to ...
(cid_face_open): ... this function.
Also test length of binary data and values of `SDBytes',
`SubrMapOffset', `SubrCount', `CIDMapOffset', and `CIDCount'.
* src/type1/t1load.c (t1_parse_font_matrix): Scale units per EM only
when necessary. Refresh comments.
* src/cid/cidload.c (cid_parse_font_matrix): Ditto.
* src/type42/t42parse.c (t42_parse_font_matrix): Refresh comments.
* src/type1/t1load.c (t1_parse_font_matrix): Properly handle result
of `T1_ToFixedArray'.
* src/cid/cidload.c (cid_parse_font_matrix): Synchronize with
`t1_parse_font_matrix'.
* src/type42/t42parse.c (t42_parse_font_matrix): Synchronize with
`t1_parse_font_matrix'.
(t42_parse_encoding): Synchronize with `t1_parse_encoding'.
* src/psaux/psobjs.c (ps_parser_load_field) <T1_FIELD_TYPE_BBOX>,
<T1_FIELD_TYPE_MMOX>: Properly handle result of `ps_tofixedarray'.
The call was (from the top-level of the FreeType tree):
cppcheck --force \
--enable=all \
-I /usr/include \
-I /usr/local/include \
-I /usr/lib/gcc/i586-suse-linux/4.7/include \
-I include \
-I include/freetype \
-I include/freetype/config \
-I include/freetype/internal \
-DFT2_BUILD_LIBRARY \
. &> cppcheck.log
using cppcheck git commit f7e93f99.
Note that cppcheck still can't handle `#include FOO' (with `FOO' a
macro).
*/* Improve variable scopes.
*/* Remove redundant initializations which get overwritten.
* src/gxvalid/*: Comment out redundant code or guard it with
FT_DEBUG_LEVEL_TRACE.
* src/base/ftcalc.c (FT_DivFix): Use unsigned values for
computations which use the left shift operator and convert to signed
as the last step.
* src/base/fttrigon.c (ft_trig_prenorm, FT_Vector_Rotate,
FT_Vector_Length, FT_Vector_Polarize): Ditto.
* src/cff/cffgload.c (cff_decoder_parse_charstrings): Simplify.
* src/cff/cffload.c (cff_subfont_load): Fix constant.
* src/cff/cffparse.c (cff_parse_integer, cff_parse_real, do_fixed,
cff_parse_fixed_dynamic): Use unsigned values for computations which
use the left shift operator and convert to signed as the last step.
* src/cid/cidload.c (cid_get_offset): Ditto.
* src/psaux/psconv.c (PS_Conv_ToFixed): Ditto.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Ditto.
* src/truetype/ttinterp.c (TT_MulFix14, TT_DotFix14): Ditto.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
* src/cid/cidload.c (cid_load_keyword) <default>,
(parse_font_matrix, parse_expansion_factor): Correctly check number
of dictionaries.
(cid_read_subrs): Protect against invalid values of `num_subrs'.
Assure that the elements of the `offsets' array are ascending.
Instead, we define a new internal PS_FontExtraRec structure to
hold the additionnal field, then place it in various internal
positions of the corresponding FT_Face derived objects.
add T1_TOKEN_TYPE_KEY. (struct T1_FieldRec_) add `dict'. Add macros
T1_FIELD_DICT_FONTDICT and T1_FIELD_DICT_PRIVATE. Change T1_NEW_XXX and
T1_FIELD_XXX macros to take the dictionary where the PS keywords is
expected as an additional argument.
* freetype2/src/cid/cidload.c: (T1_FieldRec): Adjust invocations
of T1_FIELD_XXX.
* freetype2/src/cid/cidtoken.h: Adjust invocations of T1_FIELD_XXX.
* freetype2/src/psaux/psobjs.c: Add macro FT_COMPONENT for tracing.
(ps_parser_to_token): Report a PostScript key as T1_TOKEN_TYPE_KEY
instead as T1_TOKEN_TYPE_ANY. (ps_parser_load_field): Make sure a token
that should be a string or name is a string or name indeed. Avoid
memory leak if a keyword has been already encountered and its value
is overwritten.
* freetype2/src/type1/t1load.c: (T1_FieldRec): Adjust invocations of
T1_FIELD_XXX. (parse_dict): Ignore keywords that occur in the wrong
dictionary (e.g., in Private instead of FontDict).
* freetype2/src/type1/t1tokens.h: Adjust invocations of T1_FIELD_XXX.
Blaskey).
* src/sfnt/ttcmap.h (TT_CMap): Add member `unsorted'.
* src/sfnt/ttcmac.c: Use SFNT_Err_Ok where appropriate.
(tt_cmap0_validate, tt_cmap2_validate, tt_cmap6_validate,
tt_cmap8_validate, tt_cmap10_validate, tt_cmap12_validate): Use
`FT_Error' as return type.
(tt_cmap4_validate): Use `FT_Error' as return type.
Return error code for unsorted cmap.
(tt_cmap4_char_index, tt_cmap4_char_next): Use old code for unsorted
cmaps.
(tt_face_build_cmaps): Set `unsorted' variable in cmap.
Minor formatting.
face->cid_stream so that we can deallocate it safely.
Make the PS parser more tolerant w.r.t. non-standard font data. In
general, an error is only reported in case of a syntax error; a
wrong type is now simply ignored (if possible). To be independent
of the order of various MM-specific keywords, the parse_shared_dict
routine has been removed -- the PS parser is now capable to skip
this data. It no longer fails on parsing e.g.
dup /WeightVector exch def
Since the token following /WeightVector isn't `[' (starting an
array) it is simply ignored.
* include/freetype/fterrdef.h: Define `FT_Err_Ignore' (0xA2) as a
new internal error value.
* src/type1/t1load.c (parse_blend_axis_types,
parse_blend_design_positions, parse_blend_design_map): Return
T1_Err_Ignore if no proper array is following the keyword.
(parse_weight_vector): Use T1_ToTokenArray, initializing `blend'
structure, if necessary.
Return T1_Err_Ignore if no proper array is following the keyword.
(parse_shared_dict): Removed.
(parse_encoding): Set parser->root.error to return T1_Err_Ignore
if no result can be obtained.
Check for errors before accessing `elements' array.
(t1_keywords): Remove /shareddict.
(parse_dict): Reset error if t1_load_keyword returns T1_Err_Ignore.
Set keyword_flag only in case of success.
Check error code if skipping an unrecognized token.
(T1_Open_Face) [!T1_CONFIG_OPTION_NO_MM_SUPPORT]: Call T1_Done_Blend
if blend commands haven't set up a proper MM font.
* src/psaux/psobjs.c (ps_parser_load_field_table): Remove special
code for synthetic fonts.
Return PSaux_Err_Ignore if no proper value has been found.
started with `StartData' in CID-keyed Type 1 fonts.
* include/freetype/internal/t1types.h (CID_FaceRec): Add new
members `binary_data' and `cid_stream'.
* src/cid/cidload.c (cid_read_subrs): Use `face->cid_stream'.
(cid_hex_to_binary): New auxiliary function.
(cid_face_open): Add new argument `face_index' to return quickly
if less than zero. Updated all callers.
Call `cid_hex_to_binary', then open and assign memory stream to
`face->cid_stream' if `parser->binary_length' is non-zero.
* src/cid/cidload.h: Updated.
* src/cid/cidobjs.c (cid_face_done): Free `binary_data' and
`cid_stream'.
* src/cid/cidparse.c (cid_parser_new): Check arguments to
`StartData' and set parser->binary_length accordingly.
* src/cid/cidparse.h (CID_Parser): New member `binary_length'.
* src/cid/cidgload.c (cid_load_glyph): Use `face->cid_stream'.
* docs/CHANGES: Updated.
include/freetype/config/ftstdlib.h (ft_atoi): Replaced with...
(ft_atol): This.
* src/base/ftdbgmem.c: s/atol/ft_atol/.
* src/type42/t42drivr.c: s/ft_atoi/ft_atol/.
correctly. This doesn't slow down the loading of PS fonts
significantly since charstrings aren't affected.
* include/freetype/config/ftstdlib.h (ft_xdigit): Renamed to...
(ft_isxdigit): This. Updated all callers.
(ft_isdigit): New alias to `isdigit'.
* include/freetype/internal/psaux.h (PS_Parser_FuncsRec): Renamed
`skip_alpha' to `skip_PS_token'.
Add parameter to `to_bytes' and change some argument types.
* src/psaux/psauxmod.c (ps_parser_funcs): Updated.
* src/psaux/psobjs.c (ft_char_table): New array to map character
codes (ASCII and EBCDIC) of digits to numbers.
(OP): New auxiliary macro holding either `>=' or `<' depending on
the character encoding.
(skip_comment): New function.
(skip_spaces): Use it.
(skip_alpha): Removed.
(skip_literal_string, skip_string): New functions.
(ps_parser_skip_PS_token): New function. This is a better
replacement of...
(ps_parser_skip_alpha): Removed.
(ps_parser_to_token, ps+parser_to_token_array): Updated.
(T1Radix): Rewritten, using `ft_char_table'.
(t1_toint): Renamed to...
(ps_toint): This. Update all callers.
Use `ft_char_table'.
(ps_tobytes): Add parameter to handle delimiters and change some
argument types.
Use `ft_char_table'.
(t1_tofixed): Renamed to...
(ps_tofixed): This. Update all callers.
Use `ft_char_table'.
(t1_tocoordarray): Renamed and updated to...
(ps_tocoordarray): This. Update all callers.
(t1_tofixedarray): Renamed and updated to...
(ps_tofixedarray): This. Update all callers.
(t1_tobool): Renamed to...
(ps_tobool): This. Update all callers.
(ps_parser_load_field): Updated.
(ps_parser_load_field_table): Use `T1_MAX_TABLE_ELEMENTS'
everywhere.
(ps_parser_to_int, ps_parser_to_fixed, ps_parser_to_coord_array,
ps_parser_to_fixed_array): Skip spaces. Updated.
(ps_parser_to_bytes): Add parameter to handle delimiters and change
some argument types. Updated.
* src/psaux/psobjs.h: Updated.
* src/cid/cidload.c (cid_parse_dict): Updated.
* src/cid/cidparse.c (cid_parser_new): Check whether the `StartData'
token was really found.
* src/cid/cidparse.h (cid_parser_skip_alpha): Updated and renamed
to...
(cid_parser_skip_PS_token): This.
* src/type1/t1parse.h (T1_ParserRec): Use `FT_Bool' for boolean
fields.
(T1_Skip_Alpha): Replaced with...
(T1_Skip_PS_Token): This new macro.
* src/type1/t1parse.c (hexa_value): Removed.
(T1_Get_Private_Dict): Use `ft_isxdigit' and
`psaux->ps_parser_funcs_to_bytes' for handling ASCII hexadecimal
encoding.
After decrypting, replace the four random bytes at the beginning
with whitespace.
* src/type1/t1load.c (t1_allocate_blend): Use proper error values.
(parser_blend_design_positions, parse_blend_design_map,
parse_weight_vector): Updated.
(is_space): Handle `\f' also.
(is_name_char): Removed.
(read_binary_data): Updated.
(parse_encoding): Use `ft_isdigit'.
Updated.
(parse_subrs): Updated.
(TABLE_EXTEND): New macro.
(parse_charstrings): Updated.
Provide a workaround for buggy fonts which have more entries in the
/CharStrings dictionary then expected; the function now adds some
slots and skips entries which still exceed the new limit.
(parse_dict): Updated.
Terminate on the token `closefile'.
* src/type42/t42parse.c (T1_Skip_Alpha): Replaced with...
(T1_Skip_PS_Token): This new macro. Updated all callers.
(t42_parse_encoding): Use `ft_isdigit'.
* src/base/ftmm.c (ft_face_get_mm_service): Return FT_Err_OK if
success.
(cid_read_subrs): Use t1_decrypt from psaux module.
* src/cid/cidload.h: Updated.
* src/cid/cidgload.c (cid_load_glyph): Use t1_decrypt from psaux
module.
T1_FIELD_TYPE_FIXED_1000 and T1_FIELD_TYPE_FIXED_1000_P.
(T1_FIELD_FIXED_1000, T1_FIELD_FIXED_1000_P): New macros.
* src/psaux/psobjs.c (ps_parser_load_field): Handle
T1_FIELD_TYPE_FIXED_1000 and T1_FIELD_TYPE_FIXED_1000_P.
* src/cff/cffparse.c (cff_kind_fixed_thousand): New enumeration.
(CFF_FIELD_FIXED_1000): New macro.
(cff_parser_run): Handle cff_kind_fixed_thousand.
* src/cff/cfftoken.h: Use CFF_FIELD_FIXED_1000 for blue_scale.
* src/cff/cffload (cff_subfont_load): Fix default values of
expansion_factor and blue_scale.
* src/cif/cidtoken.h, src/type1/t1tokens.h: Use T1_FIELD_FIXED_1000
for blue_scale.
* src/pshinter/pshglob.c (psh_globals_new): Fix default value of
blue_scale.
