Merge branch 'master' into cff-fixbcd
diff --git a/src/Makefile.sources b/src/Makefile.sources
index e12d3b5..01ce0ac 100644
--- a/src/Makefile.sources
+++ b/src/Makefile.sources
@@ -1,6 +1,7 @@
# Base and default-included sources and headers
HB_BASE_sources = \
+ hb-aat-fdsc-table.hh \
hb-aat-layout-ankr-table.hh \
hb-aat-layout-bsln-table.hh \
hb-aat-layout-common.hh \
@@ -59,6 +60,7 @@
hb-ot-face.cc \
hb-ot-face.hh \
hb-ot-font.cc \
+ hb-ot-gasp-table.hh \
hb-ot-glyf-table.hh \
hb-ot-hdmx-table.hh \
hb-ot-head-table.hh \
diff --git a/src/hb-aat-fdsc-table.hh b/src/hb-aat-fdsc-table.hh
new file mode 100644
index 0000000..d432d7f
--- /dev/null
+++ b/src/hb-aat-fdsc-table.hh
@@ -0,0 +1,103 @@
+/*
+ * Copyright © 2018 Ebrahim Byagowi
+ *
+ * This is part of HarfBuzz, a text shaping library.
+ *
+ * Permission is hereby granted, without written agreement and without
+ * license or royalty fees, to use, copy, modify, and distribute this
+ * software and its documentation for any purpose, provided that the
+ * above copyright notice and the following two paragraphs appear in
+ * all copies of this software.
+ *
+ * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
+ * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
+ * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
+ * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+ */
+
+#ifndef HB_AAT_FDSC_TABLE_HH
+#define HB_AAT_FDSC_TABLE_HH
+
+#include "hb-aat-layout-common.hh"
+
+/*
+ * fdsc -- Font descriptors
+ * https://developer.apple.com/fonts/TrueType-Reference-Manual/RM06/Chap6fdsc.html
+ */
+#define HB_AAT_TAG_fdsc HB_TAG('f','d','s','c')
+
+
+namespace AAT {
+
+
+struct GXFontDescriptor
+{
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ Tag tag; /* The 4-byte table tag name. */
+ Fixed value; /* The value for the descriptor tag. */
+ public:
+ DEFINE_SIZE_STATIC (8);
+};
+
+struct gasp
+{
+ enum { tableTag = HB_AAT_TAG_fdsc };
+
+ enum {
+ Weight = HB_TAG ('w','g','h','t'),
+ /* Percent weight relative to regular weight.
+ * (defaul value: 1.0) */
+ Width = HB_TAG ('w','d','t','h'),
+ /* Percent width relative to regular width.
+ * (default value: 1.0) */
+ Slant = HB_TAG ('s','l','n','t'),
+ /* Angle of slant in degrees, where positive
+ * is clockwise from straight up.
+ * (default value: 0.0) */
+ OpticalSize = HB_TAG ('o','p','s','z'),
+ /* Point size the font was designed for.
+ * (default value: 12.0) */
+ NonAlphabetic= HB_TAG ('n','a','l','f')
+ /* These values are treated as integers,
+ * not fixed32s. 0 means alphabetic, and greater
+ * integers mean the font is non-alphabetic (e.g. symbols).
+ * (default value: 0) */
+ };
+
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this) &&
+ descriptors.sanitize (c));
+ }
+
+ protected:
+ Fixed version; /* Version number of the font descriptors
+ * table (0x00010000 for the current version). */
+ LArrayOf<GXFontDescriptor>
+ descriptors; /* List of tagged-coordinate pairs style descriptors
+ * that will be included to characterize this font.
+ * Each descriptor consists of a <tag, value> pair.
+ * These pairs are located in the gxFontDescriptor
+ * array that follows. */
+ public:
+ DEFINE_SIZE_ARRAY (8, descriptors);
+};
+
+} /* namespace AAT */
+
+
+#endif /* HB_AAT_FDSC_TABLE_HH */
diff --git a/src/hb-aat-layout.cc b/src/hb-aat-layout.cc
index e39df0e..08afa5d 100644
--- a/src/hb-aat-layout.cc
+++ b/src/hb-aat-layout.cc
@@ -29,6 +29,7 @@
#include "hb-ot-face.hh"
#include "hb-aat-layout.hh"
+#include "hb-aat-fdsc-table.hh" // Just so we compile it; unused otherwise.
#include "hb-aat-layout-ankr-table.hh"
#include "hb-aat-layout-bsln-table.hh" // Just so we compile it; unused otherwise.
#include "hb-aat-layout-feat-table.hh"
diff --git a/src/hb-ot-cff1-table.hh b/src/hb-ot-cff1-table.hh
index 01c0e43..39da8fa 100644
--- a/src/hb-ot-cff1-table.hh
+++ b/src/hb-ot-cff1-table.hh
@@ -392,13 +392,15 @@
return 0;
}
- inline hb_codepoint_t get_glyph (hb_codepoint_t sid) const
+ inline hb_codepoint_t get_glyph (hb_codepoint_t sid, unsigned int num_glyphs) const
{
if (sid == 0) return 0;
hb_codepoint_t glyph = 1;
for (unsigned int i = 0;; i++)
{
- if ((ranges[i].first <= sid) && sid <= ranges[i].first + ranges[i].nLeft)
+ if (glyph >= num_glyphs)
+ return 0;
+ if ((ranges[i].first <= sid) && (sid <= ranges[i].first + ranges[i].nLeft))
return glyph + (sid - ranges[i].first);
glyph += (ranges[i].nLeft + 1);
}
@@ -550,9 +552,9 @@
if (format == 0)
return u.format0.get_glyph (sid, num_glyphs);
else if (format == 1)
- return u.format1.get_glyph (sid);
+ return u.format1.get_glyph (sid, num_glyphs);
else
- return u.format2.get_glyph (sid);
+ return u.format2.get_glyph (sid, num_glyphs);
}
HBUINT8 format;
@@ -1092,6 +1094,7 @@
CFF1FontDict_Interpreter font_interp;
font_interp.env.init (fontDictStr);
font = fontDicts.push ();
+ if (unlikely (font == &Crap(CFF1FontDictValues))) { fini (); return; }
font->init ();
if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
PRIVDICTVAL *priv = &privateDicts[i];
@@ -1131,7 +1134,7 @@
{
sc.end_processing ();
topDict.fini ();
- fontDicts.fini ();
+ fontDicts.fini_deep ();
privateDicts.fini_deep ();
hb_blob_destroy (blob);
blob = nullptr;
diff --git a/src/hb-ot-cff2-table.hh b/src/hb-ot-cff2-table.hh
index 3c4191c..178acf0 100644
--- a/src/hb-ot-cff2-table.hh
+++ b/src/hb-ot-cff2-table.hh
@@ -486,6 +486,7 @@
CFF2FontDict_Interpreter font_interp;
font_interp.env.init (fontDictStr);
font = fontDicts.push ();
+ if (unlikely (font == &Crap(CFF2FontDictValues))) { fini (); return; }
font->init ();
if (unlikely (!font_interp.interpret (*font))) { fini (); return; }
@@ -506,7 +507,7 @@
inline void fini (void)
{
sc.end_processing ();
- fontDicts.fini ();
+ fontDicts.fini_deep ();
privateDicts.fini_deep ();
hb_blob_destroy (blob);
blob = nullptr;
diff --git a/src/hb-ot-gasp-table.hh b/src/hb-ot-gasp-table.hh
new file mode 100644
index 0000000..73c5b3f
--- /dev/null
+++ b/src/hb-ot-gasp-table.hh
@@ -0,0 +1,84 @@
+/*
+ * Copyright © 2018 Ebrahim Byagowi
+ *
+ * This is part of HarfBuzz, a text shaping library.
+ *
+ * Permission is hereby granted, without written agreement and without
+ * license or royalty fees, to use, copy, modify, and distribute this
+ * software and its documentation for any purpose, provided that the
+ * above copyright notice and the following two paragraphs appear in
+ * all copies of this software.
+ *
+ * IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE TO ANY PARTY FOR
+ * DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
+ * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN
+ * IF THE COPYRIGHT HOLDER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * THE COPYRIGHT HOLDER SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING,
+ * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ * ON AN "AS IS" BASIS, AND THE COPYRIGHT HOLDER HAS NO OBLIGATION TO
+ * PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
+ */
+
+#ifndef HB_OT_GASP_TABLE_HH
+#define HB_OT_GASP_TABLE_HH
+
+#include "hb-open-type.hh"
+#include "hb-ot-hhea-table.hh"
+#include "hb-ot-os2-table.hh"
+#include "hb-ot-var-hvar-table.hh"
+
+/*
+ * gasp -- Grid-fitting and Scan-conversion Procedure
+ * https://docs.microsoft.com/en-us/typography/opentype/spec/gasp
+ */
+#define HB_OT_TAG_gasp HB_TAG('g','a','s','p')
+
+
+namespace OT {
+
+struct GaspRange
+{
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ HBUINT16 rangeMaxPPEM; /* Upper limit of range, in PPEM */
+ HBUINT16 rangeGaspBehavior;
+ /* Flags describing desired rasterizer behavior. */
+ public:
+ DEFINE_SIZE_STATIC (4);
+};
+
+struct gasp
+{
+ enum { tableTag = HB_OT_TAG_gasp };
+
+ inline const GaspRange &get_gasp_range (unsigned int i) const
+ { return gaspRanges[i]; }
+
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this) &&
+ gaspRanges.sanitize (c));
+ }
+
+ protected:
+ HBUINT16 version; /* Version number (set to 1) */
+ ArrayOf<GaspRange>
+ gaspRanges; /* Number of records to follow
+ * Sorted by ppem */
+ public:
+ DEFINE_SIZE_ARRAY (4, gaspRanges);
+};
+
+} /* namespace OT */
+
+
+#endif /* HB_OT_GASP_TABLE_HH */
diff --git a/src/hb-ot-layout.cc b/src/hb-ot-layout.cc
index b08ee7f..67ce923 100644
--- a/src/hb-ot-layout.cc
+++ b/src/hb-ot-layout.cc
@@ -35,11 +35,12 @@
#include "hb-map.hh"
#include "hb-ot-kern-table.hh"
+#include "hb-ot-gasp-table.hh" // Just so we compile it; unused otherwise.
#include "hb-ot-layout-gdef-table.hh"
#include "hb-ot-layout-gsub-table.hh"
#include "hb-ot-layout-gpos-table.hh"
-#include "hb-ot-layout-base-table.hh" // Just so we compile it; unused otherwise
-#include "hb-ot-layout-jstf-table.hh" // Just so we compile it; unused otherwise
+#include "hb-ot-layout-base-table.hh" // Just so we compile it; unused otherwise.
+#include "hb-ot-layout-jstf-table.hh" // Just so we compile it; unused otherwise.
#include "hb-ot-name-table.hh"
#include "hb-ot-os2-table.hh"
diff --git a/src/hb-ot-os2-table.hh b/src/hb-ot-os2-table.hh
index e53eda7..46e8b70 100644
--- a/src/hb-ot-os2-table.hh
+++ b/src/hb-ot-os2-table.hh
@@ -30,7 +30,7 @@
#include "hb-open-type.hh"
#include "hb-ot-os2-unicode-ranges.hh"
-namespace OT {
+#include "hb-set.hh"
/*
* OS/2 and Windows Metrics
@@ -38,16 +38,65 @@
*/
#define HB_OT_TAG_OS2 HB_TAG('O','S','/','2')
-struct OS2
-{
- enum { tableTag = HB_OT_TAG_OS2 };
+namespace OT {
+
+struct OS2V1Tail
+{
inline bool sanitize (hb_sanitize_context_t *c) const
{
TRACE_SANITIZE (this);
return_trace (c->check_struct (this));
}
+ public:
+ HBUINT32 ulCodePageRange1;
+ HBUINT32 ulCodePageRange2;
+ public:
+ DEFINE_SIZE_STATIC (8);
+};
+
+struct OS2V2Tail
+{
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ HBINT16 sxHeight;
+ HBINT16 sCapHeight;
+ HBUINT16 usDefaultChar;
+ HBUINT16 usBreakChar;
+ HBUINT16 usMaxContext;
+ public:
+ DEFINE_SIZE_STATIC (10);
+};
+
+struct OS2V5Tail
+{
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ return_trace (c->check_struct (this));
+ }
+
+ public:
+ HBUINT16 usLowerOpticalPointSize;
+ HBUINT16 usUpperOpticalPointSize;
+ public:
+ DEFINE_SIZE_STATIC (4);
+};
+
+struct OS2
+{
+ enum { tableTag = HB_OT_TAG_OS2 };
+
+ inline const OS2V1Tail &v1 (void) const { return version >= 1 ? v1X : Null (OS2V1Tail); }
+ inline const OS2V2Tail &v2 (void) const { return version >= 2 ? v2X : Null (OS2V2Tail); }
+ inline const OS2V5Tail &v5 (void) const { return version >= 5 ? v5X : Null (OS2V5Tail); }
+
inline bool subset (hb_subset_plan_t *plan) const
{
hb_blob_t *os2_blob = hb_sanitize_context_t ().reference_table<OS2> (plan->source);
@@ -125,10 +174,18 @@
return (font_page_t) (fsSelection & 0xFF00);
}
+ inline bool sanitize (hb_sanitize_context_t *c) const
+ {
+ TRACE_SANITIZE (this);
+ if (unlikely (!c->check_struct (this))) return_trace (false);
+ if (unlikely (version >= 1 && !v1X.sanitize (c))) return_trace (false);
+ if (unlikely (version >= 2 && !v2X.sanitize (c))) return_trace (false);
+ if (unlikely (version >= 5 && !v5X.sanitize (c))) return_trace (false);
+ return_trace (true);
+ }
+
public:
HBUINT16 version;
-
- /* Version 0 */
HBINT16 xAvgCharWidth;
HBUINT16 usWeightClass;
HBUINT16 usWidthClass;
@@ -155,24 +212,11 @@
HBINT16 sTypoLineGap;
HBUINT16 usWinAscent;
HBUINT16 usWinDescent;
-
- /* Version 1 */
- //HBUINT32 ulCodePageRange1;
- //HBUINT32 ulCodePageRange2;
-
- /* Version 2 */
- //HBINT16 sxHeight;
- //HBINT16 sCapHeight;
- //HBUINT16 usDefaultChar;
- //HBUINT16 usBreakChar;
- //HBUINT16 usMaxContext;
-
- /* Version 5 */
- //HBUINT16 usLowerOpticalPointSize;
- //HBUINT16 usUpperOpticalPointSize;
-
+ OS2V1Tail v1X;
+ OS2V2Tail v2X;
+ OS2V5Tail v5X;
public:
- DEFINE_SIZE_STATIC (78);
+ DEFINE_SIZE_MIN (78);
};
} /* namespace OT */
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864
new file mode 100644
index 0000000..72fdfc6
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5175735354916864
Binary files differ
diff --git a/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992 b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992
new file mode 100644
index 0000000..82a462b
--- /dev/null
+++ b/test/fuzzing/fonts/clusterfuzz-testcase-minimized-hb-shape-fuzzer-5700264032468992
Binary files differ
