Go to file
Werner Lemberg 57c4252ab5 [sfnt] Guard access in 'COLR' v1 glyph binary search.
Reported as

  https://bugs.chromium.org/p/chromium/issues/detail?id=1505216

* src/sfnt/ttcolr.c (find_base_glyph_v1_record): Guard access of the search
pointer during binary search.  The pointer needs to be checked as we go as
the test that compares number of v1 glyphs with table size at the time of
loading the table is not sufficient on its own.

A scenario is possible in which the `BaseGlyphRecord` list extends into
non-`BaseGlyphRecord` parts of the 'COLR' v1 table (but passed the size
comparison check).  Then, at those locations, invalid glyph ID values are
read and may provoke an invalid read due to reassigning min and max values
during the binary search.
2024-01-02 17:55:33 +01:00
builds [msbuild] Streamline the process. 2023-12-06 23:33:32 -05:00
devel [truetype] Hide Infinality. 2023-02-17 04:22:24 +00:00
docs [msbuild] Streamline the process. 2023-12-06 23:33:32 -05:00
include [CFF] Extract BlueValues as Fixed rather than Int. 2023-12-14 07:17:01 +01:00
objs
src [sfnt] Guard access in 'COLR' v1 glyph binary search. 2024-01-02 17:55:33 +01:00
subprojects * subprojects/*.wrap: Updated. 2023-08-24 20:47:00 +02:00
tests * tests/issue-1063/main.c: s/PATH_MAX/FILENAME_MAX/. 2021-10-20 11:27:03 -04:00
.clang-format
.gitignore [meson] Add first regression test to FreeType 2021-06-16 10:28:47 +02:00
.gitlab-ci.yml [ci] Add support for MSBuild on Windows. 2023-12-18 17:45:05 +00:00
.gitmodules Move 'dlg' submodule to subprojects directory. 2021-02-16 14:07:18 +01:00
.mailmap .mailmap: Updated. 2023-05-13 09:35:12 +02:00
autogen.sh [builds] Abbreviate the DLG submodule update. 2023-08-30 02:28:48 +00:00
CMakeLists.txt * Version 2.13.2 released. 2023-08-25 20:12:52 +02:00
configure * configure: Use sed instead of grep. 2023-03-02 20:53:21 +00:00
LICENSE.TXT [autofit] Don't depend on 'hb-ft'. 2023-01-06 12:54:17 +01:00
Makefile Update all copyright notices. 2023-01-17 09:18:25 +01:00
meson_options.txt Update all copyright notices. 2023-01-17 09:18:25 +01:00
meson.build Update all copyright notices. 2023-01-17 09:18:25 +01:00
modules.cfg Update all copyright notices. 2023-01-17 09:18:25 +01:00
MSBuild.rsp [msbuild] Streamline the process. 2023-12-06 23:33:32 -05:00
MSBuild.sln [msbuild] Streamline the process. 2023-12-06 23:33:32 -05:00
README * Version 2.13.2 released. 2023-08-25 20:12:52 +02:00
README.git Update all copyright notices. 2023-01-17 09:18:25 +01:00
vms_make.com * vms_make.com: Switch to clang. 2023-12-14 06:21:52 +01:00

FreeType 2.13.2
===============

Homepage: https://www.freetype.org

FreeType is a freely available software library to render fonts.

It  is  written  in  C,   designed  to  be  small,  efficient,  highly
customizable,  and portable  while capable  of producing  high-quality
output (glyph images) of most vector and bitmap font formats.

Please   read  the   `docs/CHANGES`   file,   it  contains   IMPORTANT
INFORMATION.

Read the files `docs/INSTALL*`  for installation instructions; see the
file `docs/LICENSE.TXT` for the available licenses.

For using FreeType's git repository  instead of a distribution bundle,
please read file  `README.git`.  Note that you have  to actually clone
the repository; using a snapshot will  not work (in other words, don't
use gitlab's 'Download' button).

The FreeType 2 API reference is located in directory `docs/reference`;
use the file  `index.html` as the top entry point.   [Please note that
currently  the search  function  for  locally installed  documentation
doesn't work due to cross-site scripting issues.]

Additional documentation is  available as a separate  package from our
sites.  Go to

  https://download.savannah.gnu.org/releases/freetype/

and download one of the following files.

  freetype-doc-2.13.2.tar.xz
  freetype-doc-2.13.2.tar.gz
  ftdoc2132.zip

To view the documentation online, go to

  https://www.freetype.org/freetype2/docs/


Mailing Lists
-------------

The preferred  way of  communication with the  FreeType team  is using
e-mail lists.

  general use and discussion:      freetype@nongnu.org
  engine internals, porting, etc.: freetype-devel@nongnu.org
  announcements:                   freetype-announce@nongnu.org
  git repository tracker:          freetype-commit@nongnu.org

The lists are moderated; see

  https://www.freetype.org/contact.html

how to subscribe.


Bugs
----

Please submit bug reports at

  https://gitlab.freedesktop.org/freetype/freetype/-/issues

Alternatively,    you    might    report    bugs    by    e-mail    to
`freetype-devel@nongnu.org`.    Don't  forget   to  send   a  detailed
explanation of the problem -- there  is nothing worse than receiving a
terse message that only says 'it doesn't work'.


Patches
-------

For larger changes please provide merge requests at

  https://gitlab.freedesktop.org/freetype/freetype/-/merge_requests

Alternatively, you can send patches to the `freetype-devel@nongnu.org`
mailing list  -- and thank you  in advance for your  work on improving
FreeType!

Details on the process can be found here:

  https://www.freetype.org/developer.html#patches


Enjoy!

  The FreeType Team

----------------------------------------------------------------------

Copyright (C) 2006-2023 by
David Turner, Robert Wilhelm, and Werner Lemberg.

This  file is  part of  the FreeType  project, and  may only  be used,
modified,  and distributed  under the  terms of  the  FreeType project
license,  LICENSE.TXT.  By  continuing to  use, modify,  or distribute
this file you  indicate that you have read  the license and understand
and accept it fully.


--- end of README ---