From 27811904d8de0ce5591417812ca31163bf5aad60 Mon Sep 17 00:00:00 2001 From: Geremy Condra Date: Fri, 16 Dec 2011 12:43:20 -0800 Subject: Updated freetype to 2.4.8 This change is to fix a vulnerability in 2.4.7 (CVE-2011-3439). It is taken from http://b/issue?id=5700584. Change-Id: I25a87999bc3ab44d7c7f59e7f04f56895d86bb5d --- include/freetype/freetype.h | 2 +- include/freetype/internal/services/svpsinfo.h | 19 ++- include/freetype/internal/t1types.h | 13 +-- include/freetype/t1tables.h | 162 +++++++++++++++++++++++++- src/base/ftbase.h | 5 +- src/base/ftbitmap.c | 4 +- src/base/ftrfork.c | 2 + src/base/fttype1.c | 22 +++- src/cff/cffdrivr.c | 6 +- src/truetype/ttinterp.c | 33 ++++-- 10 files changed, 231 insertions(+), 37 deletions(-) diff --git a/include/freetype/freetype.h b/include/freetype/freetype.h index 08b77e1..f1f55f0 100644 --- a/include/freetype/freetype.h +++ b/include/freetype/freetype.h @@ -3810,7 +3810,7 @@ FT_BEGIN_HEADER */ #define FREETYPE_MAJOR 2 #define FREETYPE_MINOR 4 -#define FREETYPE_PATCH 7 +#define FREETYPE_PATCH 8 /*************************************************************************/ diff --git a/include/freetype/internal/services/svpsinfo.h b/include/freetype/internal/services/svpsinfo.h index 91ba91e..84d6a78 100644 --- a/include/freetype/internal/services/svpsinfo.h +++ b/include/freetype/internal/services/svpsinfo.h @@ -4,7 +4,7 @@ /* */ /* The FreeType PostScript info service (specification). */ /* */ -/* Copyright 2003, 2004, 2009 by */ +/* Copyright 2003, 2004, 2009, 2011 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -44,6 +44,13 @@ FT_BEGIN_HEADER (*PS_GetFontPrivateFunc)( FT_Face face, PS_PrivateRec* afont_private ); + typedef FT_Long + (*PS_GetFontValueFunc)( FT_Face face, + PS_Dict_Keys key, + FT_UInt idx, + void *value, + FT_Long value_len ); + FT_DEFINE_SERVICE( PsInfo ) { @@ -51,22 +58,25 @@ FT_BEGIN_HEADER PS_GetFontExtraFunc ps_get_font_extra; PS_HasGlyphNamesFunc ps_has_glyph_names; PS_GetFontPrivateFunc ps_get_font_private; + PS_GetFontValueFunc ps_get_font_value; }; #ifndef FT_CONFIG_OPTION_PIC #define FT_DEFINE_SERVICE_PSINFOREC(class_, get_font_info_, \ - ps_get_font_extra_, has_glyph_names_, get_font_private_) \ + ps_get_font_extra_, has_glyph_names_, get_font_private_, \ + get_font_value_) \ static const FT_Service_PsInfoRec class_ = \ { \ get_font_info_, ps_get_font_extra_, has_glyph_names_, \ - get_font_private_ \ + get_font_private_, get_font_value_ \ }; #else /* FT_CONFIG_OPTION_PIC */ #define FT_DEFINE_SERVICE_PSINFOREC(class_, get_font_info_, \ - ps_get_font_extra_, has_glyph_names_, get_font_private_) \ + ps_get_font_extra_, has_glyph_names_, get_font_private_, \ + get_font_value_) \ void \ FT_Init_Class_##class_( FT_Library library, \ FT_Service_PsInfoRec* clazz) \ @@ -76,6 +86,7 @@ FT_BEGIN_HEADER clazz->ps_get_font_extra = ps_get_font_extra_; \ clazz->ps_has_glyph_names = has_glyph_names_; \ clazz->ps_get_font_private = get_font_private_; \ + clazz->ps_get_font_value = get_font_value_; \ } #endif /* FT_CONFIG_OPTION_PIC */ diff --git a/include/freetype/internal/t1types.h b/include/freetype/internal/t1types.h index 5f73063..f859de2 100644 --- a/include/freetype/internal/t1types.h +++ b/include/freetype/internal/t1types.h @@ -5,7 +5,7 @@ /* Basic Type1/Type2 type definitions and interface (specification */ /* only). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008, 2009 by */ +/* Copyright 1996-2004, 2006, 2008, 2009, 2011 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -78,17 +78,6 @@ FT_BEGIN_HEADER } T1_EncodingRec, *T1_Encoding; - typedef enum T1_EncodingType_ - { - T1_ENCODING_TYPE_NONE = 0, - T1_ENCODING_TYPE_ARRAY, - T1_ENCODING_TYPE_STANDARD, - T1_ENCODING_TYPE_ISOLATIN1, - T1_ENCODING_TYPE_EXPERT - - } T1_EncodingType; - - /* used to hold extra data of PS_FontInfoRec that * cannot be stored in the publicly defined structure. * diff --git a/include/freetype/t1tables.h b/include/freetype/t1tables.h index 5e2a393..db1a91e 100644 --- a/include/freetype/t1tables.h +++ b/include/freetype/t1tables.h @@ -5,7 +5,7 @@ /* Basic Type 1/Type 2 tables definitions and interface (specification */ /* only). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2006, 2008, 2009 by */ +/* Copyright 1996-2004, 2006, 2008, 2009, 2011 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -493,8 +493,166 @@ FT_BEGIN_HEADER FT_Get_PS_Font_Private( FT_Face face, PS_Private afont_private ); - /* */ + /*************************************************************************/ + /* */ + /* */ + /* T1_EncodingType */ + /* */ + /* */ + /* An enumeration describing the `Encoding' entry in a Type 1 */ + /* dictionary. */ + /* */ + typedef enum T1_EncodingType_ + { + T1_ENCODING_TYPE_NONE = 0, + T1_ENCODING_TYPE_ARRAY, + T1_ENCODING_TYPE_STANDARD, + T1_ENCODING_TYPE_ISOLATIN1, + T1_ENCODING_TYPE_EXPERT + + } T1_EncodingType; + + + /*************************************************************************/ + /* */ + /* */ + /* PS_Dict_Keys */ + /* */ + /* */ + /* An enumeration used in calls to @FT_Get_PS_Font_Value to identify */ + /* the Type~1 dictionary entry to retrieve. */ + /* */ + typedef enum PS_Dict_Keys_ + { + /* conventionally in the font dictionary */ + PS_DICT_FONT_TYPE, /* FT_Byte */ + PS_DICT_FONT_MATRIX, /* FT_Fixed */ + PS_DICT_FONT_BBOX, /* FT_Fixed */ + PS_DICT_PAINT_TYPE, /* FT_Byte */ + PS_DICT_FONT_NAME, /* FT_String* */ + PS_DICT_UNIQUE_ID, /* FT_Int */ + PS_DICT_NUM_CHAR_STRINGS, /* FT_Int */ + PS_DICT_CHAR_STRING_KEY, /* FT_String* */ + PS_DICT_CHAR_STRING, /* FT_String* */ + PS_DICT_ENCODING_TYPE, /* T1_EncodingType */ + PS_DICT_ENCODING_ENTRY, /* FT_String* */ + + /* conventionally in the font Private dictionary */ + PS_DICT_NUM_SUBRS, /* FT_Int */ + PS_DICT_SUBR, /* FT_String* */ + PS_DICT_STD_HW, /* FT_UShort */ + PS_DICT_STD_VW, /* FT_UShort */ + PS_DICT_NUM_BLUE_VALUES, /* FT_Byte */ + PS_DICT_BLUE_VALUE, /* FT_Short */ + PS_DICT_BLUE_FUZZ, /* FT_Int */ + PS_DICT_NUM_OTHER_BLUES, /* FT_Byte */ + PS_DICT_OTHER_BLUE, /* FT_Short */ + PS_DICT_NUM_FAMILY_BLUES, /* FT_Byte */ + PS_DICT_FAMILY_BLUE, /* FT_Short */ + PS_DICT_NUM_FAMILY_OTHER_BLUES, /* FT_Byte */ + PS_DICT_FAMILY_OTHER_BLUE, /* FT_Short */ + PS_DICT_BLUE_SCALE, /* FT_Fixed */ + PS_DICT_BLUE_SHIFT, /* FT_Int */ + PS_DICT_NUM_STEM_SNAP_H, /* FT_Byte */ + PS_DICT_STEM_SNAP_H, /* FT_Short */ + PS_DICT_NUM_STEM_SNAP_V, /* FT_Byte */ + PS_DICT_STEM_SNAP_V, /* FT_Short */ + PS_DICT_FORCE_BOLD, /* FT_Bool */ + PS_DICT_RND_STEM_UP, /* FT_Bool */ + PS_DICT_MIN_FEATURE, /* FT_Short */ + PS_DICT_LEN_IV, /* FT_Int */ + PS_DICT_PASSWORD, /* FT_Long */ + PS_DICT_LANGUAGE_GROUP, /* FT_Long */ + + /* conventionally in the font FontInfo dictionary */ + PS_DICT_VERSION, /* FT_String* */ + PS_DICT_NOTICE, /* FT_String* */ + PS_DICT_FULL_NAME, /* FT_String* */ + PS_DICT_FAMILY_NAME, /* FT_String* */ + PS_DICT_WEIGHT, /* FT_String */ + PS_DICT_IS_FIXED_PITCH, /* FT_Bool */ + PS_DICT_UNDERLINE_POSITION, /* FT_Short */ + PS_DICT_UNDERLINE_THICKNESS, /* FT_UShort */ + PS_DICT_FS_TYPE, /* FT_UShort */ + PS_DICT_ITALIC_ANGLE, /* FT_Long */ + + PS_DICT_MAX = PS_DICT_ITALIC_ANGLE + + } PS_Dict_Keys; + + + /************************************************************************ + * + * @function: + * FT_Get_PS_Font_Value + * + * @description: + * Retrieve the value for the supplied key from a PostScript font. + * + * @input: + * face :: + * PostScript face handle. + * + * key :: + * An enumeration value representing the dictionary key to retrieve. + * + * idx :: + * For array values, this specifies the index to be returned. + * + * value :: + * A pointer to memory into which to write the value. + * + * valen_len :: + * The size, in bytes, of the memory supplied for the value. + * + * @output: + * value :: + * The value matching the above key, if it exists. + * + * @return: + * The amount of memory (in bytes) required to hold the requested + * value (if it exists, -1 otherwise). + * + * @note: + * The values returned are not pointers into the internal structures of + * the face, but are `fresh' copies, so that the memory containing them + * belongs to the calling application. This also enforces the + * `read-only' nature of these values, i.e., this function cannot be + * used to manipulate the face. + * + * `value' is a void pointer because the values returned can be of + * various types. + * + * If either `value' is NULL or `value_len' is too small, just the + * required memory size for the requested entry is returned. + * + * The `idx' parameter is used, not only to retrieve elements of, for + * example, the FontMatrix or FontBBox, but also to retrieve name keys + * from the CharStrings dictionary, and the charstrings themselves. It + * is ignored for atomic values. + * + * PS_DICT_BLUE_SCALE returns a value that is scaled up by 1000. To + * get the value as in the font stream, you need to divide by + * 65536000.0 (to remove the FT_Fixed scale, and the x1000 scale). + * + * IMPORTANT: Only key/value pairs read by the FreeType interpreter can + * be retrieved. So, for example, PostScript procedures such as NP, + * ND, and RD are not available. Arbitrary keys are, obviously, not be + * available either. + * + * If the font's format is not PostScript-based, this function returns + * the `FT_Err_Invalid_Argument' error code. + * + */ + FT_EXPORT( FT_Long ) + FT_Get_PS_Font_Value( FT_Face face, + PS_Dict_Keys key, + FT_UInt idx, + void *value, + FT_Long value_len ); + + /* */ FT_END_HEADER diff --git a/src/base/ftbase.h b/src/base/ftbase.h index 6375613..516f4bb 100644 --- a/src/base/ftbase.h +++ b/src/base/ftbase.h @@ -49,7 +49,8 @@ FT_BEGIN_HEADER FT_Face *aface ); -#ifdef FT_CONFIG_OPTION_GUESSING_EMBEDDED_RFORK +#if defined( FT_CONFIG_OPTION_GUESSING_EMBEDDED_RFORK ) && \ + ( !defined( FT_MACINTOSH ) || defined( DARWIN_NO_CARBON ) ) /* Mac OS X/Darwin kernel often changes recommended method to access */ /* the resource fork and older methods makes the kernel issue the */ /* warning of deprecated method. To calm it down, the methods based */ @@ -57,7 +58,7 @@ FT_BEGIN_HEADER /* the case the resource is opened but found to lack a font in it. */ FT_LOCAL( FT_Bool ) raccess_rule_by_darwin_vfs( FT_UInt rule_index ); -#endif /* FT_CONFIG_OPTION_GUESSING_EMBEDDED_RFORK */ +#endif FT_END_HEADER diff --git a/src/base/ftbitmap.c b/src/base/ftbitmap.c index 5ef7ac7..15c9d65 100644 --- a/src/base/ftbitmap.c +++ b/src/base/ftbitmap.c @@ -417,8 +417,8 @@ target->pitch = source->width + pad; - if ( target->pitch > 0 && - target->rows > FT_ULONG_MAX / target->pitch ) + if ( target->pitch > 0 && + (FT_ULong)target->rows > FT_ULONG_MAX / target->pitch ) return FT_Err_Invalid_Argument; if ( target->rows * target->pitch > old_size && diff --git a/src/base/ftrfork.c b/src/base/ftrfork.c index 4e7d510..33768b0 100644 --- a/src/base/ftrfork.c +++ b/src/base/ftrfork.c @@ -417,6 +417,7 @@ } +#if !defined( FT_MACINTOSH ) || defined( DARWIN_NO_CARBON ) static FT_RFork_Rule raccess_get_rule_type_from_rule_index( FT_UInt rule_index ) { @@ -440,6 +441,7 @@ return FALSE; } } +#endif static FT_Error diff --git a/src/base/fttype1.c b/src/base/fttype1.c index 8f1e102..c30124f 100644 --- a/src/base/fttype1.c +++ b/src/base/fttype1.c @@ -4,7 +4,7 @@ /* */ /* FreeType utility file for PS names support (body). */ /* */ -/* Copyright 2002, 2003, 2004 by */ +/* Copyright 2002-2004, 2011 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -90,5 +90,25 @@ return error; } +/* documentation is in t1tables.h */ +FT_EXPORT_DEF( FT_Long ) +FT_Get_PS_Font_Value( FT_Face face, + PS_Dict_Keys key, + FT_UInt idx, + void *value, + FT_Long value_len ) +{ + FT_Int result = 0; + FT_Service_PsInfo service = NULL; + + if ( face ) + { + FT_FACE_FIND_SERVICE( face, service, POSTSCRIPT_INFO ); + if ( service && service->ps_get_font_value ) + result = service->ps_get_font_value( face, key, idx, + value, value_len ); + } + return result; +} /* END */ diff --git a/src/cff/cffdrivr.c b/src/cff/cffdrivr.c index 4fd3436..bf2d016 100644 --- a/src/cff/cffdrivr.c +++ b/src/cff/cffdrivr.c @@ -4,8 +4,7 @@ /* */ /* OpenType font driver implementation (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, */ -/* 2010 by */ +/* Copyright 1996-2011 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -365,7 +364,8 @@ (PS_GetFontInfoFunc) cff_ps_get_font_info, (PS_GetFontExtraFunc) NULL, (PS_HasGlyphNamesFunc) cff_ps_has_glyph_names, - (PS_GetFontPrivateFunc)NULL /* unsupported with CFF fonts */ + (PS_GetFontPrivateFunc)NULL, /* unsupported with CFF fonts */ + (PS_GetFontValueFunc) NULL /* not implemented */ ) diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 6c4eed6..c62c589 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -5155,25 +5155,38 @@ D = CUR_Func_project( CUR.zp0.cur + L, CUR.zp1.cur + K ); else { - FT_Vector* vec1 = CUR.zp0.orus + L; - FT_Vector* vec2 = CUR.zp1.orus + K; + /* XXX: UNDOCUMENTED: twilight zone special case */ - - if ( CUR.metrics.x_scale == CUR.metrics.y_scale ) + if ( CUR.GS.gep0 == 0 || CUR.GS.gep1 == 0 ) { - /* this should be faster */ + FT_Vector* vec1 = CUR.zp0.org + L; + FT_Vector* vec2 = CUR.zp1.org + K; + + D = CUR_Func_dualproj( vec1, vec2 ); - D = TT_MULFIX( D, CUR.metrics.x_scale ); } else { - FT_Vector vec; + FT_Vector* vec1 = CUR.zp0.orus + L; + FT_Vector* vec2 = CUR.zp1.orus + K; + + + if ( CUR.metrics.x_scale == CUR.metrics.y_scale ) + { + /* this should be faster */ + D = CUR_Func_dualproj( vec1, vec2 ); + D = TT_MULFIX( D, CUR.metrics.x_scale ); + } + else + { + FT_Vector vec; - vec.x = TT_MULFIX( vec1->x - vec2->x, CUR.metrics.x_scale ); - vec.y = TT_MULFIX( vec1->y - vec2->y, CUR.metrics.y_scale ); + vec.x = TT_MULFIX( vec1->x - vec2->x, CUR.metrics.x_scale ); + vec.y = TT_MULFIX( vec1->y - vec2->y, CUR.metrics.y_scale ); - D = CUR_fast_dualproj( &vec ); + D = CUR_fast_dualproj( &vec ); + } } } } -- cgit v1.2.3