To avoid any possibility of uninitialized memory.
The exceptions are:
- where the allocation is immediately overwritten by a memcpy or struct copy.
- arrays of structs to avoid any performance impact (except when the
array is returned by the public API).
The original "slim" symbol rewriting was added without any shred of a
set of performance evaluation, and mostly copy-pasted from a very early
version of pixman. Pixman itself never used them, and most C
libraries—like GLib and GTK—have dropped similar mechanisms over the
past 15 years, as linkers have improved considerably in the meantime.
Modern linkers provide functionality to avoid intra-library PLT jump
through flags like `-Bsymbolic-functions`; we should use that, instead,
and keep the code base more maintainable and debuggable.
Add a way to define a custom color palette as
part of cairo_font_options_t. To use the custom
palette when rendering color fonts, set the palette
index to CAIRO_COLOR_PALETTE_CUSTOM.
The documentation for cairo_font_options_status says it can return
either CAIRO_STATUS_SUCCESS or CAIRO_STATUS_NO_MEMORY, but the
implementation can also return CAIRO_STATUS_NULL_POINTER, which wasn't
mentioned.
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
The variations member of cairo_font_options_t is allocated,
so we need to have a method to free it for cases where
the struct is embedded in larger structs, such as cairo_ft_options_t.
A 'Since' field on non-public functions is not very meaningful,
because their signature, implementation and semantic is subject to
change without any visibility outside of cairo.
The following Python script was used to compute "Since: 1.X" tags,
based on the first version where a symbol became officially supported.
This script requires a concatenation of the the cairo public headers
for the officially supported beckends to be available as
"../../includes/1.X.0.h".
from sys import argv
import re
syms = {}
def stripcomments(text):
def replacer(match):
s = match.group(0)
if s.startswith('/'):
return ""
else:
return s
pattern = re.compile(
r'//.*?$|/\*.*?\*/|\'(?:\\.|[^\\\'])*\'|"(?:\\.|[^\\"])*"',
re.DOTALL | re.MULTILINE
)
return re.sub(pattern, replacer, text)
for minor in range(12,-2,-2):
version = "1.%d" % minor
names = re.split('([A-Za-z0-9_]+)', stripcomments(open("../../includes/%s.0.h" % version).read()))
for s in names: syms[s] = version
for filename in argv[1:]:
is_public = False
lines = open(filename, "r").read().split("\n")
newlines = []
for i in range(len(lines)):
if lines[i] == "/**":
last_sym = lines[i+1][2:].strip().replace(":", "")
is_public = last_sym.lower().startswith("cairo")
elif is_public and lines[i] == " **/":
if last_sym in syms:
v = syms[last_sym]
if re.search("Since", newlines[-1]): newlines = newlines[:-1]
if newlines[-1].strip() != "*": newlines.append(" *")
newlines.append(" * Since: %s" % v)
else:
print "%s (%d): Cannot determine the version in which '%s' was introduced" % (filename, i, last_sym)
newlines.append(lines[i])
out = open(filename, "w")
out.write("\n".join(newlines))
out.close()
Documentation comments should always start with "/**" and end with
"**/". This is not required by gtk-doc, but it makes the
documentations formatting more consistent and simplifies the checking
of documentation comments.
The following Python script tries to enforce this.
from sys import argv
from sre import search
for filename in argv[1:]:
in_doc = False
lines = open(filename, "r").read().split("\n")
for i in range(len(lines)):
ls = lines[i].strip()
if ls == "/**":
in_doc = True
elif in_doc and ls == "*/":
lines[i] = " **/"
if ls.endswith("*/"):
in_doc = False
out = open(filename, "w")
out.write("\n".join(lines))
out.close()
This fixes most 'documentation comment not closed with **/' warnings
by check-doc-syntax.awk.
I did this manually so I could review the docs at the same time.
If anyone finds typos or other mistakes I did, please complain to me (or
better: fix them).
This adds internal API to retrieve the LCD filtering parameters from
fontconfig, or as set on the Screen, and feed them to FreeType when
rendering the glyph.
References:
Bug 10301 - LCD filtering patch
https://bugs.freedesktop.org/show_bug.cgi?id=10301
Tested-by: Brandon Wright <bearoso@gmail.com>
Forward-ported-by: Robert Hooker <sarvatt@gmail.cm>
ickle: The API is clearly not ready for public consumption, the enum are
poorly named, however this stands by itself as enabling system wide
properties.
I updated the Free Software Foundation address using the following script.
for i in $(git grep Temple | cut -d: -f1 )
do
sed -e 's/59 Temple Place[, -]* Suite 330, Boston, MA *02111-1307[, ]* USA/51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA/' -i "$i"
done
Fixes http://bugs.freedesktop.org/show_bug.cgi?id=21356
We reverted the public API for setting lcd_filter font options
back in 1b42bc8033 , but we had left the implementation which
would examine fontconfig and Xft properties for the option, and
which would call into freetype for subpixel glyph rasterization.
However, I recently realized, (and the test suite had been trying
to tell me for a while), that this approach would cause a
regression for users who were previously using sub-pixel text,
but without sub-pixel rendering built directly into freetype.
That's not acceptable, so all the code is coming out for now.
During the cairo summit it was decided that this API is to freetype-
specific to be in the general cairo interface for now. This will
likely come back again soon as a cairo_ft-specific interface.
Within the library, we know the precise size of the struct and so can
allocate temporary font options on the stack - eliminating the need
to export an internal alias of cairo_font_options_(create|destory).
Partial revert of commit 0086db893c.
This is a follow to the earlier commit that allowed creation of scaled
fonts using a NULL font options (by interpreting the NULL as meaning
use the default options) to reflect the comments made by Behdad
(http://lists.cairographics.org/archives/cairo/2008-January/012714.html).
The intent is that the public font options getter/setter API has similar
defensive behaviour to that of the core objects - i.e. do not overwrite
the nil object and if the object is in error then return the default
value. For the indirect use of a NULL/nil font options (e.g. creation of
scaled fonts), then an error should be returned rather than crashing.
By switching to cairo_font_options_status() instead of checking against
the _cairo_font_options_nil error object, the API is protected from NULL
dereferences.
On IRC Drakou reported a user error whereby cairo_scaled_font_create()
was called with a NULL cairo_font_options_t. However, instead of
reporting the error back to the user, cairo instead segfaulted trying
to dereference the NULL pointer!
Add a guard to check that the options is not NULL.
Every time we assign or return a hard-coded error status wrap that value
with a call to _cairo_error(). So the idiom becomes:
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
or
return _cairo_error (CAIRO_STATUS_INVALID_DASH);
This ensures that a breakpoint placed on _cairo_error() will trigger
immediately cairo detects the error.
The design is for the user to create a cairo_font_options_t object with
cairo_font_options_create() and then is free to use it with any Cairo
operation. This requires us to check when we may be about to overwrite
the read-only nil object.
Previously, the convention was that static ones started with cairo_, but
renamed to start with _cairo_ when they were needed from other files and
became cairo_private instead of static...
This is error prune indeed, and two symbols were already violating. Now
all nil objects start with _cairo_.
This patch was produced with the following (GNU) sed script:
sed -i -r -e 's/[ \t]+$//'
run on all *.[ch] files within cairo.
Note that the above script would have also created all the changes
from the previous commits to remove trailing whitespace.
This patch was produced with the following (GNU) sed script:
sed -i -r -e '/^[ \t]*\/?\*/ s/[ \t]+$//'
run on all *.[ch] files within cairo, (though I manually excluded
src/cairo-atsui-font.c which has a code line that appears as a comment
to this script).
src/cairo-font.c src/cairo.h src/cairoint.h: Add a cairo_font_options_t object to cairo_scaled_font_create().
src/cairo-surface.c src/cairoint.h: Add virtualized cairo_surface_get_font_options() to get the font options for a surface.
Adapt to cairo_scaled_font_create() change.
Add an implementation of get_font_options() that turns off metrics hinting.
src/cairo-xlib-screen.c src/cairo-xlib-private.h: Add a "screen info" structure that holds (for now) information about the default font options for the screen.
Implement get_font_options()
src/cairo-ft-font.c src/cairo-ft.h: Add functions to apply a cairo_font_options_t to a FcPattern or get the load flags for a cairo_font_options_t.
Adapt to font options additions. Add support for non-antialiased rendering of scalable fonts. Add support for turning off metrics hinting.
Adapt to font options additions.
doc/public/Makefile.am doc/public/cairo-sections.txt: Update.
reviewed by: cworth
