| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* builds/unix/unix-def.in (PKG_CONFIG): New variable.
(freetype-config): Use it in sed expression.
* builds/unix/freetype-config.in: s/pkg-config/%PKG_CONFIG%/.
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2300
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2313
* src/cff/cf2hints.c (cf2_hintmap_adjustHints): Use ADD_INT32.
* src/truetype/ttinterp.c (Ins_ABS): Avoid FT_ABS.
|
|
|
|
|
|
|
| |
* src/base/ftlcdlil.c (ft_lcd_filter_fir, _ft_lcd_filter_legacy):
Clean up, start filtering from the bottom-left origin.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Updated.
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2270
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2278
* src/truetype/ttinterp.c (Ins_MDRP, _iup_worker_interpolate): Use
ADD_LONG and SUB_LONG.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2244
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2261
* src/bdf/bdfdrivr.c (BDF_Face_Init): Replace calls to FT_ABS with
direct code to avoid value negation.
* src/cff/cf2blues.c (cf2_blues_capture): Use SUB_INT32 and
ADD_INT32.
|
|
|
|
| |
FreeType only sets a default active encoding for Unicode.
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2216
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2218
* src/cff/cf2fixed.h (cf2_fixedAbs): Use NEG_INT32.
* src/truetype/ttinterp.c (Ins_IP): Use SUB_LONG.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2200
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2210
* src/cff/cf2hints.c (cf2_hintmap_insertHint): Use SUB_INT32 and
ADD_INT32.
* src/cff/cf2intrp.c (cf2_interpT2CharString) <cf2_cmdVMOVETO>: Use
ADD_INT32.
|
|
|
|
|
|
|
| |
Reported by Nikolaus Waxweiler <madigens@gmail.com>.
* src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the
case where we have less input coordinates than axes.
|
|
|
|
| |
Bug introduced 2017-05-28.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2144
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2151
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2153
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2173
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2186
* src/cff/cf2blues.c (cf2_blues_init): Use SUB_INT32.
* src/truetype/ttinterp.c (Round_None, Round_To_Grid,
Round_To_Half_Grid, Round_Down_To_Grid, Round_Up_To_Grid,
Round_To_Double_Grid, Round_Super, Round_Super_45): Use ADD_LONG,
SUB_LONG, NEG_LONG, FT_PIX_ROUND_LONG, FT_PIX_CEIL_LONG,
FT_PAD_ROUND_LONG
(Ins_SxVTL, Ins_MIRP): Use SUB_LONG.
(_iup_worker_shift): Use SUB_LONG and ADD_LONG.
|
|
|
|
|
|
|
|
|
|
|
| |
These versions don't produce run-time errors due to integer
overflow.
* include/freetype/internal/ftobjs.h: Include FT_INTERNAL_CALC_H.
(FT_PAD_ROUND_LONG, FT_PAD_CEIL_LONG, FT_PIX_ROUND_LONG,
FT_PIX_CEIL_LONG): New macros.
(FT_PAD_ROUND_INT32, FT_PAD_CEIL_INT32, FT_PIX_ROUND_INT32,
FT_PIX_CEIL_INT32): New macros.
|
|
|
|
|
| |
* include/freetype/internal/ftcalc.h (ADD_INT, SUB_INT, MUL_INT,
NEG_INT): Deleted.
|
|
|
|
| |
This increases readability.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2133
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2137
* src/cff/cf2hints.c (cf2_hint_init): Use OVERFLOW_SUB_INT32.
* src/truetype/ttinterp.c (PROJECT, DUALPROJ): Use
OVERFLOW_SUB_LONG.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2109
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2110
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2122
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
* src/cff/cf2hints.c (cf2_hintmap_map): Synchronize if-else
branches.
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2089
* src/cff/cffload.c (cff_blend_doBlend): User OVERFLOW_ADD_INT32.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2075
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2088
* src/cff/cf2font.c (cf2_font_setup): Use OVERFLOW_MUL_INT32.
* src/truetype/ttinterp.c (Ins_ISECT): Use OVERFLOW_MUL_LONG,
OVERFLOW_ADD_LONG, and OVERFLOW_SUB_LONG.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2060
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2062
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2063
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2068
* src/base/ftobjs.c (ft_glyphslot_grid_fit_metrics): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
* src/cff/cf2blues.c (cf2_blues_capture), src/cff/cf2hints.c
(cf2_hintmap_adjustHints): Use OVERFLOW_SUB_INT32.
* src/truetype/ttgload.c (compute_glyph_metrics): User
OVERFLOW_SUB_LONG.
* src/truetype/ttinterp.c (Direct_Move, Direct_Move_Orig,
Direct_Move_X, Direct_Move_Y, Direct_Move_Orig_X,
Direct_Move_Orig_Y, Move_Zp2_Point, Ins_MSIRP): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG.
|
|
|
|
| |
Patch directly taken from bug report.
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2054
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2058
* src/bdf/bdfdrivr.c (BDF_Face_Init): Check font ascent and descent.
Check AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE, RESOLUTION_X, and
RESOLUTION_Y properties.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2047
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2057
* src/cff/cf2hints.c (cf2_hintmap_map): Use OVERFLOW_SUB_INT32.
* src/truetype/ttinterp.c (Ins_ADD): Use OVERFLOW_ADD_LONG.
(Ins_SUB): Use OVERFLOW_SUB_LONG.
(Ins_NEG): Use NEG_LONG.
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2055
* include/freetype/internal/ftcalc.h (INT_TO_F26DOT6,
INT_TO_F2DOT14, INT_TO_FIXED, F2DOT14_TO_FIXED): Use multiplication.
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2046
* src/cff/cf2intrp.c (cf2_doStems, cf2_interpT2CharString): Use
OVERFLOW_ADD_INT32.
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2032
* src/cff/cf2blues.c (cf2_blues_init): Use OVERFLOW_SUB_INT32.
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2031
* src/bdf/bdfdrivr.c (BDF_Face_Init): Use multiplication.
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2029
* src/bdf/bdflib.c (_bdf_atoul, _bdf_atol, _bdf_atous, _bdf_atos):
Stop scanning if result would overflow.
|
|
|
|
|
|
|
|
|
|
| |
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2027
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2028
* src/cff/cf2hints.c (cf2_hintmap_insertHint), src/cff/cf2intrp.c
(cf2_doFlex): Use OVERFLOW_ADD_INT32 and OVERFLOW_SUB_INT32.
|
|
|
|
|
|
|
| |
* src/smooth/ftgrays.c [STANDALONE] (OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG, NEG_LONG): New macros.
[!STANDALONE]: Include FT_INTERNAL_CALC_H.
(gray_render_cubic): Use those macros where appropriate.
|
| |
|
| |
|
|
|
|
|
| |
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Use
OVERFLOW_ADD_LONG and OVERFLOW_SUB_LONG where appropriate.
|
|
|
|
|
|
|
|
| |
Problem reported by Marek Kašík <mkasik@redhat.com>.
The problematic font that exceeds the old limit is Padauk-Bold,
version 3.002, containing bytecode generated by a buggy version of
ttfautohint.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit handles the new engine.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32,
OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG,
NEG_INT32): New macros.
* src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32.
* src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init,
cf2_hintmap_map, cf2_glyphpath_hintPoint,
cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset,
cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use
OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and
NEG_INT32 where appropriate.
* src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend,
cf2_interpT2CharString): Ditto.
Also add some other code where needed to avoid overflow.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit handles the old engine.
* src/cff/cffgload.c: Include FT_INTERNAL_CALC_H.
(cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and
OVERFLOW_SUB_LONG where needed.
* src/cff/cffparse.c: Include FT_INTERNAL_CALC_H.
(power_ten_limits): New static array.
(do_fixed): Use it to prevent multiplication overflow.
(cff_parser_run): Use OVERFLOW_ADD_LONG.
|
|
|
|
|
| |
* src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed): Return zero
if we encounter more than a single sign.
|
|
|
|
|
|
|
|
| |
* src/pcf/pcfread.c (pcf_get_accel): Add sanity checks for
`fontAscent' and `fontDescent'.
(pcf_load_font): Add sanity checks for global height.
Add sanity checks for AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE,
RESOLUTION_X, and RESOLUTION_Y properties.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit (mainly for 32bit CPUs) is the first of a series of
similar commits to handle known integer overflows. Basically, all
of them are harmless, since they affect rendering of glyphs only,
not posing security threats. It is expected that fuzzying will show
up more overflows, to be fixed in due course.
The idea is to mark places where overflows can occur, using macros
that simply cast to unsigned integers, because overflow arithmetic
is well defined in this case. Doing so suppresses run-time errors
of sanitizers without adding computational overhead.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT,
OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros.
* src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply,
FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled,
ft_corner_orientation): Use new macros.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros.
|
|
|
|
| |
This macro is not used.
|
|
|
|
|
|
|
|
|
|
| |
The new name better describes what the macro actually does;
additionally, we don't need a trailing `f' for literals (there was
only a single such instance in the code, but this caused a clang
warning because the macro itself uses `double' literals).
* src/cff/cf2blues.c, src/cff/cf2blues.h, src/cff/cf2fixed.h,
src/cff/cf2font.c, src/cff/cf2hints.c: Updated.
|
|
|
|
|
|
|
| |
* src/base/ftcalc.c (FT_MOVE_SIGN): Add argument to pass unsigned
value, to be used as the result.
(FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix, FT_MulFix,
FT_Vector_NormLen): Updated.
|
|
|
|
|
|
|
| |
* src/truetype/ttgxvar.c (tt_set_mm_blend): Compute all design
coordinates if we have to create the `blends->coord' array.
(TT_Get_MM_Blend, TT_Get_Var_Design): Select default instance
coordinates if no instance is selected yet.
|
|
|
|
|
|
|
|
|
| |
Problem reported by Marek Kašík <mkasik@redhat.com>, cf.
https://bugzilla.redhat.com/show_bug.cgi?id=1451795
* src/bdf/bdfdrivr.c (BDF_Face_Init), src/pcf/pcfdrivr.c
(PCF_Face_Init): Implement it.
|