Commit Graph

7604 Commits

Author SHA1 Message Date
Alexei Podtelezhnikov
7eb9a9dbbe * src/pshinter/pshglob.c (psh_globals_new): Avoid zeroing.
This large allocation is followed by careful initialization. Whatever
is missed should be initialized manually.
2022-01-14 14:40:11 -05:00
Alexei Podtelezhnikov
81b81feb62 * src/base/fthash.c (hash_insert): Avoid unnecessary zeroing. 2022-01-14 18:22:23 +00:00
Alexei Podtelezhnikov
904ad21266 * src/bdf/bdflib.c (_bdf_parse_glyphs): Remove redundant assignment. 2022-01-13 23:38:56 -05:00
Alexei Podtelezhnikov
ee52b57121 * src/lzw/ftlzw.c (FT_Stream_OpenLZW): Avoid unnecessary zeroing. 2022-01-13 09:45:48 -05:00
Ben Wagner
6ee8951956 [bzip2] Reset bzip stream on any error.
According to the bzip documentation it is undefined what will happen if
`BZ2_bzDecompress` is called on a `bz_stream` it has previously returned an
error against.  If `BZ2_bzDecompress` returns anything other than `BZ_OK`
the only valid next action is `BZ2_bzDecompressEnd`.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43564

* src/bzip2/ftbzip2.c (FT_BZip2FileRec_): Add `reset` to track the need to
reset the stream.
(ft_bzip2_file_init): Initialize `reset` to 0.
(ft_bzip2_file_reset): Set `reset` to 0 after resetting.
(ft_bzip2_file_fill_output): Set `reset` to 1 when `BZ2_bzDecompress`
returns anything other than `BZ_OK`.
2022-01-13 08:21:36 +01:00
Werner Lemberg
b647dbdeb8 .gitlab-ci.yml: Minor comment cleanups. 2022-01-12 06:22:15 +01:00
Azamat H. Hackimov
ca44a236a0 .gitlab-ci.yml: Add steps to before_script to ensure recent CA.
Fetch current list of valid CAs from Windows Update and manually import them
to trusted datastore.  This action is required to make downloads work from
sites that need recent Let's Encrypt ISRG Root X1 certificate.
2022-01-12 06:22:15 +01:00
Ben Wagner
f1d3b9f10a Revert "[bzip2] Avoid use of uninitialized memory."
This reverts commit d276bcb7f0.

The original commit did avoid the use of uninitialized memory. However,
it appears that the original commit is no longer required. The
underlying issue was resolved by a change in freetype2-testing "Build
bzip2 correctly." [0]. Prior to [0] bzip2 was built without msan, so
bzip2 writes were not tracked or considered initialized. Clearing
`buffer` in the original commit allowed msan to see the `buffer` content
initialized once in FreeType code, but msan saw no writes into buffer
from bzip2.  With bzip2 now built with msan, the bzip2 writes are
properly instrumented and msan sees the bzip2 writes into the buffer. As
a result the original commit can be safely reverted to allow for better
detection of other uninitialized data scenarios.

* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Revert to using `FT_QNEW`.

[0] 3c052a837a
2022-01-11 17:15:35 -05:00
Ben Wagner
e838c37c2c [type42] Track how much type42 ttf data is available.
Currently `T42_Open_Face` eagerly allocates 12 bytes for the ttf header
data which it expects `t42_parse_sfnts` to fill out from /sfnts data.
However, there is no guarantee that `t42_parse_sfnts` will actually be
called while parsing the type42 data as the /sfnts array may be missing
or very short. This is also confusing behavior as it means
`T42_Open_Face` is tightly coupled to the implementation of the very
distant `t42_parse_sfnts` code which requires at least 12 bytes to
already be reserved in `face->ttf_data`.

`t42_parse_sfnts` itself eagerly updates `face->ttf_size` to track how
much space is reserved for ttf data instead of traking how much data has
actually been written into `face->ttf_data`. It will also act strangely
in the presense of multiple /sfnts arrays.

* src/type42/t42objs.c (T42_Open_Face): ensure `ttf_data` is initialized
to NULL. Free `ttf_data` on error.

* src/type42/t42parse.c (t42_parse_sfnts): delay setting `ttf_size` and
set it to the actual number of bytes read. Ensure `ttf_data` is freed
if there are multiple /sfnts arrays or there are any errors.
2022-01-11 14:58:18 -05:00
Dominik Röttsches
3876846e26 [sfnt] Fix limit checks for COLR v1 ClipBoxes
* src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Fix off-by-one in
limit checks.
2022-01-11 13:40:20 +02:00
Werner Lemberg
d0cfb4e1b2 Update all copyright notices. 2022-01-11 10:54:10 +01:00
Werner Lemberg
947fddc8da * src/sfnt/ttcolr.c (read_paint): Fix undefined left-shift operation.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43151
2022-01-11 08:27:26 +00:00
Werner Lemberg
639a02154b * src/type42/t42objs.c (T42_Open_Face): Avoid use of uninitialized memory.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43508
2022-01-11 09:14:48 +01:00
Werner Lemberg
33626164e8 .gitlab-ci.yml: Fix typo in previous commit. 2022-01-11 08:01:30 +01:00
Werner Lemberg
4c0db60772 .gitlab-ci.yml: Update Windows image.
The old image produced errors like

```
Downloading zlib patch from
  https://wrapdb.mesonbuild.com/v2/zlib_1.2.11-5/get_patch
A fallback URL could be specified using patch_fallback_url key in the wrap file
WrapDB connection failed to
  https://wrapdb.mesonbuild.com/v2/zlib_1.2.11-5/get_patch
with error
  <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
   failed: certificate has expired (_ssl.c:1122)>
```
2022-01-11 07:52:28 +01:00
Werner Lemberg
2e62b7446b * subprojects/zlib.wrap: Update from upstream. 2022-01-11 05:37:56 +01:00
Werner Lemberg
4a89112b2a * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Add limit checks.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40716
2022-01-10 18:31:17 +00:00
Werner Lemberg
3f9b78fc79 [zlib] Don't typedef ptrdiff_t.
While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually
include some standard header files, making the typedef fail on systems where
the native `ptrdiff_t` type differs.

Fixes #1124.

* src/zlib/zutil.h: Comment out definition; it doesn't work on Windows.

* src/zlib/patches/freetype-zlib.diff: Updated.
2022-01-10 18:24:56 +01:00
Werner Lemberg
da8a8b8bcf [zlib] Some organizational changes.
We now first apply zlib's `zlib2ansi` script, then FreeType's patch file.

* src/gzip/README.freetype: Updated.

* patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed
to...
* patches/freetype-zlib.diff: This.
Clean up description, then regenerate it as follows:

  - Copy unmodified files from `zlib` repository.
  - Run `zlib2ansi` script.
  - Run `git diff -R > patches/freetype-zlib.diff.new`.
  - Insert patch description of old diff file, then replace old diff with
    new diff file.
2022-01-10 18:13:10 +01:00
David Turner
a25e85ed95 [gzip] Update sources to zlib 1.2.11
This can be tested by building with the Unix development build

  make setup devel
  make

or by building the freetype-demos programs with

  meson setup build -Dfreetype2:zlib=internal
  meson compile -C out

and trying to run `ftview` with a `.pcf.gz` font file.

* src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources.  Also
remove the temporary fix introduced in commit 6a431038 to work around the
fact that the internal sources were too old.

* src/gzip/README.freetype: New file describing the origin of the sources
and how they were modified.

* src/gzip/patches/*: Patch files applied to original sources.

* src/gzip/*: Updated zlib sources with the patch file(s) from
`src/gzip/patches/` applied, followed by a conversion with zlib's
`zlib2ansi` script.
2022-01-09 23:16:00 +01:00
David Turner
0d34386366 [meson] Change Zlib configuration option.
* meson_options.txt, meson.build: Change the format of the 'zlib' meson
build configuration option to be a combo with the following choices:

  - none: Do not support gzip-compressed streams at all.

  - internal: Support gzip-compressed streams using the copy of the gzip
    sources under `src/gzip/`; this should only be used during development
    to ensure these work properly.

  - external: Support gzip-compressed streams using the 'zlib' Meson
    subproject, linked as a static library.

  - system: Support gzip-compressed streams using a system-installed version
    of zlib.

  - auto: Support gzip-compressed streams using a system-installed version
    of zlib, if available, or using the 'zlib' subproject otherwise.  This
    is the default.

  - disabled: Backward-compatible alias for 'none'.

  - enabled: Backward-compatible alias for 'auto'.
2022-01-09 21:38:29 +01:00
Werner Lemberg
d276bcb7f0 [bzip2] Avoid use of uninitialized memory.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
`FT_NEW` for setting up `zip` to avoid uninitialized memory access while
handling malformed PCF fonts later on.

Fixes

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
2022-01-09 07:48:59 +01:00
Alexei Podtelezhnikov
ca01112894 [sfnt] Fix off-by-one error.
The 0-base index is equal to the number of previosly parsed entries.
It is an error to adjust it by one to get the number truncated by
a stream error.  This is probably inconsequential because valid
entries are correctly accounted for.

* src/sfnt/ttload.c (check_table_dir): Do not adjust the truncated
number of tables.
2022-01-08 22:28:44 -05:00
Werner Lemberg
7a493e3a40 [sfnt, type42] Correct previous commit.
Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773.

* src/sfnt/ttload.c (check_table_dir): Revert change.

* src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but
`FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access
while handling malformed TrueType fonts later on.
2022-01-08 10:28:19 +01:00
Werner Lemberg
bf9b1ef905 * src/sfnt/ttload.c (check_table_dir): Initialize table.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773
2022-01-07 10:25:52 +01:00
Werner Lemberg
b5c2172f59 [sfnt] Avoid 'runtime error: applying zero offset to null pointer'.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_byte_aligned): Exit early if
`line` is NULL.
2022-01-07 06:53:44 +01:00
Werner Lemberg
5aa2a5c34a [autofit, pshinter] Use FT_OFFSET.
This avoids

```
runtime error: applying zero offset to null pointer
```

warnings of clang's undefined behaviour sanitizer.

* src/autofit/afcjk.c (af_cjk_hints_link_segments,
af_cjk_hints_compute_edges, af_cjk_hints_compute_blue_edges,
af_cjk_hint_edges, af_cjk_align_edge_points): Do it.

* src/autofit/afhints.c (af_glyph_hints_align_edge_points,
af_glyph_hints_align_strong_points): Ditto.

* src/autofit/aflatin.c (af_latin_metrics_init_widths,
af_latin_hints_link_segments, af_latin_hints_compute_edges,
af_latin_hints_compute_blue_edges, af_latin_hint_edges): Ditto.

* src/pshinter/pshalgo.c (psh_hint_table_init): Ditto.
2022-01-07 06:41:36 +01:00
Ben Wagner
afb4ca0151 [truetype] Reset localpoints when varying cvt.
When iterating over the cvt tuples and reading in the points it is necessary
to set all of `localpoints`, `points`, and `point_count` in all cases.  The
existing code did not reset `localpoints` to `NULL` when there were no
private point numbers.  If the previous tuple did have private point numbers
and set `localpoints` to `ALL_POINTS` this would not be cleared and the
wrong branch would be taken later, leading to possible heap buffer overflow.

* src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL`
when it isn't valid.

Fixes: https://crbug.com/1284742
2022-01-06 19:13:00 +01:00
Werner Lemberg
2b672e7210 * builds/unix/configure.raw: Restore SYSTEM_ZLIB variable.
This was accidentally removed with commit 93ebcbd0 almost eight years ago.
2022-01-02 18:33:03 +01:00
Alexander Borsuk
4eb6cb8818 Fix warnings for CMake Unity builds.
* src/cache/ftcbasic.c (FT_COMPONENT): Undefine macro before redefinition.
* src/smooth/ftgrays.c (TRUNC, FRACT): Ditto.
2021-12-27 07:48:04 +01:00
Alexander Borsuk
4f35711844 Clang-Tidy warning fixes.
* src/base/ftobjs.c (FT_Get_Paint): Operator has equivalent nested operands.
* src/bdf/bdflib.c (_bdf_add_property): Value stored to `fp` is never read.
* src/sdf/ftbsdf.c (bsdf_init_distance_map): Value stored to `pixel` is
never read.
* src/sdf/ftsdf.c (split_sdf_shape): Value stored to `error` is never read.
2021-12-18 11:09:15 +01:00
Eli Schwartz
d6a5c57727 * meson.build: Optimize lookup for python3 program.
The python module's `find_installation` method is intended to provide
routines for compiling and installing python modules into the
`site-packages` directory.  It does a couple of slow things, including run
an introspection command to scrape sysconfig info from the detected
interpreter, which are not needed for the sole use case of invoking the
found installation as an executable.

Furthermore, when invoked without the name or path of a python binary, it is
hardcoded to always look for `python3` corresponding to the interpreter
meson itself uses to run.  So using `find_installation` did not even allow
detecting `python2` as a fallback.

Instead, switch to a simple `find_program` lookup that finishes as soon as
the program is found.
2021-12-17 10:47:13 +01:00
Eli Schwartz
57fd61805f * builds/meson/*.py: Fix name of python executable for auxiliary scripts.
The previous change to check the return code of `run_command` invocations
caused the CI to fail.  Although most scripts used `python_exe` as the
program command, the script to determine the project version did not.

But, all scripts used `python` as the shebang, and this is not available on
all systems.  Particularly Debian does not provide a `python` command,
though `python3` does exist.  This meant that formerly the version number
was lacking, and now the build simply fails.

Instead, rely on `python3` since it is guaranteed to exist when running
meson, and `python2` is end of life anyway.
2021-12-17 10:45:29 +01:00
Eli Schwartz
e342f83c0b * meson.build: Check the return value of run_command.
By default, errors are not checked and a command that is somehow broken will
just capture incorrect output (likely an empty string).  Current development
versions of meson now raise a warning for this implicit behavior, and advise
explicitly setting the `check:` keyword argumend to determine whether a
failing return code should be considered an error.

Since none of the commands in this project are expected to fail, mark them
as required to succeed.
2021-12-17 10:38:57 +01:00
Alexei Podtelezhnikov
0da2a1155e [truetype] Upstream the hdmx binary search.
* src/truetype/ttobjs.h (TT_SizeRec): Add `widthp` for the hdmx
widths.
* src/truetype/ttobjs.c (tt_size_reset): Initialize `widthp` even
though it might never be used by the interpreter.
* src/truetype/ttgload.c (tt_loader_init): Avoid repeated searches
in the hdmx table.
2021-12-13 11:44:24 -05:00
Alexei Podtelezhnikov
fd03dcc122 [truetype] Reset the IUP-called flags for each subglyph.
This fixes fall-out from 7809007a5b, where the composite
accents were no longer hinted.

* src/truetype/ttgload.c (ttloader_init): Move the IUP-called flag
initialization from here...
* src/truetype/ttinterp.c (TT_Run_Context): ... to here.
2021-12-12 12:29:04 -05:00
Alexei Podtelezhnikov
7add5b2bcb [truetype] Binary search through the hdmx records.
The `hdmx` table is supposed to be sorted by ppem size, which
enables binary search.  We also drop the check for the sufficient
length of the record because it is now enforced when the table
is loaded.

* include/freetype/internal/tttypes.h (TT_FaceRec): Store the `hdmx`
record pointers sorted by ppem instead of ppem's themselves.
* src/truetype/ttpload.c (tt_face_load_hdmx): Prudently sort records.
(tt_face_get_device_metrics): Implement binary search to retrieve
advances.
2021-12-11 22:54:06 -05:00
Alexei Podtelezhnikov
a8ef33e3ae [truetype] Honor FT_LOAD_ADVANCE_ONLY if hdmx is usable.
This simply shortcuts the glyph loading if FT_LOAD_ADVANCE_ONLY
is specified by FT_Get_Advances and the `hdmx` data are located.
Particularly, the classic v35 interpreter or "verified" ClearType
fonts might see 100x speed up in retrieving the hdmx cache.

* src/truetype/ttgload.c (TT_Load_Glyph): Insert the shortcut.
2021-12-11 22:42:46 -05:00
Alexei Podtelezhnikov
6c831d658f [truetype] Initialize the loader with hdmx data.
The `hdmx` matching can be done before the glyph is loaded.

* include/freetype/internal/tttypes.h (TT_LoaderRec): Add a field.
* src/truetype/ttgload.c (compute_glyph_metrics): Relocate the `hdmx`
code from here...
(tt_loader_init): ... to here, before the glyph is loaded.
2021-12-11 22:34:27 -05:00
Alexei Podtelezhnikov
7809007a5b [truetype] Relocate subpixel flag setting.
`TT_RunIns` is too busy to deal with subpixel flags. It is better
to set them in `tt_loader_init`, which is executed before each
glyph program.

* src/truetype/ttinterp.c (TT_RunIns): Move the flag setting from
here...
* src/truetype/ttgload.c (tt_loader_init): ... to here.
2021-12-11 22:22:57 -05:00
Alexei Podtelezhnikov
a35b081ebc [truetype] Limit INSTCTRL appication within specs.
* src/truetype/ttinterp.c (Ins_INSTCTRL): Limit its global effects
to the CVT program and local effects to the glyph program.

This also fixes an Infinality buglet. The `ignore_x_mode` should be
locally unset by the glyph program.
2021-12-11 22:12:25 -05:00
Ben Wagner
bad92be927 [bdf] Fix use of uninitialized value.
In _bdf_readstream if the data contained no newline then the buffer
would continue to grow and uninitialized data read until either the
uninitialized data contained a newline or the buffer reached its
maxiumum size. The assumption was that the line was always too long and
the buffer had been filled, however this case can also happen when there
is not enough data to fill the buffer.

Correct this by properly setting the cursor to the end of the available
data, which may be different from the end of the buffer. This may still
result in one extra allocation, but only on malformed fonts.

* src/bdf/bdflib.c (_bfd_readstream): Correctly update cursor. Remove
unread set of `avail`.

Bug: https://lists.nongnu.org/archive/html/freetype-devel/2021-12/msg00001.html
2021-12-09 17:07:58 -05:00
Alexei Podtelezhnikov
012b00f3e6 [truetype] Reduce Infinality footprint again.
* src/truetype/ttgload.c (compute_glyph_metrics): Streamline and
prioritize the Infinality checks to use `hdmx`.
2021-12-07 10:19:06 -05:00
Cameron Cawley
1f95189875 [builds/windows] Guard some non-ancient API.
We can support Windows 98 and NT 4.0 in principle...

* builds/windows/ftdebug.c, builds/windows/ftsystem.c: Check for the
ancient SDK using _WIN32_WINDOWS, _WIN32_WCE, or _WIN32_WINNT.
2021-12-06 23:08:46 -05:00
Cameron Cawley
9a533aa27f * builds/windows/visualc/freetype.vcproj: Add missing file. 2021-12-06 21:46:47 -05:00
Werner Lemberg
3f83daeecb * Version 2.11.1 released.
==========================

Tag sources with `VER-2-11-1'.

* docs/VERSION.TXT: Add entry for version 2.11.1.
* docs/CHANGES, docs/release: Updated.

* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.11.0/2.11.1/, s/2110/2111/.

* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.

* builds/unix/configure.raw (version_info): Set to 24:1:18.
* CMakeLists.txt (VERSION_PATCH): Set to 1.

* builds/toplevel.mk (version_tag, CHANGELOG_SCRIPT): New variables.
(do-dist): Generate `ChangeLog` file with all commits since last release.
2021-12-02 13:33:12 +01:00
Alexei Podtelezhnikov
03380482ce [builds/windows] Improve debugging.
* builds/windows/ftdebug.c (FT_Message, FT_Panic): Buffer output
and call `OutputDebugStringA` only if `IsDebuggerPresent`.
[_WIN32_WCE] (OutputDebugStringA): Implement the missing API.
2021-11-29 20:45:07 -05:00
Seigo Nonaka
3b45f564e9 * src/base/ftobjs.c (FT_Request_Metrics): Fix build warning on Android.
Use casts since `FT_USHORT_MAX` is unsigned short in bionic (libc used in
Android).
2021-11-29 18:21:27 +01:00
Alexei Podtelezhnikov
64e26ad3a2 * builds/windows/vc2010/freetype.vcxproj (DlgCopy): Minor tweak. 2021-11-27 22:31:17 -05:00
Alexei Podtelezhnikov
36a905e174 * src/truetype/ttpload.c (tt_face_load_hdmx): Added comments. 2021-11-26 09:15:46 -05:00