From 27811904d8de0ce5591417812ca31163bf5aad60 Mon Sep 17 00:00:00 2001 From: Geremy Condra Date: Fri, 16 Dec 2011 12:43:20 -0800 Subject: Updated freetype to 2.4.8 This change is to fix a vulnerability in 2.4.7 (CVE-2011-3439). It is taken from http://b/issue?id=5700584. Change-Id: I25a87999bc3ab44d7c7f59e7f04f56895d86bb5d --- src/base/ftbase.h | 5 +++-- src/base/ftbitmap.c | 4 ++-- src/base/ftrfork.c | 2 ++ src/base/fttype1.c | 22 +++++++++++++++++++++- src/cff/cffdrivr.c | 6 +++--- src/truetype/ttinterp.c | 33 +++++++++++++++++++++++---------- 6 files changed, 54 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/base/ftbase.h b/src/base/ftbase.h index 6375613..516f4bb 100644 --- a/src/base/ftbase.h +++ b/src/base/ftbase.h @@ -49,7 +49,8 @@ FT_BEGIN_HEADER FT_Face *aface ); -#ifdef FT_CONFIG_OPTION_GUESSING_EMBEDDED_RFORK +#if defined( FT_CONFIG_OPTION_GUESSING_EMBEDDED_RFORK ) && \ + ( !defined( FT_MACINTOSH ) || defined( DARWIN_NO_CARBON ) ) /* Mac OS X/Darwin kernel often changes recommended method to access */ /* the resource fork and older methods makes the kernel issue the */ /* warning of deprecated method. To calm it down, the methods based */ @@ -57,7 +58,7 @@ FT_BEGIN_HEADER /* the case the resource is opened but found to lack a font in it. */ FT_LOCAL( FT_Bool ) raccess_rule_by_darwin_vfs( FT_UInt rule_index ); -#endif /* FT_CONFIG_OPTION_GUESSING_EMBEDDED_RFORK */ +#endif FT_END_HEADER diff --git a/src/base/ftbitmap.c b/src/base/ftbitmap.c index 5ef7ac7..15c9d65 100644 --- a/src/base/ftbitmap.c +++ b/src/base/ftbitmap.c @@ -417,8 +417,8 @@ target->pitch = source->width + pad; - if ( target->pitch > 0 && - target->rows > FT_ULONG_MAX / target->pitch ) + if ( target->pitch > 0 && + (FT_ULong)target->rows > FT_ULONG_MAX / target->pitch ) return FT_Err_Invalid_Argument; if ( target->rows * target->pitch > old_size && diff --git a/src/base/ftrfork.c b/src/base/ftrfork.c index 4e7d510..33768b0 100644 --- a/src/base/ftrfork.c +++ b/src/base/ftrfork.c @@ -417,6 +417,7 @@ } +#if !defined( FT_MACINTOSH ) || defined( DARWIN_NO_CARBON ) static FT_RFork_Rule raccess_get_rule_type_from_rule_index( FT_UInt rule_index ) { @@ -440,6 +441,7 @@ return FALSE; } } +#endif static FT_Error diff --git a/src/base/fttype1.c b/src/base/fttype1.c index 8f1e102..c30124f 100644 --- a/src/base/fttype1.c +++ b/src/base/fttype1.c @@ -4,7 +4,7 @@ /* */ /* FreeType utility file for PS names support (body). */ /* */ -/* Copyright 2002, 2003, 2004 by */ +/* Copyright 2002-2004, 2011 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -90,5 +90,25 @@ return error; } +/* documentation is in t1tables.h */ +FT_EXPORT_DEF( FT_Long ) +FT_Get_PS_Font_Value( FT_Face face, + PS_Dict_Keys key, + FT_UInt idx, + void *value, + FT_Long value_len ) +{ + FT_Int result = 0; + FT_Service_PsInfo service = NULL; + + if ( face ) + { + FT_FACE_FIND_SERVICE( face, service, POSTSCRIPT_INFO ); + if ( service && service->ps_get_font_value ) + result = service->ps_get_font_value( face, key, idx, + value, value_len ); + } + return result; +} /* END */ diff --git a/src/cff/cffdrivr.c b/src/cff/cffdrivr.c index 4fd3436..bf2d016 100644 --- a/src/cff/cffdrivr.c +++ b/src/cff/cffdrivr.c @@ -4,8 +4,7 @@ /* */ /* OpenType font driver implementation (body). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, */ -/* 2010 by */ +/* Copyright 1996-2011 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -365,7 +364,8 @@ (PS_GetFontInfoFunc) cff_ps_get_font_info, (PS_GetFontExtraFunc) NULL, (PS_HasGlyphNamesFunc) cff_ps_has_glyph_names, - (PS_GetFontPrivateFunc)NULL /* unsupported with CFF fonts */ + (PS_GetFontPrivateFunc)NULL, /* unsupported with CFF fonts */ + (PS_GetFontValueFunc) NULL /* not implemented */ ) diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 6c4eed6..c62c589 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -5155,25 +5155,38 @@ D = CUR_Func_project( CUR.zp0.cur + L, CUR.zp1.cur + K ); else { - FT_Vector* vec1 = CUR.zp0.orus + L; - FT_Vector* vec2 = CUR.zp1.orus + K; + /* XXX: UNDOCUMENTED: twilight zone special case */ - - if ( CUR.metrics.x_scale == CUR.metrics.y_scale ) + if ( CUR.GS.gep0 == 0 || CUR.GS.gep1 == 0 ) { - /* this should be faster */ + FT_Vector* vec1 = CUR.zp0.org + L; + FT_Vector* vec2 = CUR.zp1.org + K; + + D = CUR_Func_dualproj( vec1, vec2 ); - D = TT_MULFIX( D, CUR.metrics.x_scale ); } else { - FT_Vector vec; + FT_Vector* vec1 = CUR.zp0.orus + L; + FT_Vector* vec2 = CUR.zp1.orus + K; + + + if ( CUR.metrics.x_scale == CUR.metrics.y_scale ) + { + /* this should be faster */ + D = CUR_Func_dualproj( vec1, vec2 ); + D = TT_MULFIX( D, CUR.metrics.x_scale ); + } + else + { + FT_Vector vec; - vec.x = TT_MULFIX( vec1->x - vec2->x, CUR.metrics.x_scale ); - vec.y = TT_MULFIX( vec1->y - vec2->y, CUR.metrics.y_scale ); + vec.x = TT_MULFIX( vec1->x - vec2->x, CUR.metrics.x_scale ); + vec.y = TT_MULFIX( vec1->y - vec2->y, CUR.metrics.y_scale ); - D = CUR_fast_dualproj( &vec ); + D = CUR_fast_dualproj( &vec ); + } } } } -- cgit v1.2.3