ReFuel/freetype
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,221 Commits 2 Branches 117 Tags 37 MiB
f1458d2e44
Commit Graph

318 Commits

Author SHA1 Message Date
Werner Lemberg
2a1597826a [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7739

* src/truetype/ttinterp.c (Ins_CEILING): Use FT_PIX_CEIL_LONG.
 2018-04-17 12:25:17 +02:00
Werner Lemberg
70ac167c47 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7718

* src/truetype/ttinterp.c (Ins_MIRP): Use ADD_LONG.
 2018-04-16 10:39:10 +02:00
Werner Lemberg
235b1e2fe6 [truetype]: Limit `SLOOP' bytecode argument to 16 bits. 
This fixes

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7707

* src/truetype/ttinterp.c (Ins_SLOOP): Do it.
 2018-04-15 21:55:04 +02:00
Werner Lemberg
827ca3bcf2 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7652

* src/truetype/ttinterp.c (Ins_MDAP): Use SUB_LONG.
 2018-04-14 07:20:31 +02:00
Werner Lemberg
bd9400bd46 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7453

* src/truetype/ttinterp.c (Round_Super, Round_Super_45): Use
ADD_LONG and SUB_LONG.
 2018-04-09 21:28:37 +02:00
Werner Lemberg
efd13c5d1b * src/truetype/ttinterp.c (TT_RunIns): Fix tracing arguments. 2018-03-01 22:17:54 +01:00
Werner Lemberg
4a03f17449 [truetype] Integer overflow issues. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6027

* src/truetype/ttinterp.c (Ins_MSIRP, Ins_MIAP, Ins_MIRP): Use
SUB_LONG; avoid FT_ABS.
 2018-02-06 02:23:19 +01:00
Werner Lemberg
29c759284e * src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL reference. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
 2018-01-27 14:43:43 +01:00
Werner Lemberg
0a0c22569d Update copyright year. 2018-01-02 09:33:57 +01:00
Werner Lemberg
98ba0c4a37 New `ftdriver.h' file, covering all driver modules. 
This reduces redundancy and increases synergy; it also reduces the
number of header files.

* include/freetype/config/ftheader.h (FT_DRIVER_H): New macro.
(FT_AUTOHINTER_H, FT_CFF_DRIVER_H, FT_TRUETYPE_DRIVER_H,
FT_PCF_DRIVER_H, FT_TYPE1_DRIVER_H): Make them aliases to
FT_DRIVER_H.

* include/freetype/ftautoh.h, include/freetype/ftcffdrv.h,
include/freetype/ftpcfdrv.h, include/freetype/ftt1drv.h,
include/freetype/ftttdrv.h: Replaced with...
* include/freetype/ftdriver.h: ...this new file.
(FT_CFF_HINTING_ADOBE, FT_T1_HINTING_ADOBE): Renamed to...
(FT_HINTING_ADOBE): ... this new macro.
(FT_CFF_HINTING_FREETYPE, FT_T1_HINTING_FREETYPE): Renamed to...
(FT_HINTING_FREETYPE): ... this new macro.

* src/*/*: Updated accordingly.
 2017-12-08 18:41:49 +01:00
Werner Lemberg
71fecc539e Improve tracing messages by using singular and plural forms. 
* src/*/*.c: Implement it.
 2017-12-05 12:06:29 +01:00
Ben Wagner
c06b9cf56d [truetype] Really, really fix #52082. 
* src/truetype/ttinterp.c (Ins_MDRP): Correct conditional.
 2017-09-28 19:08:38 +02:00
Ben Wagner
63be40bccf [truetype] Really fix #52082. 
* src/truetype/ttinterp.c (Ins_MDRP): Correct conditional.
 2017-09-23 00:44:59 +02:00
Werner Lemberg
6d04bd991b [truetype] Integer overflow (#52082). 
* src/truetype/ttinterp.c (Ins_MDRP): Avoid FT_ABS.
 2017-09-21 21:22:51 +02:00
Werner Lemberg
eaa9adf325 [truetype] Integer overflows. 
Changes triggered by

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3429

* src/truetype/ttinterp.c (Ins_SHPIX, Ins_DELTAP): Use NEG_LONG.
(Ins_MIAP): Use SUB_LONG.
 2017-09-20 08:00:05 +02:00
Werner Lemberg
0aca17cf53 [truetype] Integer overflow. 
Changes triggered by

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3107

* src/truetype/ttinterp.c (Ins_MDRP, Ins_MIRP, Ins_ALIGNPTS): Use
NEG_LONG.
 2017-08-22 08:25:14 +02:00
Werner Lemberg
17196b7c74 [truetype] Integer overflow. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2868

* src/truetype/ttinterp.c (Ins_ALIGNRP): Use NEG_LONG.
 2017-08-05 18:58:34 +02:00
Nikolaus Waxweiler
7f44c2db24 [truetype] Do not set any ClearType flags in v40 monochrome mode. 
This fixes weird behavior of instructions that resulted in rendering
differences between v35 and v40 in monochrome mode, e.g., in
`timesbi.ttf'.

* src/truetype/ttinterp.c (Ins_GETINFO)
[TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Check
`subpixel_hinting_lean'.
 2017-08-03 06:15:30 +02:00
Werner Lemberg
ca799e9be5 [truetype] Integer overflow. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2455

* src/truetype/ttinterp.c (Ins_SCFS): Use SUB_LONG.
 2017-07-03 06:27:52 +02:00
Werner Lemberg
dde8f5abbe [truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2384
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2391

* src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix): Use
NEG_LONG.

* src/truetype/ttinterp.c (Ins_SxVTL): Use NEG_LONG.
 2017-06-27 06:16:04 +02:00
Werner Lemberg
b27cef27ff [truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2364

* src/truetype/ttinterp.c (Ins_ISECT): Use NEG_LONG.
 2017-06-24 20:17:46 +02:00
Werner Lemberg
298e2ea5a6 [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2323
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2328

* src/cff/cf2blues.c (cf2_blues_capture): Use ADD_INT32 and
SUB_INT32.

* src/truetype/ttinterp.c (Ins_SDPVTL): Use SUB_LONG and NEG_LONG.
 2017-06-22 11:52:43 +02:00
Werner Lemberg
8c763fb1be [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313

* src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32.

* src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
 2017-06-20 07:49:52 +02:00
Werner Lemberg
4dc00cf5c0 [truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278

* src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use
ADD_LONG and SUB_LONG.
 2017-06-16 13:33:09 +02:00
Werner Lemberg
5c402d97af [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218

* src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32.

* src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.
 2017-06-13 06:56:48 +02:00
Werner Lemberg
9038837ee2 [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186

* src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32.

* src/truetype/ttinterp.c (Round_None, Round_To_Grid,
Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid,
Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG,
SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG,
FT_PAD_ROUND_LONG
(Ins_SxVTL, Ins_MIRP): Use SUB_LONG.
(_iup_worker_shift): Use SUB_LONG and ADD_LONG.
 2017-06-09 20:42:46 +02:00
Werner Lemberg
dcd8de272f */*: Remove `OVERFLOW_' prefix. 
This increases readability.
 2017-06-09 11:21:58 +02:00
Werner Lemberg
7bffeacd7e [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137

* src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32.

* src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use
OVERFLOW_SUB_LONG.
 2017-06-07 17:08:01 +02:00
Werner Lemberg
9fa8a2997f [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088

* src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32.

* src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG,
OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.
 2017-06-04 20:43:08 +02:00
Werner Lemberg
addb2dddb6 [base, cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068

* src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.

* src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c
(cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32.

* src/truetype/ttgload.c (compute_glyph_metrics): User
OVERFLOW_SUB_LONG.

* src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig,
Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X,
Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
 2017-06-03 21:05:42 +02:00
Werner Lemberg
1ea343228d [cff, truetype] Integer overflows. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057

* src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32.

* src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG.
(Ins_SUB): Use OVERFLOW_SUB_LONG.
(Ins_NEG): Use NEG_LONG.
 2017-06-03 06:52:13 +02:00
Werner Lemberg
8d435c463d * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter again. 
Problem reported by Marek Kašík <mkasik@redhat.com>.

The problematic font that exceeds the old limit is Padauk-Bold,
version 3.002, containing bytecode generated by a buggy version of
ttfautohint.
 2017-06-01 07:09:44 +02:00
Nikolaus Waxweiler
a0455468fd [truetype] Always use interpreter v35 for B/W rendering (#51051). 
* src/truetype/ttgload.c (tt_loader_init)
[TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL]: Adjust
`subpixel_hinting_lean', `grayscale_cleartype', and
`vertical_lcd_lean' accordingly.

* src/truetype/ttinterp.c (Ins_GETINFO): Updated.
(TT_RunIns): Update `backward_compatibility' flag.
 2017-05-20 07:28:46 +02:00
Werner Lemberg
8cd31eb7b0 */*: s/backwards compatibility/backward compatibility/. 2017-05-03 23:54:29 +02:00
Werner Lemberg
5f18d867c0 [truetype] Do linear scaling for FT_LOAD_NO_HINTING (#50470). 
* src/truetype/ttobs.h (TT_SizeRec): Add field `hinted_metrics' to
hold hinted metrics.
Make `metrics' a pointer so that `tt_glyph_load' can easily switch
between metrics.

* src/truetype/ttdriver.c (tt_size_request): Updated.
(tt_glyph_load): Use top-level metrics if FT_LOAD_NO_HINTING is
used.

* src/truetype/ttgload.c (TT_Hint_Glyph, TT_Process_Simple_Glyph,
TT_Process_Composite_Component, load_truetype_glyph,
compute_glyph_metrics, TT_Load_Glyph): Updated.

* src/truetype/ttinterp.c (TT_Load_Context): Updated.

* src/truetype/ttobjs.c (tt_size_reset): Updated.

* src/truetype/ttsubpix.c (sph_set_tweaks): Updated.
 2017-04-26 11:40:28 +02:00
Werner Lemberg
093c182058 [truetype] Avoid reexecution of fpgm' and prep' in case of error. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=981

* include/freetype/fterrdef.h (FT_Err_DEF_In_Glyf_Bytecode): New
error code.

* src/truetype/ttinterp.c (Ins_FDEF, Ins_IDEF): Prohibit execution
of these two opcodes in `glyf' bytecode.
(TT_RunIns): Don't enforce reexecution of `fpgm' and `prep' bytecode
in case of error since function tables can no longer be modified
(due to the changes in `Ins_FDEF' and `Ins_IDEF').  This change can
enormously speed up handling of broken fonts.
 2017-04-03 11:37:33 +02:00
Werner Lemberg
3e79254ae7 * src/truetype/ttinterp.c (TT_RunIns): Adjust loop counter (#50573). 
The problematic font that exceeds the old limit is Lato-Regular,
version 2.007, containing bytecode generated by a buggy version of
ttfautohint.
 2017-03-18 10:06:15 +01:00
Werner Lemberg
13fa85a246 [truetype] Another limitation for bytecode loop count maximum. 
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=900

* src/truetype/ttinterp.c (TT_RunIns): Limit `loopcall_counter_max'
by number of glyphs also.
 2017-03-18 09:42:58 +01:00
Werner Lemberg
9931175dcc Improve `make multi'. 
* src/autofit/aflatin2.c: Guard file with FT_OPTION_AUTOFIT2.

* src/base/ftmac.c: Guard more parts of the file with FT_MACINTOSH.

* src/psaux/afmparse.c: Guard file with T1_CONFIG_OPTION_NO_AFM.

* src/sfnt/pngshim.c: Guard file with
TT_CONFIG_OPTION_EMBEDDED_BITMAPS also.

* src/sfnt/ttbdf.c: Avoid empty source file.
* src/sfnt/ttpost.c: Guard file with
TT_CONFIG_OPTION_POSTSCRIPT_NAMES.
* src/sfnt/ttsbit.c: Guard file with
TT_CONFIG_OPTION_EMBEDDED_BITMAPS.

* src/truetype/ttgxvar.c, src/truetype/ttinterp.c: Avoid empty
source file.

* src/truetype/ttsubpix.c: Guard file with
TT_USE_BYTECODE_INTERPRETER also.

* src/type1/t1afm.c: Guard file with T1_CONFIG_OPTION_NO_AFM.

* src/autofit/autofit.c, src/base/ftbase.c, src/cache/ftcache.c,
src/cff/cff.c, src/cid/type1cid.c, src/gxvalid/gxvalid.c,
src/pcf/pcf.c, src/pfr/pfr.c, src/psaux/psaux.c,
src/pshinter/pshinter.c, src/psnames/psnames.c, src/raster/raster.c,
src/sfnt/sfnt.c, src/smooth/smooth.c, src/truetype/truetype.c,
src/type1/type1.c, src/type42/type42.c: Remove conditionals; sort
entries.
 2017-03-18 07:06:49 +01:00
Werner Lemberg
43061d6a93 * src/truetype/ttinterp.c (TT_RunIns): Adjust loop detector limits. 2017-01-20 10:16:38 +01:00
Alexei Podtelezhnikov
236bbdbef9 Typos. 2017-01-18 23:12:31 -05:00
Werner Lemberg
563ae78022 Update copyright year. 2017-01-04 20:16:34 +01:00
Werner Lemberg
f80c4473b6 Replace ++foo' and --foo' with foo++' and foo--', resp. 2016-12-26 23:57:45 +01:00
Werner Lemberg
4441f7b246 Replace foo == NULL' and foo != NULL' with !foo' and foo', resp. 
Other minor formatting.
 2016-12-26 17:08:17 +01:00
Werner Lemberg
37c72f66a5 Minor formatting. 2016-12-25 22:55:25 +01:00
Werner Lemberg
328d68449d [truetype] Remove clang warnings. 
* src/truetype/ttinterp.h (TT_ExecContextRec): Using `FT_ULong' for
loop counter handling.

* src/truetype/ttinterp.c: Updated.
(Ins_SCANTYPE): Use signed constant.
(TT_RunIns): Ensure `num_twilight_points' is 16bit.
 2016-10-29 00:18:56 +02:00
Werner Lemberg
5081674c5f [truetype] Fix SCANTYPE instruction (#49394). 
* src/truetype/ttinterp.c (Ins_SCANTYPE): Only use lower 16bits.
 2016-10-22 19:16:08 +02:00
Werner Lemberg
2ecf89b481 */*: s/FT_MEM_ZERO/FT_ZERO/ where appropriate. 2016-09-28 19:06:21 +02:00
Werner Lemberg
a3e2c83234 [truetype] Trace number of executed opcodes. 
* src/truetype/ttinterp.c (TT_RunIns): Implement it.
 2016-09-27 21:42:02 +02:00
Werner Lemberg
0d94592942 [truetype] Introduce dynamic limits for some bytecode opcodes. 
This speeds up FreeType's handling of malformed fonts.

* src/truetype/ttinterp.c (TT_RunIns): Set up limits for the number
of twilight points, the total number of negative jumps, and the
total number of loops in LOOPCALL opcodes.  The values are based on
the number of points and entries in the CVT table.
(Ins_JMPR): Test negative jump counter.
(Ins_LOOPCALL): Test loopcall counter.

* src/truetype/ttinterp.h (TT_ExecContext): Updated.

* docs/CHANGES: Updated.
 2016-09-27 08:44:31 +02:00