From 7785694244cdfc5939ca4754cab4e08bd6980f99 Mon Sep 17 00:00:00 2001 From: marha Date: Sun, 22 Feb 2015 14:47:01 +0100 Subject: Upgraded to freetype 2.5.5 --- freetype/src/base/ftobjs.c | 263 ++++++++++++++++++++++++++------------------- 1 file changed, 151 insertions(+), 112 deletions(-) (limited to 'freetype/src/base/ftobjs.c') diff --git a/freetype/src/base/ftobjs.c b/freetype/src/base/ftobjs.c index 6f323362a..ee15a016c 100644 --- a/freetype/src/base/ftobjs.c +++ b/freetype/src/base/ftobjs.c @@ -408,7 +408,10 @@ FT_GlyphSlot slot = NULL; - if ( !face || !face->driver ) + if ( !face ) + return FT_THROW( Invalid_Face_Handle ); + + if ( !face->driver ) return FT_THROW( Invalid_Argument ); driver = face->driver; @@ -508,6 +511,7 @@ internal->transform_matrix.xy = 0; internal->transform_matrix.yx = 0; internal->transform_matrix.yy = 0x10000L; + matrix = &internal->transform_matrix; } else @@ -523,6 +527,7 @@ { internal->transform_delta.x = 0; internal->transform_delta.y = 0; + delta = &internal->transform_delta; } else @@ -1040,14 +1045,6 @@ ( cur[0]->platform_id == TT_PLATFORM_APPLE_UNICODE && cur[0]->encoding_id == TT_APPLE_ID_UNICODE_32 ) ) { -#ifdef FT_MAX_CHARMAP_CACHEABLE - if ( cur - first > FT_MAX_CHARMAP_CACHEABLE ) - { - FT_ERROR(( "find_unicode_charmap: UCS-4 cmap is found " - "at too late position (%d)\n", cur - first )); - continue; - } -#endif face->charmap = cur[0]; return FT_Err_Ok; } @@ -1062,14 +1059,6 @@ { if ( cur[0]->encoding == FT_ENCODING_UNICODE ) { -#ifdef FT_MAX_CHARMAP_CACHEABLE - if ( cur - first > FT_MAX_CHARMAP_CACHEABLE ) - { - FT_ERROR(( "find_unicode_charmap: UCS-2 cmap is found " - "at too late position (%d)\n", cur - first )); - continue; - } -#endif face->charmap = cur[0]; return FT_Err_Ok; } @@ -1111,17 +1100,7 @@ if ( cur[0]->platform_id == TT_PLATFORM_APPLE_UNICODE && cur[0]->encoding_id == TT_APPLE_ID_VARIANT_SELECTOR && FT_Get_CMap_Format( cur[0] ) == 14 ) - { -#ifdef FT_MAX_CHARMAP_CACHEABLE - if ( cur - first > FT_MAX_CHARMAP_CACHEABLE ) - { - FT_ERROR(( "find_unicode_charmap: UVS cmap is found " - "at too late position (%d)\n", cur - first )); - continue; - } -#endif return cur[0]; - } } return NULL; @@ -1243,7 +1222,7 @@ FT_Open_Args args; - /* test for valid `library' and `aface' delayed to FT_Open_Face() */ + /* test for valid `library' and `aface' delayed to `FT_Open_Face' */ if ( !pathname ) return FT_THROW( Invalid_Argument ); @@ -1269,7 +1248,7 @@ FT_Open_Args args; - /* test for valid `library' and `face' delayed to FT_Open_Face() */ + /* test for valid `library' and `face' delayed to `FT_Open_Face' */ if ( !file_base ) return FT_THROW( Invalid_Argument ); @@ -1583,9 +1562,9 @@ FT_Memory memory = library->memory; FT_Byte* pfb_data = NULL; int i, type, flags; - FT_Long len; - FT_Long pfb_len, pfb_pos, pfb_lenpos; - FT_Long rlen, temp; + FT_ULong len; + FT_ULong pfb_len, pfb_pos, pfb_lenpos; + FT_ULong rlen, temp; if ( face_index == -1 ) @@ -1601,11 +1580,34 @@ error = FT_Stream_Seek( stream, offsets[i] ); if ( error ) goto Exit; - if ( FT_READ_LONG( temp ) ) + if ( FT_READ_ULONG( temp ) ) + goto Exit; + + /* FT2 allocator takes signed long buffer length, + * too large value causing overflow should be checked + */ + FT_TRACE4(( " POST fragment #%d: length=0x%08x\n", + i, temp)); + if ( 0x7FFFFFFFUL < temp || pfb_len + temp + 6 < pfb_len ) + { + FT_TRACE2(( " too long fragment length makes" + " pfb_len confused: temp=0x%08x\n", temp )); + error = FT_THROW( Invalid_Offset ); goto Exit; + } + pfb_len += temp + 6; } + FT_TRACE2(( " total buffer size to concatenate %d" + " POST fragments: 0x%08x\n", + resource_cnt, pfb_len + 2)); + if ( pfb_len + 2 < 6 ) { + FT_TRACE2(( " too long fragment length makes" + " pfb_len confused: pfb_len=0x%08x\n", pfb_len )); + error = FT_THROW( Array_Too_Large ); + goto Exit; + } if ( FT_ALLOC( pfb_data, (FT_Long)pfb_len + 2 ) ) goto Exit; @@ -1625,16 +1627,30 @@ error = FT_Stream_Seek( stream, offsets[i] ); if ( error ) goto Exit2; - if ( FT_READ_LONG( rlen ) ) - goto Exit; + if ( FT_READ_ULONG( rlen ) ) + goto Exit2; + + /* FT2 allocator takes signed long buffer length, + * too large fragment length causing overflow should be checked + */ + if ( 0x7FFFFFFFUL < rlen ) + { + error = FT_THROW( Invalid_Offset ); + goto Exit2; + } + if ( FT_READ_USHORT( flags ) ) - goto Exit; + goto Exit2; FT_TRACE3(( "POST fragment[%d]: offsets=0x%08x, rlen=0x%08x, flags=0x%04x\n", i, offsets[i], rlen, flags )); + error = FT_ERR( Array_Too_Large ); /* postpone the check of rlen longer than buffer until FT_Stream_Read() */ if ( ( flags >> 8 ) == 0 ) /* Comment, should not be loaded */ + { + FT_TRACE3(( " Skip POST fragment #%d because it is a comment\n", i )); continue; + } /* the flags are part of the resource, so rlen >= 2. */ /* but some fonts declare rlen = 0 for empty fragment */ @@ -1647,6 +1663,8 @@ len += rlen; else { + FT_TRACE3(( " Write POST fragment #%d header (4-byte) to buffer" + " 0x%p + 0x%08x\n", i, pfb_data, pfb_lenpos )); if ( pfb_lenpos + 3 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_lenpos ] = (FT_Byte)( len ); @@ -1657,6 +1675,8 @@ if ( ( flags >> 8 ) == 5 ) /* End of font mark */ break; + FT_TRACE3(( " Write POST fragment #%d header (6-byte) to buffer" + " 0x%p + 0x%08x\n", i, pfb_data, pfb_pos )); if ( pfb_pos + 6 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_pos++] = 0x80; @@ -1672,16 +1692,18 @@ pfb_data[pfb_pos++] = 0; } - error = FT_ERR( Cannot_Open_Resource ); if ( pfb_pos > pfb_len || pfb_pos + rlen > pfb_len ) goto Exit2; + FT_TRACE3(( " Load POST fragment #%d (%d byte) to buffer" + " 0x%p + 0x%08x\n", i, rlen, pfb_data, pfb_pos )); error = FT_Stream_Read( stream, (FT_Byte *)pfb_data + pfb_pos, rlen ); if ( error ) goto Exit2; pfb_pos += rlen; } + error = FT_ERR( Array_Too_Large ); if ( pfb_pos + 2 > pfb_len + 2 ) goto Exit2; pfb_data[pfb_pos++] = 0x80; @@ -1702,6 +1724,13 @@ aface ); Exit2: + if ( error == FT_ERR( Array_Too_Large ) ) + FT_TRACE2(( " Abort due to too-short buffer to store" + " all POST fragments\n" )); + else if ( error == FT_ERR( Invalid_Offset ) ) + FT_TRACE2(( " Abort due to invalid offset in a POST fragment\n" )); + if ( error ) + error = FT_ERR( Cannot_Open_Resource ); FT_FREE( pfb_data ); Exit: @@ -1881,7 +1910,7 @@ rlen = ( header[0x57] << 24 ) | ( header[0x58] << 16 ) | ( header[0x59] << 8 ) | - header[0x5a]; + header[0x5A]; #endif /* 0 */ offset = 128 + ( ( dlen + 127 ) & ~127 ); @@ -2049,8 +2078,7 @@ FT_Module* limit; - /* test for valid `library' delayed to */ - /* FT_Stream_New() */ + /* test for valid `library' delayed to `FT_Stream_New' */ if ( ( !aface && face_index >= 0 ) || !args ) return FT_THROW( Invalid_Argument ); @@ -2297,7 +2325,7 @@ FT_Open_Args open; - /* test for valid `face' delayed to FT_Attach_Stream() */ + /* test for valid `face' delayed to `FT_Attach_Stream' */ if ( !filepathname ) return FT_THROW( Invalid_Argument ); @@ -2323,7 +2351,7 @@ FT_Driver_Class clazz; - /* test for valid `parameters' delayed to FT_Stream_New() */ + /* test for valid `parameters' delayed to `FT_Stream_New' */ if ( !face ) return FT_THROW( Invalid_Face_Handle ); @@ -2359,6 +2387,9 @@ FT_EXPORT_DEF( FT_Error ) FT_Reference_Face( FT_Face face ) { + if ( !face ) + return FT_THROW( Invalid_Face_Handle ); + face->internal->refcount++; return FT_Err_Ok; @@ -2425,7 +2456,7 @@ return FT_THROW( Invalid_Face_Handle ); if ( !asize ) - return FT_THROW( Invalid_Size_Handle ); + return FT_THROW( Invalid_Argument ); if ( !face->driver ) return FT_THROW( Invalid_Driver_Handle ); @@ -2934,6 +2965,8 @@ FT_Size_RequestRec req; + /* check of `face' delayed to `FT_Request_Size' */ + if ( !char_width ) char_width = char_height; else if ( !char_height ) @@ -2972,6 +3005,8 @@ FT_Size_RequestRec req; + /* check of `face' delayed to `FT_Request_Size' */ + if ( pixel_width == 0 ) pixel_width = pixel_height; else if ( pixel_height == 0 ) @@ -3122,15 +3157,6 @@ { if ( cur[0]->encoding == encoding ) { -#ifdef FT_MAX_CHARMAP_CACHEABLE - if ( cur - face->charmaps > FT_MAX_CHARMAP_CACHEABLE ) - { - FT_ERROR(( "FT_Select_Charmap: requested charmap is found (%d), " - "but in too late position to cache\n", - cur - face->charmaps )); - continue; - } -#endif face->charmap = cur[0]; return 0; } @@ -3154,8 +3180,9 @@ return FT_THROW( Invalid_Face_Handle ); cur = face->charmaps; - if ( !cur ) + if ( !cur || !charmap ) return FT_THROW( Invalid_CharMap_Handle ); + if ( FT_Get_CMap_Format( charmap ) == 14 ) return FT_THROW( Invalid_Argument ); @@ -3165,19 +3192,11 @@ { if ( cur[0] == charmap ) { -#ifdef FT_MAX_CHARMAP_CACHEABLE - if ( cur - face->charmaps > FT_MAX_CHARMAP_CACHEABLE ) - { - FT_ERROR(( "FT_Set_Charmap: requested charmap is found (%d), " - "but in too late position to cache\n", - cur - face->charmaps )); - continue; - } -#endif face->charmap = cur[0]; - return 0; + return FT_Err_Ok; } } + return FT_THROW( Invalid_Argument ); } @@ -3199,15 +3218,6 @@ FT_ASSERT( i < charmap->face->num_charmaps ); -#ifdef FT_MAX_CHARMAP_CACHEABLE - if ( i > FT_MAX_CHARMAP_CACHEABLE ) - { - FT_ERROR(( "FT_Get_Charmap_Index: requested charmap is found (%d), " - "but in too late position to cache\n", - i )); - return -i; - } -#endif return i; } @@ -3418,8 +3428,9 @@ FT_UInt result = 0; - if ( face && face->charmap && - face->charmap->encoding == FT_ENCODING_UNICODE ) + if ( face && + face->charmap && + face->charmap->encoding == FT_ENCODING_UNICODE ) { FT_CharMap charmap = find_variant_selector_charmap( face ); FT_CMap ucmap = FT_CMAP( face->charmap ); @@ -3597,7 +3608,9 @@ FT_UInt result = 0; - if ( face && FT_HAS_GLYPH_NAMES( face ) ) + if ( face && + FT_HAS_GLYPH_NAMES( face ) && + glyph_name ) { FT_Service_GlyphDict service; @@ -3622,27 +3635,30 @@ FT_Pointer buffer, FT_UInt buffer_max ) { - FT_Error error = FT_ERR( Invalid_Argument ); + FT_Error error; + FT_Service_GlyphDict service; - /* clean up buffer */ - if ( buffer && buffer_max > 0 ) - ((FT_Byte*)buffer)[0] = 0; + if ( !face ) + return FT_THROW( Invalid_Face_Handle ); - if ( face && - (FT_Long)glyph_index <= face->num_glyphs && - FT_HAS_GLYPH_NAMES( face ) ) - { - FT_Service_GlyphDict service; + if ( !buffer || buffer_max == 0 ) + return FT_THROW( Invalid_Argument ); + /* clean up buffer */ + ((FT_Byte*)buffer)[0] = '\0'; - FT_FACE_LOOKUP_SERVICE( face, - service, - GLYPH_DICT ); + if ( (FT_Long)glyph_index >= face->num_glyphs ) + return FT_THROW( Invalid_Glyph_Index ); - if ( service && service->get_name ) - error = service->get_name( face, glyph_index, buffer, buffer_max ); - } + if ( !FT_HAS_GLYPH_NAMES( face ) ) + return FT_THROW( Invalid_Argument ); + + FT_FACE_LOOKUP_SERVICE( face, service, GLYPH_DICT ); + if ( service && service->get_name ) + error = service->get_name( face, glyph_index, buffer, buffer_max ); + else + error = FT_THROW( Invalid_Argument ); return error; } @@ -3683,7 +3699,7 @@ FT_Get_Sfnt_Table( FT_Face face, FT_Sfnt_Tag tag ) { - void* table = 0; + void* table = NULL; FT_Service_SFNT_Table service; @@ -3733,6 +3749,8 @@ FT_ULong offset; + /* test for valid `length' delayed to `service->table_info' */ + if ( !face || !FT_IS_SFNT( face ) ) return FT_THROW( Invalid_Face_Handle ); @@ -3800,12 +3818,12 @@ FT_Face face; - if ( size == NULL ) - return FT_THROW( Invalid_Argument ); + if ( !size ) + return FT_THROW( Invalid_Size_Handle ); face = size->face; - if ( face == NULL || face->driver == NULL ) - return FT_THROW( Invalid_Argument ); + if ( !face || !face->driver ) + return FT_THROW( Invalid_Face_Handle ); /* we don't need anything more complex than that; all size objects */ /* are already listed by the face */ @@ -3984,7 +4002,7 @@ FT_Get_Renderer( FT_Library library, FT_Glyph_Format format ) { - /* test for valid `library' delayed to FT_Lookup_Renderer() */ + /* test for valid `library' delayed to `FT_Lookup_Renderer' */ return FT_Lookup_Renderer( library, format, 0 ); } @@ -4001,12 +4019,26 @@ FT_ListNode node; FT_Error error = FT_Err_Ok; + FT_Renderer_SetModeFunc set_mode; + if ( !library ) - return FT_THROW( Invalid_Library_Handle ); + { + error = FT_THROW( Invalid_Library_Handle ); + goto Exit; + } if ( !renderer ) - return FT_THROW( Invalid_Argument ); + { + error = FT_THROW( Invalid_Argument ); + goto Exit; + } + + if ( num_params > 0 && !parameters ) + { + error = FT_THROW( Invalid_Argument ); + goto Exit; + } node = FT_List_Find( &library->renderers, renderer ); if ( !node ) @@ -4020,18 +4052,14 @@ if ( renderer->glyph_format == FT_GLYPH_FORMAT_OUTLINE ) library->cur_renderer = renderer; - if ( num_params > 0 ) - { - FT_Renderer_SetModeFunc set_mode = renderer->clazz->set_mode; - + set_mode = renderer->clazz->set_mode; - for ( ; num_params > 0; num_params-- ) - { - error = set_mode( renderer, parameters->tag, parameters->data ); - if ( error ) - break; - parameters++; - } + for ( ; num_params > 0; num_params-- ) + { + error = set_mode( renderer, parameters->tag, parameters->data ); + if ( error ) + break; + parameters++; } Exit: @@ -4090,7 +4118,11 @@ /* if we changed the current renderer for the glyph image format */ /* we need to select it as the next current one */ if ( !error && update && renderer ) - FT_Set_Renderer( library, renderer, 0, 0 ); + { + error = FT_Set_Renderer( library, renderer, 0, 0 ); + if ( error ) + break; + } } } @@ -4100,6 +4132,7 @@ #define FT_COMPONENT trace_bitmap /* we convert to a single bitmap format for computing the checksum */ + if ( !error ) { FT_Bitmap bitmap; FT_Error err; @@ -4107,6 +4140,7 @@ FT_Bitmap_New( &bitmap ); + /* this also converts the bitmap flow to `down' (i.e., pitch > 0) */ err = FT_Bitmap_Convert( library, &slot->bitmap, &bitmap, 1 ); if ( !err ) { @@ -4348,7 +4382,7 @@ FT_Get_Module( FT_Library library, const char* module_name ) { - FT_Module result = 0; + FT_Module result = NULL; FT_Module* cur; FT_Module* limit; @@ -4603,6 +4637,9 @@ FT_EXPORT_DEF( FT_Error ) FT_Reference_Library( FT_Library library ) { + if ( !library ) + return FT_THROW( Invalid_Library_Handle ); + library->refcount++; return FT_Err_Ok; @@ -4619,7 +4656,7 @@ FT_Error error; - if ( !memory ) + if ( !memory || !alibrary ) return FT_THROW( Invalid_Argument ); #ifdef FT_DEBUG_LEVEL_ERROR @@ -4881,6 +4918,8 @@ *p_arg1 = subg->arg1; *p_arg2 = subg->arg2; *p_transform = subg->transform; + + error = FT_Err_Ok; } return error; -- cgit v1.2.3