From 7ec694ddf25a313483044256f7ed88b644432e15 Mon Sep 17 00:00:00 2001 From: HinTak <htl10@users.sourceforge.net> Date: Wed, 7 Nov 2018 13:19:36 +0000 Subject: [PATCH 1/5] Use non-GRID-fitted values for metrics (#1363) * Use non-GRID-fitted values for metrics See freetype/src/base/ftobjs.c:ft_recompute_scaled_metrics() and the usage of GRID_FIT_METRICS inside. Fixes https://github.com/behdad/harfbuzz/issues/1262 * Update hb-ft.cc --- src/hb-ft.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/hb-ft.cc b/src/hb-ft.cc index 8b80b960b..9b9d787de 100644 --- a/src/hb-ft.cc +++ b/src/hb-ft.cc @@ -466,9 +466,9 @@ hb_ft_get_font_h_extents (hb_font_t *font HB_UNUSED, const hb_ft_font_t *ft_font = (const hb_ft_font_t *) font_data; hb_lock_t lock (ft_font->lock); FT_Face ft_face = ft_font->ft_face; - metrics->ascender = ft_face->size->metrics.ascender; - metrics->descender = ft_face->size->metrics.descender; - metrics->line_gap = ft_face->size->metrics.height - (ft_face->size->metrics.ascender - ft_face->size->metrics.descender); + metrics->ascender = FT_MulFix(ft_face->ascender, ft_face->size->metrics.y_scale); + metrics->descender = FT_MulFix(ft_face->descender, ft_face->size->metrics.y_scale); + metrics->line_gap = FT_MulFix( ft_face->height, ft_face->size->metrics.y_scale ) - (metrics->ascender - metrics->descender); if (font->y_scale < 0) { metrics->ascender = -metrics->ascender; From 64f0becd89cc2b0136c7dc1609abc9f957525cf8 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod <behdad@behdad.org> Date: Wed, 7 Nov 2018 09:10:55 -0500 Subject: [PATCH 2/5] [post] Fix bound checking --- src/hb-ot-post-table.hh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hb-ot-post-table.hh b/src/hb-ot-post-table.hh index b15a459b1..1772a10c1 100644 --- a/src/hb-ot-post-table.hh +++ b/src/hb-ot-post-table.hh @@ -124,7 +124,7 @@ struct post pool = &StructAfter<uint8_t> (v2.glyphNameIndex); const uint8_t *end = (uint8_t *) table + table_length; - for (const uint8_t *data = pool; data < end && data + *data <= end; data += 1 + *data) + for (const uint8_t *data = pool; data < end && data + *data < end; data += 1 + *data) index_to_offset.push (data - pool); } inline void fini (void) From 5ed816ab5900ac4ff7feca3d98cbd92e62fd1754 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod <behdad@behdad.org> Date: Wed, 7 Nov 2018 09:13:51 -0500 Subject: [PATCH 3/5] [post] Minor --- src/hb-ot-post-table.hh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/hb-ot-post-table.hh b/src/hb-ot-post-table.hh index 1772a10c1..00bd1bcb9 100644 --- a/src/hb-ot-post-table.hh +++ b/src/hb-ot-post-table.hh @@ -49,12 +49,15 @@ namespace OT { struct postV2Tail { + friend struct post; + inline bool sanitize (hb_sanitize_context_t *c) const { TRACE_SANITIZE (this); return_trace (glyphNameIndex.sanitize (c)); } + protected: ArrayOf<HBUINT16> glyphNameIndex; /* This is not an offset, but is the * ordinal number of the glyph in 'post' * string tables. */ @@ -62,6 +65,7 @@ struct postV2Tail namesX; /* Glyph names with length bytes [variable] * (a Pascal string). */ + public: DEFINE_SIZE_ARRAY2 (2, glyphNameIndex, namesX); }; From 7d91f07edf29c4923716af6cee8eb94f948ac91f Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod <behdad@behdad.org> Date: Wed, 7 Nov 2018 09:14:42 -0500 Subject: [PATCH 4/5] [post] Protect against huge empty tables --- src/hb-ot-post-table.hh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/hb-ot-post-table.hh b/src/hb-ot-post-table.hh index 00bd1bcb9..b29096f16 100644 --- a/src/hb-ot-post-table.hh +++ b/src/hb-ot-post-table.hh @@ -128,7 +128,9 @@ struct post pool = &StructAfter<uint8_t> (v2.glyphNameIndex); const uint8_t *end = (uint8_t *) table + table_length; - for (const uint8_t *data = pool; data < end && data + *data < end; data += 1 + *data) + for (const uint8_t *data = pool; + index_to_offset.len < 65535 && data < end && data + *data < end; + data += 1 + *data) index_to_offset.push (data - pool); } inline void fini (void) From 9d5027696e418b7c2a5ccbc18faafe6b9290d08b Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod <behdad@behdad.org> Date: Wed, 7 Nov 2018 09:16:53 -0500 Subject: [PATCH 5/5] [post] Return true on truncation Client can check that buffer was completely filled out and reallocate. --- src/hb-ot-post-table.hh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/hb-ot-post-table.hh b/src/hb-ot-post-table.hh index b29096f16..18f9976bc 100644 --- a/src/hb-ot-post-table.hh +++ b/src/hb-ot-post-table.hh @@ -148,10 +148,9 @@ struct post return false; if (!buf_len) return true; - if (buf_len <= s.len) /* What to do with truncation? Returning false for now. */ - return false; - strncpy (buf, s.arrayZ, s.len); - buf[s.len] = '\0'; + unsigned int len = MIN (buf_len - 1, s.len); + strncpy (buf, s.arrayZ, len); + buf[len] = '\0'; return true; }