[Git][freetype/freetype][wl/43151] 11 commits: [bzip2] Avoid use of uninitialized memory.

[Werner Lemberg (@wl)]

Werner Lemberg pushed to branch wl/43151 at FreeType / FreeType

Commits:

• d276bcb7
  by Werner Lemberg at 2022-01-09T07:48:59+01:00

  [bzip2] Avoid use of uninitialized memory.
  
  * src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
  `FT_NEW` for setting up `zip` to avoid uninitialized memory access while
  handling malformed PCF fonts later on.
  
  Fixes
  
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
  

• 0d343863
  by David Turner at 2022-01-09T21:38:29+01:00

  [meson] Change Zlib configuration option.
  
  * meson_options.txt, meson.build: Change the format of the 'zlib' meson
  build configuration option to be a combo with the following choices:
  
    - none: Do not support gzip-compressed streams at all.
  
    - internal: Support gzip-compressed streams using the copy of the gzip
      sources under `src/gzip/`; this should only be used during development
      to ensure these work properly.
  
    - external: Support gzip-compressed streams using the 'zlib' Meson
      subproject, linked as a static library.
  
    - system: Support gzip-compressed streams using a system-installed version
      of zlib.
  
    - auto: Support gzip-compressed streams using a system-installed version
      of zlib, if available, or using the 'zlib' subproject otherwise.  This
      is the default.
  
    - disabled: Backward-compatible alias for 'none'.
  
    - enabled: Backward-compatible alias for 'auto'.
  

• a25e85ed
  by David Turner at 2022-01-09T23:16:00+01:00

  [gzip] Update sources to zlib 1.2.11
  
  This can be tested by building with the Unix development build
  
    make setup devel
    make
  
  or by building the freetype-demos programs with
  
    meson setup build -Dfreetype2:zlib=internal
    meson compile -C out
  
  and trying to run `ftview` with a `.pcf.gz` font file.
  
  * src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources.  Also
  remove the temporary fix introduced in commit 6a431038 to work around the
  fact that the internal sources were too old.
  
  * src/gzip/README.freetype: New file describing the origin of the sources
  and how they were modified.
  
  * src/gzip/patches/*: Patch files applied to original sources.
  
  * src/gzip/*: Updated zlib sources with the patch file(s) from
  `src/gzip/patches/` applied, followed by a conversion with zlib's
  `zlib2ansi` script.
  

• da8a8b8b
  by Werner Lemberg at 2022-01-10T18:13:10+01:00

  [zlib] Some organizational changes.
  
  We now first apply zlib's `zlib2ansi` script, then FreeType's patch file.
  
  * src/gzip/README.freetype: Updated.
  
  * patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed
  to...
  * patches/freetype-zlib.diff: This.
  Clean up description, then regenerate it as follows:
  
    - Copy unmodified files from `zlib` repository.
    - Run `zlib2ansi` script.
    - Run `git diff -R > patches/freetype-zlib.diff.new`.
    - Insert patch description of old diff file, then replace old diff with
      new diff file.
  

• 3f9b78fc
  by Werner Lemberg at 2022-01-10T18:24:56+01:00

  [zlib] Don't typedef `ptrdiff_t`.
  
  While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually
  include some standard header files, making the typedef fail on systems where
  the native `ptrdiff_t` type differs.
  
  Fixes #1124.
  
  * src/zlib/zutil.h: Comment out definition; it doesn't work on Windows.
  
  * src/zlib/patches/freetype-zlib.diff: Updated.
  

• 4a89112b
  by Werner Lemberg at 2022-01-10T18:31:17+00:00

  * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Add limit checks.
  
  Reported as
  
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40716
  

• 2e62b744
  by Werner Lemberg at 2022-01-11T05:37:56+01:00

  * subprojects/zlib.wrap: Update from upstream.
  

• 4c0db607
  by Werner Lemberg at 2022-01-11T07:52:28+01:00

  .gitlab-ci.yml: Update Windows image.
  
  The old image produced errors like
  
  ```
  Downloading zlib patch from
    https://wrapdb.mesonbuild.com/v2/zlib_1.2.11-5/get_patch
  A fallback URL could be specified using patch_fallback_url key in the wrap file
  WrapDB connection failed to
    https://wrapdb.mesonbuild.com/v2/zlib_1.2.11-5/get_patch
  with error
    <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
     failed: certificate has expired (_ssl.c:1122)>
  ```
  

• 33626164
  by Werner Lemberg at 2022-01-11T08:01:30+01:00

  .gitlab-ci.yml: Fix typo in previous commit.
  

• 639a0215
  by Werner Lemberg at 2022-01-11T09:14:48+01:00

  * src/type42/t42objs.c (T42_Open_Face): Avoid use of uninitialized memory.
  
  Reported as
  
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43508
  

• 947fddc8
  by Werner Lemberg at 2022-01-11T08:27:26+00:00

  * src/sfnt/ttcolr.c (read_paint): Fix undefined left-shift operation.
  
  Reported as
  
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43151
  

17 changed files:

• .gitlab-ci.yml
• meson.build
• meson_options.txt
• src/bzip2/ftbzip2.c
• + src/gzip/README.freetype
• src/gzip/adler32.c
• + src/gzip/crc32.c
• + src/gzip/crc32.h
• src/gzip/ftgzip.c
• src/gzip/ftzconf.h
• + src/gzip/gzguts.h
• + src/gzip/infback.c
• − src/gzip/infblock.c
• − src/gzip/infblock.h
• − src/gzip/infcodes.c
• + src/gzip/inffast.c
• src/gzip/infcodes.h → src/gzip/inffast.h

The diff was not included because it is too large.

—
View it on GitLab.
You're receiving this email because of your account on gitlab.freedesktop.org. If you'd like to receive fewer emails, you can adjust your notification settings.