Bump version to 1.3.2.

Merge some TTF sanity check fixes from the TTF project.
2025-04-22 16:36:47 +02:00 · 2024-08-09 10:55:32 -04:00 · 2024-08-09 10:54:28 -04:00
6 changed files with 61 additions and 27 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -2,6 +2,12 @@ Changes in PDFio
 ================


+v1.3.2 (Month DD, YYYY)
+-----------------------
+
+- Added some more sanity checks to the TrueType font reader.
+
+
 v1.3.1 (August 5, 2024)
 -----------------------

--- a/24
+++ b/24
@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for pdfio 1.3.1.
+# Generated by GNU Autoconf 2.71 for pdfio 1.3.2.
 #
 # Report bugs to <https://github.com/michaelrsweet/pdfio/issues>.
 #
@ -610,8 +610,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='pdfio'
 PACKAGE_TARNAME='pdfio'
-PACKAGE_VERSION='1.3.1'
-PACKAGE_STRING='pdfio 1.3.1'
+PACKAGE_VERSION='1.3.2'
+PACKAGE_STRING='pdfio 1.3.2'
 PACKAGE_BUGREPORT='https://github.com/michaelrsweet/pdfio/issues'
 PACKAGE_URL='https://www.msweet.org/pdfio'

@ -1293,7 +1293,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures pdfio 1.3.1 to adapt to many kinds of systems.
+\`configure' configures pdfio 1.3.2 to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@ -1359,7 +1359,7 @@ fi

 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of pdfio 1.3.1:";;
+     short | recursive ) echo "Configuration of pdfio 1.3.2:";;
   esac
  cat <<\_ACEOF

@ -1456,7 +1456,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-pdfio configure 1.3.1
+pdfio configure 1.3.2
 generated by GNU Autoconf 2.71

 Copyright (C) 2021 Free Software Foundation, Inc.
@ -1612,7 +1612,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.

-It was created by pdfio $as_me 1.3.1, which was
+It was created by pdfio $as_me 1.3.2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was

  $ $0$ac_configure_args_raw
@ -2368,9 +2368,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu



-PDFIO_VERSION="1.3.1"
-PDFIO_VERSION_MAJOR="`echo 1.3.1 | awk -F. '{print $1}'`"
-PDFIO_VERSION_MINOR="`echo 1.3.1 | awk -F. '{printf("%d\n",$2);}'`"
+PDFIO_VERSION="1.3.2"
+PDFIO_VERSION_MAJOR="`echo 1.3.2 | awk -F. '{print $1}'`"
+PDFIO_VERSION_MINOR="`echo 1.3.2 | awk -F. '{printf("%d\n",$2);}'`"



@ -4935,7 +4935,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by pdfio $as_me 1.3.1, which was
+This file was extended by pdfio $as_me 1.3.2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
@ -4991,7 +4991,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-pdfio config.status 1.3.1
+pdfio config.status 1.3.2
 configured by $0, generated by GNU Autoconf 2.71,
  with options \\"\$ac_cs_config\\"

--- a/configure.ac
+++ b/configure.ac
@ -21,7 +21,7 @@ AC_PREREQ([2.70])


 dnl Package name and version...
-AC_INIT([pdfio], [1.3.1], [https://github.com/michaelrsweet/pdfio/issues], [pdfio], [https://www.msweet.org/pdfio])
+AC_INIT([pdfio], [1.3.2], [https://github.com/michaelrsweet/pdfio/issues], [pdfio], [https://www.msweet.org/pdfio])

 PDFIO_VERSION="AC_PACKAGE_VERSION"
 PDFIO_VERSION_MAJOR="`echo AC_PACKAGE_VERSION | awk -F. '{print $1}'`"
--- a/pdfio_native.nuspec
+++ b/pdfio_native.nuspec
@ -3,7 +3,7 @@
    <metadata>
        <id>pdfio_native</id>
        <title>PDFio Library for VS2019+</title>
-        <version>1.3.1</version>
+        <version>1.3.2</version>
        <authors>Michael R Sweet</authors>
        <owners>michaelrsweet</owners>
        <projectUrl>https://github.com/michaelrsweet/pappl</projectUrl>
@ -16,7 +16,7 @@
        <copyright>Copyright © 2019-2024 by Michael R Sweet</copyright>
        <tags>pdf file native</tags>
 	<dependencies>
-	    <dependency id="pdfio_native.redist" version="1.3.1" />
+	    <dependency id="pdfio_native.redist" version="1.3.2" />
 	    <dependency id="zlib_native.redist" version="1.2.11" />
 	</dependencies>
    </metadata>
--- a/pdfio_native.redist.nuspec
+++ b/pdfio_native.redist.nuspec
@ -3,7 +3,7 @@
    <metadata>
        <id>pdfio_native.redist</id>
        <title>PDFio Library for VS2019+</title>
-        <version>1.3.1</version>
+        <version>1.3.2</version>
        <authors>Michael R Sweet</authors>
        <owners>michaelrsweet</owners>
        <projectUrl>https://github.com/michaelrsweet/pappl</projectUrl>
--- a/ttf.c
+++ b/ttf.c
@ -100,6 +100,8 @@ typedef __int64 ssize_t;		// POSIX type not present on Windows...

 #define TTF_FONT_MAX_CHAR	262144	// Maximum number of character values
 #define TTF_FONT_MAX_GROUPS	65536	// Maximum number of sub-groups
+#define TTF_FONT_MAX_NAMES	16777216// Maximum size of names table we support
+

 //
 // TTF/OFF tag constants...
@ -254,7 +256,7 @@ typedef struct _ttf_off_hhea_s		// Horizontal header
 {
  short		ascender,		// Ascender
 		descender;		// Descender
-  int		numberOfHMetrics;	// Number of horizontal metrics
+  unsigned short numberOfHMetrics;	// Number of horizontal metrics
 } _ttf_off_hhea_t;

 typedef struct _ttf_off_os_2_s		// OS/2 information
@ -1272,20 +1274,27 @@ read_cmap(ttf_t *font)			// I - Font
          for (i = 0; i < numGlyphIdArray; i ++)
            glyphIdArray[i] = read_ushort(font);

-#ifdef DEBUG
-          for (i = 0; i < segCount; i ++)
-            TTF_DEBUG("read_cmap: segment[%d].startCode=%d, endCode=%d, idDelta=%d, idRangeOffset=%d\n", i, segments[i].startCode, segments[i].endCode, segments[i].idDelta, segments[i].idRangeOffset);
+          for (i = 0, segment = segments; i < segCount; i ++, segment ++)
+          {
+            TTF_DEBUG("read_cmap: segment[%d].startCode=%d, endCode=%d, idDelta=%d, idRangeOffset=%d\n", i, segment->startCode, segment->endCode, segment->idDelta, segment->idRangeOffset);

+            if (segment->startCode > segment->endCode)
+            {
+	      errorf(font, "Bad cmap table segment %u to %u.", segments->startCode, segment->endCode);
+	      return (false);
+            }
+
+            // Based on the end code of the segment table, allocate space for the
+            // uncompressed cmap table...
+            if (segment->endCode >= font->num_cmap)
+	      font->num_cmap = segment->endCode + 1;
+          }
+
+#ifdef DEBUG
          for (i = 0; i < numGlyphIdArray; i ++)
            TTF_DEBUG("read_cmap: glyphIdArray[%d]=%d\n", i, glyphIdArray[i]);
 #endif /* DEBUG */

-          // Based on the end code of the segent table, allocate space for the
-          // uncompressed cmap table...
-//          segCount --;			// Last segment is not used (sigh)
-
-	  font->num_cmap = segments[segCount - 1].endCode + 1;
-
 	  if (font->num_cmap > TTF_FONT_MAX_CHAR)
 	  {
 	    errorf(font, "Invalid cmap table with %u characters.", (unsigned)font->num_cmap);
@ -1382,6 +1391,12 @@ read_cmap(ttf_t *font)			// I - Font
 	    group->startGlyphID  = read_ulong(font);
 	    TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, startGlyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->startGlyphID);

+            if (group->startCharCode > group->endCharCode)
+            {
+	      errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
+	      return (false);
+            }
+
            if (group->endCharCode >= font->num_cmap)
              font->num_cmap = group->endCharCode + 1;
 	  }
@ -1465,6 +1480,12 @@ read_cmap(ttf_t *font)			// I - Font
 	    group->glyphID       = read_ulong(font);
 	    TTF_DEBUG("read_cmap: [%u] startCharCode=%u, endCharCode=%u, glyphID=%u\n", gidx, group->startCharCode, group->endCharCode, group->glyphID);

+            if (group->startCharCode > group->endCharCode)
+            {
+	      errorf(font, "Bad cmap table segment %u to %u.", group->startCharCode, group->endCharCode);
+	      return (false);
+            }
+
            if (group->endCharCode >= font->num_cmap)
              font->num_cmap = group->endCharCode + 1;
 	  }
@ -1598,7 +1619,7 @@ read_hmtx(ttf_t           *font,	// I - Font
          _ttf_off_hhea_t *hhea)	// O - hhea table data
 {
  unsigned	length;			// Length of hmtx table
-  int		i;			// Looping var
+  unsigned	i;			// Looping var
  _ttf_metric_t	*widths;		// Glyph metrics array


@ -1677,8 +1698,15 @@ read_names(ttf_t *font)			// I - Font
    return (false);

  font->names.storage_size = length - (unsigned)offset;
+  if (font->names.storage_size > TTF_FONT_MAX_NAMES)
+  {
+    errorf(font, "Name table too large - %u bytes.", (unsigned)font->names.storage_size);
+    return (false);
+  }
+
  if ((font->names.storage = malloc(font->names.storage_size)) == NULL)
    return (false);
+
  memset(font->names.storage, 'A', font->names.storage_size);

  for (i = font->names.num_names, name = font->names.names; i > 0; i --, name ++)
Author	SHA1	Message	Date
Michael R Sweet	1cec42f399	Bump version to 1.3.2.	2024-08-09 10:55:32 -04:00
Michael R Sweet	f3f70e7877	Merge some TTF sanity check fixes from the TTF project.	2024-08-09 10:54:28 -04:00