ref: 22befeef82ff8ab7100c0e40f93f748597674b31
parent: 842ec5ed623724f2139525a3ac11539994fd6b32
author: Alexei Podtelezhnikov <apodtele@gmail.com>
date: Thu Oct 7 18:41:56 EDT 2021
Signedness revisions. This eliminates explicit casting by switching to unsigned fields. The revisions mostly impact the handling of CID fonts. * include/freetype/fttypes.h (FT_Data): Change to unsigned `length`. * include/freetype/t1tables.h (CID_FaceDictRec): Ditto for `sd_bytes`. (CID_FaceInfoRec): Ditto for `gd_bytes` and `gd_bytes`. * include/freetype/internal/tttypes.h (TT_LoaderRec): Ditto for `byte_len`. * src/cid/cidgload.c (cid_load_glyph): Updated. * src/cid/cidload.h (cid_get_offset): Update argument. * src/cid/cidload.c (cid_get_offset, cid_read_subrs, cid_face_open): Updated. * src/cff/cffgload.c (cff_get_glyph_data, cff_free_glyph_data): Updated. * src/psaux/psft.c (cf2_getT1SeacComponent): Updated. * src/truetype/ttgload.c (TT_Process_Composite_Glyph, load_truetype_glyph): Updated.
--- a/docs/CHANGES
+++ b/docs/CHANGES
@@ -1,3 +1,15 @@
+CHANGES BETWEEN 2.11.0 and 2.11.1
+
+ I. IMPORTANT CHANGES
+
+ - Some fields in the `CID_FaceDictRec`, `CID_FaceInfoRec`, and
+ `FT_Data` structures have been changed from signed to unsigned
+ type, which better reflects the actual usage. It is also an
+ additional means to protect against malformed input.
+
+
+======================================================================
+
CHANGES BETWEEN 2.10.4 and 2.11.0
I. IMPORTANT CHANGES
--- a/include/freetype/fttypes.h
+++ b/include/freetype/fttypes.h
@@ -413,7 +413,7 @@
typedef struct FT_Data_
{
const FT_Byte* pointer;
- FT_Int length;
+ FT_UInt length;
} FT_Data;
--- a/include/freetype/internal/tttypes.h
+++ b/include/freetype/internal/tttypes.h
@@ -1734,7 +1734,7 @@
FT_UInt glyph_index;
FT_Stream stream;
- FT_Int byte_len;
+ FT_UInt byte_len;
FT_Short n_contours;
FT_BBox bbox;
--- a/include/freetype/t1tables.h
+++ b/include/freetype/t1tables.h
@@ -360,7 +360,7 @@
FT_UInt num_subrs;
FT_ULong subrmap_offset;
- FT_Int sd_bytes;
+ FT_UInt sd_bytes;
} CID_FaceDictRec;
@@ -415,8 +415,8 @@
FT_ULong xuid[16];
FT_ULong cidmap_offset;
- FT_Int fd_bytes;
- FT_Int gd_bytes;
+ FT_UInt fd_bytes;
+ FT_UInt gd_bytes;
FT_ULong cid_count;
FT_Int num_dicts;
--- a/src/cff/cffgload.c
+++ b/src/cff/cffgload.c
@@ -59,7 +59,7 @@
*pointer = (FT_Byte*)data.pointer;
- *length = (FT_ULong)data.length;
+ *length = data.length;
return error;
}
@@ -94,7 +94,7 @@
data.pointer = *pointer;
- data.length = (FT_Int)length;
+ data.length = (FT_UInt)length;
face->root.internal->incremental_interface->funcs->free_glyph_data(
face->root.internal->incremental_interface->object, &data );
--- a/src/cid/cidgload.c
+++ b/src/cid/cidgload.c
@@ -63,7 +63,7 @@
#endif
- FT_TRACE1(( "cid_load_glyph: glyph index %d\n", glyph_index ));
+ FT_TRACE1(( "cid_load_glyph: glyph index %u\n", glyph_index ));
#ifdef FT_CONFIG_OPTION_INCREMENTAL
@@ -80,11 +80,11 @@
goto Exit;
p = (FT_Byte*)glyph_data.pointer;
- fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
+ fd_select = cid_get_offset( &p, cid->fd_bytes );
if ( glyph_data.length != 0 )
{
- glyph_length = (FT_ULong)( glyph_data.length - cid->fd_bytes );
+ glyph_length = glyph_data.length - cid->fd_bytes;
if ( !FT_QALLOC( charstring, glyph_length ) )
FT_MEM_COPY( charstring, glyph_data.pointer + cid->fd_bytes,
@@ -104,7 +104,7 @@
/* For ordinary fonts read the CID font dictionary index */
/* and charstring offset from the CIDMap. */
{
- FT_UInt entry_len = (FT_UInt)( cid->fd_bytes + cid->gd_bytes );
+ FT_UInt entry_len = cid->fd_bytes + cid->gd_bytes;
FT_ULong off1, off2;
@@ -114,10 +114,10 @@
goto Exit;
p = (FT_Byte*)stream->cursor;
- fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
- off1 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
+ fd_select = cid_get_offset( &p, cid->fd_bytes );
+ off1 = cid_get_offset( &p, cid->gd_bytes );
p += cid->fd_bytes;
- off2 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
+ off2 = cid_get_offset( &p, cid->gd_bytes );
FT_FRAME_EXIT();
if ( fd_select >= (FT_ULong)cid->num_dicts ||
--- a/src/cid/cidload.c
+++ b/src/cid/cidload.c
@@ -41,7 +41,7 @@
/* read a single offset */
FT_LOCAL_DEF( FT_ULong )
cid_get_offset( FT_Byte* *start,
- FT_Byte offsize )
+ FT_UInt offsize )
{
FT_ULong result;
FT_Byte* p = *start;
@@ -275,7 +275,7 @@
if ( (FT_ULong)num_dicts > stream->size / 100 )
{
FT_TRACE0(( "parse_fd_array: adjusting FDArray size"
- " (from %ld to %ld)\n",
+ " (from %ld to %lu)\n",
num_dicts,
stream->size / 100 ));
num_dicts = (FT_Long)( stream->size / 100 );
@@ -560,12 +560,12 @@
/* read the subrmap's offsets */
if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset ) ||
- FT_FRAME_ENTER( ( num_subrs + 1 ) * (FT_UInt)dict->sd_bytes ) )
+ FT_FRAME_ENTER( ( num_subrs + 1 ) * dict->sd_bytes ) )
goto Fail;
p = (FT_Byte*)stream->cursor;
for ( count = 0; count <= num_subrs; count++ )
- offsets[count] = cid_get_offset( &p, (FT_Byte)dict->sd_bytes );
+ offsets[count] = cid_get_offset( &p, dict->sd_bytes );
FT_FRAME_EXIT();
@@ -805,7 +805,7 @@
face->root.stream->size - parser->data_offset )
{
FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" ));
- FT_TRACE0(( " (from %ld to %ld bytes)\n",
+ FT_TRACE0(( " (from %lu to %lu bytes)\n",
parser->binary_length,
face->root.stream->size - parser->data_offset ));
parser->binary_length = face->root.stream->size -
@@ -833,10 +833,10 @@
/* sanity tests */
- if ( cid->fd_bytes < 0 || cid->gd_bytes < 1 )
+ if ( cid->gd_bytes == 0 )
{
FT_ERROR(( "cid_face_open:"
- " Invalid `FDBytes' or `GDBytes' value\n" ));
+ " Invalid `GDBytes' value\n" ));
error = FT_THROW( Invalid_File_Format );
goto Exit;
}
@@ -853,7 +853,7 @@
}
binary_length = face->cid_stream->size - cid->data_offset;
- entry_len = (FT_ULong)( cid->fd_bytes + cid->gd_bytes );
+ entry_len = cid->fd_bytes + cid->gd_bytes;
for ( n = 0; n < cid->num_dicts; n++ )
{
@@ -879,8 +879,7 @@
dict->private_dict.blue_fuzz = 1;
}
- if ( dict->sd_bytes < 0 ||
- ( dict->num_subrs && dict->sd_bytes < 1 ) )
+ if ( dict->num_subrs && dict->sd_bytes == 0 )
{
FT_ERROR(( "cid_face_open: Invalid `SDBytes' value\n" ));
error = FT_THROW( Invalid_File_Format );
@@ -907,7 +906,7 @@
if ( (FT_Int)dict->num_subrs < 0 ||
( dict->sd_bytes &&
dict->num_subrs > ( binary_length - dict->subrmap_offset ) /
- (FT_UInt)dict->sd_bytes ) )
+ dict->sd_bytes ) )
{
FT_ERROR(( "cid_face_open: Invalid `SubrCount' value\n" ));
error = FT_THROW( Invalid_File_Format );
--- a/src/cid/cidload.h
+++ b/src/cid/cidload.h
@@ -37,7 +37,7 @@
FT_LOCAL( FT_ULong )
cid_get_offset( FT_Byte** start,
- FT_Byte offsize );
+ FT_UInt offsize );
FT_LOCAL( FT_Error )
cid_face_open( CID_Face face,
--- a/src/psaux/psft.c
+++ b/src/psaux/psft.c
@@ -742,13 +742,13 @@
/* For ordinary fonts get the character data stored in the face record. */
{
glyph_data.pointer = type1->charstrings[glyph_index];
- glyph_data.length = (FT_Int)type1->charstrings_len[glyph_index];
+ glyph_data.length = type1->charstrings_len[glyph_index];
}
if ( !error )
{
FT_Byte* charstring_base = (FT_Byte*)glyph_data.pointer;
- FT_ULong charstring_len = (FT_ULong)glyph_data.length;
+ FT_ULong charstring_len = glyph_data.length;
FT_ASSERT( charstring_base + charstring_len >= charstring_base );
@@ -778,7 +778,7 @@
face = (T1_Face)decoder->builder.face;
data.pointer = buf->start;
- data.length = (FT_Int)( buf->end - buf->start );
+ data.length = (FT_UInt)( buf->end - buf->start );
if ( face->root.internal->incremental_interface )
face->root.internal->incremental_interface->funcs->free_glyph_data(
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1392,7 +1392,7 @@
FT_READ_USHORT( n_ins ) )
return error;
- FT_TRACE5(( " Instructions size = %d\n", n_ins ));
+ FT_TRACE5(( " Instructions size = %hu\n", n_ins ));
/* check it */
max_ins = loader->face->max_profile.maxSizeOfInstructions;
@@ -1400,10 +1400,10 @@
{
/* don't trust `maxSizeOfInstructions'; */
/* only do a rough safety check */
- if ( (FT_Int)n_ins > loader->byte_len )
+ if ( n_ins > loader->byte_len )
{
FT_TRACE1(( "TT_Process_Composite_Glyph:"
- " too many instructions (%d) for glyph with length %d\n",
+ " too many instructions (%hu) for glyph with length %u\n",
n_ins, loader->byte_len ));
return FT_THROW( Too_Many_Hints );
}
@@ -1686,7 +1686,7 @@
FT_ZERO( &inc_stream );
FT_Stream_OpenMemory( &inc_stream,
glyph_data.pointer,
- (FT_ULong)glyph_data.length );
+ glyph_data.length );
loader->stream = &inc_stream;
}
@@ -1694,8 +1694,7 @@
#endif /* FT_CONFIG_OPTION_INCREMENTAL */
- offset = tt_face_get_location( face, glyph_index,
- (FT_UInt*)&loader->byte_len );
+ offset = tt_face_get_location( face, glyph_index, &loader->byte_len );
if ( loader->byte_len > 0 )
{
@@ -1714,7 +1713,7 @@
error = face->access_glyph_frame( loader, glyph_index,
face->glyf_offset + offset,
- (FT_UInt)loader->byte_len );
+ loader->byte_len );
if ( error )
goto Exit;
@@ -1849,7 +1848,7 @@
/* (which consists of 10 bytes) */
error = face->access_glyph_frame( loader, glyph_index,
face->glyf_offset + offset + 10,
- (FT_UInt)loader->byte_len - 10 );
+ loader->byte_len - 10 );
if ( error )
goto Exit;
@@ -2105,7 +2104,7 @@
FT_UInt num_base_subgs = gloader->base.num_subglyphs;
FT_Stream old_stream = loader->stream;
- FT_Int old_byte_len = loader->byte_len;
+ FT_UInt old_byte_len = loader->byte_len;
FT_GlyphLoader_Add( gloader );