aboutsummaryrefslogtreecommitdiff
path: root/freetype/src/base/ftobjs.c
diff options
context:
space:
mode:
Diffstat (limited to 'freetype/src/base/ftobjs.c')
-rw-r--r--freetype/src/base/ftobjs.c263
1 files changed, 151 insertions, 112 deletions
diff --git a/freetype/src/base/ftobjs.c b/freetype/src/base/ftobjs.c
index 4cbadfee6..7ffb0c9e5 100644
--- a/freetype/src/base/ftobjs.c
+++ b/freetype/src/base/ftobjs.c
@@ -408,7 +408,10 @@
FT_GlyphSlot slot = NULL;
- if ( !face || !face->driver )
+ if ( !face )
+ return FT_THROW( Invalid_Face_Handle );
+
+ if ( !face->driver )
return FT_THROW( Invalid_Argument );
driver = face->driver;
@@ -508,6 +511,7 @@
internal->transform_matrix.xy = 0;
internal->transform_matrix.yx = 0;
internal->transform_matrix.yy = 0x10000L;
+
matrix = &internal->transform_matrix;
}
else
@@ -523,6 +527,7 @@
{
internal->transform_delta.x = 0;
internal->transform_delta.y = 0;
+
delta = &internal->transform_delta;
}
else
@@ -1040,14 +1045,6 @@
( cur[0]->platform_id == TT_PLATFORM_APPLE_UNICODE &&
cur[0]->encoding_id == TT_APPLE_ID_UNICODE_32 ) )
{
-#ifdef FT_MAX_CHARMAP_CACHEABLE
- if ( cur - first > FT_MAX_CHARMAP_CACHEABLE )
- {
- FT_ERROR(( "find_unicode_charmap: UCS-4 cmap is found "
- "at too late position (%d)\n", cur - first ));
- continue;
- }
-#endif
face->charmap = cur[0];
return FT_Err_Ok;
}
@@ -1062,14 +1059,6 @@
{
if ( cur[0]->encoding == FT_ENCODING_UNICODE )
{
-#ifdef FT_MAX_CHARMAP_CACHEABLE
- if ( cur - first > FT_MAX_CHARMAP_CACHEABLE )
- {
- FT_ERROR(( "find_unicode_charmap: UCS-2 cmap is found "
- "at too late position (%d)\n", cur - first ));
- continue;
- }
-#endif
face->charmap = cur[0];
return FT_Err_Ok;
}
@@ -1111,17 +1100,7 @@
if ( cur[0]->platform_id == TT_PLATFORM_APPLE_UNICODE &&
cur[0]->encoding_id == TT_APPLE_ID_VARIANT_SELECTOR &&
FT_Get_CMap_Format( cur[0] ) == 14 )
- {
-#ifdef FT_MAX_CHARMAP_CACHEABLE
- if ( cur - first > FT_MAX_CHARMAP_CACHEABLE )
- {
- FT_ERROR(( "find_unicode_charmap: UVS cmap is found "
- "at too late position (%d)\n", cur - first ));
- continue;
- }
-#endif
return cur[0];
- }
}
return NULL;
@@ -1243,7 +1222,7 @@
FT_Open_Args args;
- /* test for valid `library' and `aface' delayed to FT_Open_Face() */
+ /* test for valid `library' and `aface' delayed to `FT_Open_Face' */
if ( !pathname )
return FT_THROW( Invalid_Argument );
@@ -1269,7 +1248,7 @@
FT_Open_Args args;
- /* test for valid `library' and `face' delayed to FT_Open_Face() */
+ /* test for valid `library' and `face' delayed to `FT_Open_Face' */
if ( !file_base )
return FT_THROW( Invalid_Argument );
@@ -1583,9 +1562,9 @@
FT_Memory memory = library->memory;
FT_Byte* pfb_data = NULL;
int i, type, flags;
- FT_Long len;
- FT_Long pfb_len, pfb_pos, pfb_lenpos;
- FT_Long rlen, temp;
+ FT_ULong len;
+ FT_ULong pfb_len, pfb_pos, pfb_lenpos;
+ FT_ULong rlen, temp;
if ( face_index == -1 )
@@ -1601,11 +1580,34 @@
error = FT_Stream_Seek( stream, offsets[i] );
if ( error )
goto Exit;
- if ( FT_READ_LONG( temp ) )
+ if ( FT_READ_ULONG( temp ) )
+ goto Exit;
+
+ /* FT2 allocator takes signed long buffer length,
+ * too large value causing overflow should be checked
+ */
+ FT_TRACE4(( " POST fragment #%d: length=0x%08x\n",
+ i, temp));
+ if ( 0x7FFFFFFFUL < temp || pfb_len + temp + 6 < pfb_len )
+ {
+ FT_TRACE2(( " too long fragment length makes"
+ " pfb_len confused: temp=0x%08x\n", temp ));
+ error = FT_THROW( Invalid_Offset );
goto Exit;
+ }
+
pfb_len += temp + 6;
}
+ FT_TRACE2(( " total buffer size to concatenate %d"
+ " POST fragments: 0x%08x\n",
+ resource_cnt, pfb_len + 2));
+ if ( pfb_len + 2 < 6 ) {
+ FT_TRACE2(( " too long fragment length makes"
+ " pfb_len confused: pfb_len=0x%08x\n", pfb_len ));
+ error = FT_THROW( Array_Too_Large );
+ goto Exit;
+ }
if ( FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 ) )
goto Exit;
@@ -1625,16 +1627,30 @@
error = FT_Stream_Seek( stream, offsets[i] );
if ( error )
goto Exit2;
- if ( FT_READ_LONG( rlen ) )
- goto Exit;
+ if ( FT_READ_ULONG( rlen ) )
+ goto Exit2;
+
+ /* FT2 allocator takes signed long buffer length,
+ * too large fragment length causing overflow should be checked
+ */
+ if ( 0x7FFFFFFFUL < rlen )
+ {
+ error = FT_THROW( Invalid_Offset );
+ goto Exit2;
+ }
+
if ( FT_READ_USHORT( flags ) )
- goto Exit;
+ goto Exit2;
FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n",
i, offsets[i], rlen, flags ));
+ error = FT_ERR( Array_Too_Large );
/* postpone the check of rlen longer than buffer until FT_Stream_Read() */
if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */
+ {
+ FT_TRACE3(( " Skip POST fragment #%d because it is a comment\n", i ));
continue;
+ }
/* the flags are part of the resource, so rlen >= 2. */
/* but some fonts declare rlen = 0 for empty fragment */
@@ -1647,6 +1663,8 @@
len += rlen;
else
{
+ FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer"
+ " 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos ));
if ( pfb_lenpos + 3 > pfb_len + 2 )
goto Exit2;
pfb_data[pfb_lenpos ] = (FT_Byte)( len );
@@ -1657,6 +1675,8 @@
if ( ( flags >> 8 ) == 5 ) /* End of font mark */
break;
+ FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer"
+ " 0x%p + 0x%08x\n", i, pfb_data, pfb_pos ));
if ( pfb_pos + 6 > pfb_len + 2 )
goto Exit2;
pfb_data[pfb_pos++] = 0x80;
@@ -1672,16 +1692,18 @@
pfb_data[pfb_pos++] = 0;
}
- error = FT_ERR( Cannot_Open_Resource );
if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len )
goto Exit2;
+ FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer"
+ " 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos ));
error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen );
if ( error )
goto Exit2;
pfb_pos += rlen;
}
+ error = FT_ERR( Array_Too_Large );
if ( pfb_pos + 2 > pfb_len + 2 )
goto Exit2;
pfb_data[pfb_pos++] = 0x80;
@@ -1702,6 +1724,13 @@
aface );
Exit2:
+ if ( error == FT_ERR( Array_Too_Large ) )
+ FT_TRACE2(( " Abort due to too-short buffer to store"
+ " all POST fragments\n" ));
+ else if ( error == FT_ERR( Invalid_Offset ) )
+ FT_TRACE2(( " Abort due to invalid offset in a POST fragment\n" ));
+ if ( error )
+ error = FT_ERR( Cannot_Open_Resource );
FT_FREE( pfb_data );
Exit:
@@ -1881,7 +1910,7 @@
rlen = ( header[0x57] << 24 ) |
( header[0x58] << 16 ) |
( header[0x59] << 8 ) |
- header[0x5a];
+ header[0x5A];
#endif /* 0 */
offset = 128 + ( ( dlen + 127 ) & ~127 );
@@ -2049,8 +2078,7 @@
FT_Module* limit;
- /* test for valid `library' delayed to */
- /* FT_Stream_New() */
+ /* test for valid `library' delayed to `FT_Stream_New' */
if ( ( !aface && face_index >= 0 ) || !args )
return FT_THROW( Invalid_Argument );
@@ -2297,7 +2325,7 @@
FT_Open_Args open;
- /* test for valid `face' delayed to FT_Attach_Stream() */
+ /* test for valid `face' delayed to `FT_Attach_Stream' */
if ( !filepathname )
return FT_THROW( Invalid_Argument );
@@ -2323,7 +2351,7 @@
FT_Driver_Class clazz;
- /* test for valid `parameters' delayed to FT_Stream_New() */
+ /* test for valid `parameters' delayed to `FT_Stream_New' */
if ( !face )
return FT_THROW( Invalid_Face_Handle );
@@ -2359,6 +2387,9 @@
FT_EXPORT_DEF( FT_Error )
FT_Reference_Face( FT_Face face )
{
+ if ( !face )
+ return FT_THROW( Invalid_Face_Handle );
+
face->internal->refcount++;
return FT_Err_Ok;
@@ -2425,7 +2456,7 @@
return FT_THROW( Invalid_Face_Handle );
if ( !asize )
- return FT_THROW( Invalid_Size_Handle );
+ return FT_THROW( Invalid_Argument );
if ( !face->driver )
return FT_THROW( Invalid_Driver_Handle );
@@ -2934,6 +2965,8 @@
FT_Size_RequestRec req;
+ /* check of `face' delayed to `FT_Request_Size' */
+
if ( !char_width )
char_width = char_height;
else if ( !char_height )
@@ -2972,6 +3005,8 @@
FT_Size_RequestRec req;
+ /* check of `face' delayed to `FT_Request_Size' */
+
if ( pixel_width == 0 )
pixel_width = pixel_height;
else if ( pixel_height == 0 )
@@ -3122,15 +3157,6 @@
{
if ( cur[0]->encoding == encoding )
{
-#ifdef FT_MAX_CHARMAP_CACHEABLE
- if ( cur - face->charmaps > FT_MAX_CHARMAP_CACHEABLE )
- {
- FT_ERROR(( "FT_Select_Charmap: requested charmap is found (%d), "
- "but in too late position to cache\n",
- cur - face->charmaps ));
- continue;
- }
-#endif
face->charmap = cur[0];
return 0;
}
@@ -3154,8 +3180,9 @@
return FT_THROW( Invalid_Face_Handle );
cur = face->charmaps;
- if ( !cur )
+ if ( !cur || !charmap )
return FT_THROW( Invalid_CharMap_Handle );
+
if ( FT_Get_CMap_Format( charmap ) == 14 )
return FT_THROW( Invalid_Argument );
@@ -3165,19 +3192,11 @@
{
if ( cur[0] == charmap )
{
-#ifdef FT_MAX_CHARMAP_CACHEABLE
- if ( cur - face->charmaps > FT_MAX_CHARMAP_CACHEABLE )
- {
- FT_ERROR(( "FT_Set_Charmap: requested charmap is found (%d), "
- "but in too late position to cache\n",
- cur - face->charmaps ));
- continue;
- }
-#endif
face->charmap = cur[0];
- return 0;
+ return FT_Err_Ok;
}
}
+
return FT_THROW( Invalid_Argument );
}
@@ -3199,15 +3218,6 @@
FT_ASSERT( i < charmap->face->num_charmaps );
-#ifdef FT_MAX_CHARMAP_CACHEABLE
- if ( i > FT_MAX_CHARMAP_CACHEABLE )
- {
- FT_ERROR(( "FT_Get_Charmap_Index: requested charmap is found (%d), "
- "but in too late position to cache\n",
- i ));
- return -i;
- }
-#endif
return i;
}
@@ -3418,8 +3428,9 @@
FT_UInt result = 0;
- if ( face && face->charmap &&
- face->charmap->encoding == FT_ENCODING_UNICODE )
+ if ( face &&
+ face->charmap &&
+ face->charmap->encoding == FT_ENCODING_UNICODE )
{
FT_CharMap charmap = find_variant_selector_charmap( face );
FT_CMap ucmap = FT_CMAP( face->charmap );
@@ -3597,7 +3608,9 @@
FT_UInt result = 0;
- if ( face && FT_HAS_GLYPH_NAMES( face ) )
+ if ( face &&
+ FT_HAS_GLYPH_NAMES( face ) &&
+ glyph_name )
{
FT_Service_GlyphDict service;
@@ -3622,27 +3635,30 @@
FT_Pointer buffer,
FT_UInt buffer_max )
{
- FT_Error error = FT_ERR( Invalid_Argument );
+ FT_Error error;
+ FT_Service_GlyphDict service;
- /* clean up buffer */
- if ( buffer && buffer_max > 0 )
- ((FT_Byte*)buffer)[0] = 0;
+ if ( !face )
+ return FT_THROW( Invalid_Face_Handle );
- if ( face &&
- (FT_Long)glyph_index <= face->num_glyphs &&
- FT_HAS_GLYPH_NAMES( face ) )
- {
- FT_Service_GlyphDict service;
+ if ( !buffer || buffer_max == 0 )
+ return FT_THROW( Invalid_Argument );
+ /* clean up buffer */
+ ((FT_Byte*)buffer)[0] = '\0';
- FT_FACE_LOOKUP_SERVICE( face,
- service,
- GLYPH_DICT );
+ if ( (FT_Long)glyph_index >= face->num_glyphs )
+ return FT_THROW( Invalid_Glyph_Index );
- if ( service && service->get_name )
- error = service->get_name( face, glyph_index, buffer, buffer_max );
- }
+ if ( !FT_HAS_GLYPH_NAMES( face ) )
+ return FT_THROW( Invalid_Argument );
+
+ FT_FACE_LOOKUP_SERVICE( face, service, GLYPH_DICT );
+ if ( service && service->get_name )
+ error = service->get_name( face, glyph_index, buffer, buffer_max );
+ else
+ error = FT_THROW( Invalid_Argument );
return error;
}
@@ -3683,7 +3699,7 @@
FT_Get_Sfnt_Table( FT_Face face,
FT_Sfnt_Tag tag )
{
- void* table = 0;
+ void* table = NULL;
FT_Service_SFNT_Table service;
@@ -3733,6 +3749,8 @@
FT_ULong offset;
+ /* test for valid `length' delayed to `service->table_info' */
+
if ( !face || !FT_IS_SFNT( face ) )
return FT_THROW( Invalid_Face_Handle );
@@ -3800,12 +3818,12 @@
FT_Face face;
- if ( size == NULL )
- return FT_THROW( Invalid_Argument );
+ if ( !size )
+ return FT_THROW( Invalid_Size_Handle );
face = size->face;
- if ( face == NULL || face->driver == NULL )
- return FT_THROW( Invalid_Argument );
+ if ( !face || !face->driver )
+ return FT_THROW( Invalid_Face_Handle );
/* we don't need anything more complex than that; all size objects */
/* are already listed by the face */
@@ -3984,7 +4002,7 @@
FT_Get_Renderer( FT_Library library,
FT_Glyph_Format format )
{
- /* test for valid `library' delayed to FT_Lookup_Renderer() */
+ /* test for valid `library' delayed to `FT_Lookup_Renderer' */
return FT_Lookup_Renderer( library, format, 0 );
}
@@ -4001,12 +4019,26 @@
FT_ListNode node;
FT_Error error = FT_Err_Ok;
+ FT_Renderer_SetModeFunc set_mode;
+
if ( !library )
- return FT_THROW( Invalid_Library_Handle );
+ {
+ error = FT_THROW( Invalid_Library_Handle );
+ goto Exit;
+ }
if ( !renderer )
- return FT_THROW( Invalid_Argument );
+ {
+ error = FT_THROW( Invalid_Argument );
+ goto Exit;
+ }
+
+ if ( num_params > 0 && !parameters )
+ {
+ error = FT_THROW( Invalid_Argument );
+ goto Exit;
+ }
node = FT_List_Find( &library->renderers, renderer );
if ( !node )
@@ -4020,18 +4052,14 @@
if ( renderer->glyph_format == FT_GLYPH_FORMAT_OUTLINE )
library->cur_renderer = renderer;
- if ( num_params > 0 )
- {
- FT_Renderer_SetModeFunc set_mode = renderer->clazz->set_mode;
-
+ set_mode = renderer->clazz->set_mode;
- for ( ; num_params > 0; num_params-- )
- {
- error = set_mode( renderer, parameters->tag, parameters->data );
- if ( error )
- break;
- parameters++;
- }
+ for ( ; num_params > 0; num_params-- )
+ {
+ error = set_mode( renderer, parameters->tag, parameters->data );
+ if ( error )
+ break;
+ parameters++;
}
Exit:
@@ -4090,7 +4118,11 @@
/* if we changed the current renderer for the glyph image format */
/* we need to select it as the next current one */
if ( !error && update && renderer )
- FT_Set_Renderer( library, renderer, 0, 0 );
+ {
+ error = FT_Set_Renderer( library, renderer, 0, 0 );
+ if ( error )
+ break;
+ }
}
}
@@ -4100,6 +4132,7 @@
#define FT_COMPONENT trace_bitmap
/* we convert to a single bitmap format for computing the checksum */
+ if ( !error )
{
FT_Bitmap bitmap;
FT_Error err;
@@ -4107,6 +4140,7 @@
FT_Bitmap_New( &bitmap );
+ /* this also converts the bitmap flow to `down' (i.e., pitch > 0) */
err = FT_Bitmap_Convert( library, &slot->bitmap, &bitmap, 1 );
if ( !err )
{
@@ -4348,7 +4382,7 @@
FT_Get_Module( FT_Library library,
const char* module_name )
{
- FT_Module result = 0;
+ FT_Module result = NULL;
FT_Module* cur;
FT_Module* limit;
@@ -4603,6 +4637,9 @@
FT_EXPORT_DEF( FT_Error )
FT_Reference_Library( FT_Library library )
{
+ if ( !library )
+ return FT_THROW( Invalid_Library_Handle );
+
library->refcount++;
return FT_Err_Ok;
@@ -4619,7 +4656,7 @@
FT_Error error;
- if ( !memory )
+ if ( !memory || !alibrary )
return FT_THROW( Invalid_Argument );
#ifdef FT_DEBUG_LEVEL_ERROR
@@ -4881,6 +4918,8 @@
*p_arg1 = subg->arg1;
*p_arg2 = subg->arg2;
*p_transform = subg->transform;
+
+ error = FT_Err_Ok;
}
return error;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 22:35:25 +0000