Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve robustness #833

Merged
merged 11 commits into from
Jul 11, 2019
Merged

improve robustness #833

merged 11 commits into from
Jul 11, 2019

Conversation

cjchapman
Copy link
Contributor

This is a collection of general improvements in the overall robustness of the C code.

@cjchapman
[varread] improve robustness:
c0e77a5 
In order for var_freeavar to see a valid avar record under any error situation, modified var_loadavar so that axisCount is set in avar record after a successful allocation and initialization of segmentMaps, and also makes sure to initialize all valueMaps arrays in all segment maps before an attempt to allocate each valueMaps array.
@cjchapman
[t2cstr] improve robustness:
af41072 
* Added CHKUFLOW() macro call to each of the following T2 operators:
  tx_rmoveto, tx_hmoveto, tx_vmoveto
* Added IS_CFF2 flag check for all deprecated two-byte T2 opcodes.
  If they are seen in CFF2 then treat them as invalid.
* Added negative test against numBlends + numDeltaBlends to handleBlend.
* Added memset BCA with zeros before executing a charstring.
@cjchapman
[sfntread] improve robustness:
af007e0 
Added an overflow check to readTTCDirectory.
@cjchapman
[dynarr] improve robustness:
15ee145 
Fixed multiplication overflow check in dnaGrow.
@cjchapman
[cffwrite] improve robustness:
6da32d2 
* Added a new internal function cfwSindexInvalidString for consistent testing against a null or empty string for use by both cfwSindexAddString and cfwEndFont.
* Added a FDArray bounds check to writeCharStringsINDEX.
* Added a range check to cfwSindexGetString. An empty string is returned for an out of range string index.
@cjchapman
[cffread] improve robustness:
1dae692 
* Modified readEncoding so that gid from the Encoding table does not exceed the preallocated the size (cnt) of h->glyphs.array for both format 0 and format 1. If the check fails, it calls fatal with "invalid Encoding format".
* Modified readFDSelect so that gid from the FDSelect table format 3 does not exceed the preallocated the size (cnt) of h->glyphs.array.
* Added range checks to readFDArray and readFDSelect.
* Modified readCharset so that gid from the Charset table format 2 does not exceed the preallocated the size (cnt) of h->glyphs.array.
* Added a sanity check to readINDEX so that an INDEX table read from a font has its end >= begin.
* Modified readINDEX to reset offset & offSize in INDEX struct when count=0.
* Added array bounds checks to post2GetName.
* Added a call to buildGIDNames to the error case in postRead so that three parallel arrays are properly filled.
* Added a check for no glyphs in buildGIDNames.
* Added negative test against numBlends + numDeltaBlends to handleBlend.
* Modified a loop in readCharStringsINDEX to use h->glyphs.cnt (signed) as the loop count instead of index.count (unsigned) for consistency.
* Modified addID to check gid before accessing glyphs array.
* Added a new cffread flag CFR_CFF2_ONLY assumed with the existing flag CFR_FLATTEN_VF to disable reading CFF while flattening a CFF2 variable font.
* Additional fixes of N-size/offSize checks in ReadN() and ReadSubrIndex()
@cjchapman
[t1read] improve robustness:
4ddd28a 
* use vsnprintf instead of vsprintf in vmessage
* return NULL if sti is undefined in getString
* throw a fatal error if getString returns NULL in mmInit
* memset t1rCtx structure to zero in t1rNew
* ensure that cnt is at least 1 in initFDArray
* throw a fatal error if h->stm.str is NULL in srcSeek
* throw a fatal error if h->chars.index.cnt is 0 in readCIDMap
@cjchapman
[t1cstr] improve robustness:
2ae9a51 
* improved bounds checking in do_store
* improved bounds checking and added null pointer check in do_load
@cjchapman
[pstoken] improve robustness:
130b132 
* return an error if h->plain.cnt is 0 in eexec_refill
* changed read1 from macro to a function to facilitate debugging
* added recursion depth checking to skipDictionary and skipAngle
* added checks for error code from read1 to skipDictionary and skipAngle
@cjchapman
[tx_shared] improve robustness:
0653c78 
* check sfntVersion versus presence of `glyf`, `CFF`, or `CFF2` table
* changed sfrErrBadSfnt message from "unrecognized sfnt version" to "bad sfnt version"
@cjchapman
[cffwrite] code cleanup:
27e857c 
* reduced scope of null_str in cfwSindexGetString per feedback from Codacy
blueshade7
blueshade7 approved these changes Jul 10, 2019
View reviewed changes
Copy link
Contributor

@blueshade7 blueshade7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@miguelsousa miguelsousa merged commit 60dd997 into develop Jul 11, 2019
@miguelsousa miguelsousa deleted the cjc-improve-robustness branch July 11, 2019 01:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@readroberts readroberts readroberts approved these changes

@blueshade7 blueshade7 blueshade7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cjchapman @readroberts @blueshade7 @miguelsousa