summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Bump ABI version and release 0.13.60.13.6Oleg Oshmyan2017-01-035-6/+10
| | | | | | sizeof(ASS_Style) is actually part of the ABI, so adding the Justify field in commit e54c123d5a08b6212533ddcced2cb1a50fa3d2b2 broke the ABI even though we tried to avoid it by placing the field at the end of the struct.
* Release 0.13.50.13.5Oleg Oshmyan2016-12-295-4/+18
|
* api: make ass_set_cache_limits() work on total bitmap cache sizesDr.Smile2016-12-292-4/+16
| | | | | | Previously was possible to set only bitmap_max_size, now requested memory amount is divided between bitmap_max_size and composite_max_size.
* Fix memory leak when Language header is defined more than onceOleg Oshmyan2016-12-291-0/+1
| | | | | Discovered by OSS-Fuzz. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=229.
* parse_tag: don't consume *end == ')' when called recursivelyOleg Oshmyan2016-12-291-1/+1
| | | | | This did not cause any problems, but it's nicer to guarantee that the return value is <= end.
* Fix buffer overread in parse_tag when end points to a spaceOleg Oshmyan2016-12-291-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | When parse_tag is invoked recursively to handle the animated tags inside a \t tag, the `end` argument is taken from the `end` field of a struct arg in the enclosing parse_tag. When struct arg is filled by push_arg, this field is always right-trimmed using rskip_spaces. Ultimately, the inner parse_tag invokation sees its `end` argument point not to the ')' or '}' of the \t as it expects but rather to the spaces preceding the ')' or '}'. At this point, when parse_tag calls skip_spaces, which is ignorant of the end pointer, it happily skips over the spaces preceding the ')', moving the pointer past `end`. Subsequent `pointer != end` comparisons in parse_tag fail (as in fact `pointer > end`), and parse_tag thinks it is still inside the substring to be parsed. This is harmless in many cases, but given either of the following inputs, parse_tag reads past the end of the actual buffer that stores the string: {\t(\ } {\t(\ )(} After this commit, parse_tag knows that `end` can point to a sequence of spaces and avoids calling skip_spaces on `end`, thus avoiding the overread. Discovered by OSS-Fuzz. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=194.
* directwrite: drop SAL annotationsOleg Oshmyan2016-12-281-16/+16
| | | | | | | MinGW and old versions of mingw-w64 don't define the SAL macros. They don't serve any value to us, so just remove them from our code. See https://github.com/libass/libass/pull/251.
* ass_strtod: correctly convert large negative exponentsOleg Oshmyan2016-11-211-4/+43
| | | | | | | | | | | | Avoid overflow in dblExp that prevents subnormal numbers from being generated (or small normal numbers if `double` supports many more negative exponents than positive): if `10**abs(exp)` would overflow and we actually want a negative exponent, switch to using precomputed negative powers of 10 rather than positive. Also avoid underflow for numbers with a large negative exponent where the exponent alone underflows but the significand has enough digits to cancel this out, e. g. in `10e-324` with IEEE 754 double.
* ass_strtod: don't cast away constOleg Oshmyan2016-11-211-2/+3
|
* ass_strtod: handle overflowing exponentsOleg Oshmyan2016-11-211-7/+37
| | | | | | | | | | | | The exponent may overflow an integer, e. g. in `14e888888888888888888888888888880000000000000000000000000000` on a 32-bit platform. Correctly handle this, including the case when the exponent overflows but the whole string still describes a valid floating-point number, e. g. in `1[4294967200 zeros]e-4294967300`. This fixes libass#244. Buffer overflow was fixed in 67f647e, and this ensures that the string is converted to the correct number.
* ass_strtod: skip leading zeros in mantissaOleg Oshmyan2016-11-211-3/+14
| | | | | | | | ass_strtod reads at most 18 leading digits of the mantissa. This previously included zeros, even though they are not significant digits, e. g. 0.000000000000000001e18 was converted to 0.0. After this commit, leading zeros before and after the decimal point will be skipped, so the above number will be correctly converted to 1.0.
* ass_strtod: don't report overflow for 0.0e[huge exponent]Oleg Oshmyan2016-11-211-1/+3
|
* ass_strtod: use size_t for substring lengthsOleg Oshmyan2016-11-211-18/+19
| | | | | This fixes overflow on extremely long input strings. See libass#244.
* Add text justificationDan Oscarsson2016-11-125-3/+48
| | | | | | | | | | | | | | | | | | | | | | | Subtitle recommendations often include that multi line subtitles should be left justified as this is easier for the eyes. This is also the standard used by several television companies. This add the possibility to define how subtitles are to be justified, independently of where they are aligned. The most common way could be to set justify to left, and have alignment to center. But you can, for example, have alignment to left and justify to center, giving subtitles to the left but justifed on the center (instead of normal left justified). Using justify right and alignment of center, might be good choice for Arabic. If justify is not defined, all works like before. If justify is defined, subtitles are aligned as defined by alignment and justified as defined by justify. ASS is not extended by this, justify can only be defined by setting Justify to wanted justification.
* Add CVE identifiers of the fuzzing fixes.Grigori Goronzy2016-10-051-1/+3
| | | | | As assigned by [1]. Unfortunately I only learned of the CVE assignments after the release.
* Release 0.13.40.13.4Grigori Goronzy2016-10-055-4/+12
|
* Remove unused variableGrigori Goronzy2016-10-051-3/+0
|
* Fix line wrapping mode 0/3 bugsGrigori Goronzy2016-10-051-1/+4
| | | | | | | | | | | | | | | | | | This fixes two separate bugs: a) Don't move a linebreak into the first symbol. This results in a empty line at the front, which does not help to equalize line lengths at all. Instead, merge line with the second one. b) When moving a linebreak into a symbol that already is a break, the number of lines must be decremented. Otherwise, uninitialized memory is possibly used for later layout operations. Found by fuzzer test case id:000085,sig:11,src:003377+003350,op:splice,rep:8. This might also affect and hopefully fix libass#229. v2: change semantics according to review
* Fix blur coefficient calculation buffer overflowGrigori Goronzy2016-10-041-1/+1
| | | | | Found by fuzzer test case id:000082,sig:11,src:002579,op:havoc,rep:8. Correctness should be checked, but this fixes the overflow for good.
* Fix memory leaksGrigori Goronzy2016-10-042-0/+2
| | | | Found by fuzzer test case id:000051,sig:11,sync:fuzzer3,src:004221.
* shaper: fix reallocationGrigori Goronzy2016-10-041-0/+1
| | | | | | | | Update the variable that tracks the allocated size. This potentially improves performance and avoid some side effects, which lead to undefined behavior in some cases. Fixes fuzzer test case id:000051,sig:11,sync:fuzzer3,src:004221.
* CI: Don't fail on MacOS if brew cannot remove libtool.torque2016-09-241-1/+1
| | | | | This is the better option, as it won't break the CI script if travis ends up removing the preinstalled libtool bundle for whatever reason.
* Fix broken MacOS CI.torque2016-09-241-1/+1
| | | | | | | At some point in the past Travis and homebrew colluded to break the preinstalled libtool on travis MacOS instances. Forcing brew to reinstall libtool seems to be the common solution that several other projects on github have used.
* Fix license titleGrigori Goronzy2016-09-241-1/+1
| | | | | I'm a dummy. Of course it is the ISC license. I started to relicense libass to ISC myself, after all.
* Release 0.13.30.13.3Grigori Goronzy2016-09-245-4/+12
|
* Improve license fileGrigori Goronzy2016-09-241-0/+4
| | | | Fixes libass#234.
* bitmap: use calloc instead of malloc/memsetRodger Combs2016-09-246-30/+25
| | | | This can improve perf somewhat with large bitmaps
* cache: fix ownership tracking issues of ASS_FontDr.Smile2016-07-162-1/+2
|
* font load from dir: use MSGL_INFO instead of MSGL_WARNAvi Halachmi (:avih)2016-07-111-1/+1
| | | | | | | | This is a normal course of action and should not generate a warning, especially for applications which use libass and might notify the user on such "warnings", while in fact it should be info or even verbose. Fixes #231
* render: add refcounting functionality to image listsDr.Smile2016-06-303-27/+43
|
* cache: keep referenced cache values alive after ass_cache_empty()Dr.Smile2016-06-302-86/+106
|
* render: keep track of any associated resources within ASS_ImageDr.Smile2016-06-303-115/+84
| | | | | That resources can be cached composite bitmap or raw bitmap buffer. Consequently, free lists are no longer needed.
* cache: keep ref_count of all active objects nonzeroDr.Smile2016-06-307-106/+164
|
* cache: replace size_func with parameter in ass_cache_commit()Dr.Smile2016-06-305-55/+34
|
* cache: remove ass_cache_cancel(), cache failures insteadDr.Smile2016-06-305-184/+228
|
* cache: switch to gradual cache clearingDr.Smile2016-06-308-198/+316
| | | | | | | | | | | Advantages over the old algorithm consist of the following. * There are no glitches due to full cache clearing. Items are arranged into linked list ordered by time of last use. Only the oldest items get deleted at the clearing event. * Each item now keeps track of number of references. Referenced cache values are immune to clearing. * Reduced amount of total cache memory for the same performance. * Reduced number of memory allocations per cache item.
* README: add QMPlay2 to list of projects using libassOleg Oshmyan2016-06-171-0/+1
| | | | Closes #225.
* shaper: drop RTL base direction for RTL font encodingsGrigori Goronzy2016-06-101-8/+4
| | | | | | | | VSFilter uses LTR base direction even if Arabic or Hebrew font encodings are used, so do the same. This resolves some reordering issues. Fixes #224.
* font: fix NULL pointer dereferenceHannes Domani2016-05-231-0/+3
|
* rasterizer: drop outlines with points at too large coordinatesDr.Smile2016-04-231-1/+12
| | | | | | | Such points can overflow internal calculations and usually produced as a result of NaN to integer conversion. Should fix #210.
* Merge pull request #217 from ssbssa/masterGrigori Goronzy2016-03-271-0/+4
|\ | | | | directwrite: fix leaks of IDWriteFontFamily/IDWriteFontCollection
| * directwrite: fix leaks of IDWriteFontFamily/IDWriteFontCollectionHannes Domani2016-03-271-0/+4
|/
* configure: use proper quoting on iconv testSean McGovern2016-03-131-2/+2
| | | | Unquoted strings cause an error when the test variable is empty.
* Merge pull request #214 from SeanMcG/upstreamGrigori Goronzy2016-03-101-1/+5
|\ | | | | Patches from VLC contrib collection
| * configure: add libiconv only when it is both present and requiredSean McGovern2016-03-091-0/+4
| |
| * configure: use correct ASFLAGS for yasm on SolarisSean McGovern2016-03-091-1/+1
|/
* configure.ac: add missing spaces to error messagewm42016-03-101-2/+2
|
* Release 0.13.20.13.2Oleg Oshmyan2016-02-204-6/+7
|
* Document default value for ass_set_check_readorderOleg Oshmyan2016-02-201-0/+1
|
* ass: handle movement==0 in ass_step_sub()wm42016-02-041-6/+12
| | | | Finds the start of the subtitle at "now".
* font: remove unused functionwm42016-01-142-27/+0
|
* ass: add ass_set_check_readorder() API functionwm42015-12-314-3/+24
| | | | | | | | Not all API users will keep the event list on seeking. This also gives the opportunity to API users to handle severely broken files with duplicate ReadOrder entries. (It is not known whether this is really needed, however VSFilter does not deduplicate using the ReadOrder field.)
* ass: declare mixing ass_flush_events() and ass_process_chunk() allowedwm42015-12-311-1/+2
| | | | | | This was always the intention, but the wording could be read as if this is not allowed. There was a bug that broke ass_flush_events() too, which gives all the more reason to clarify this.
* Changelog: create entry for the next versionwm42015-12-311-0/+6
| | | | | | | | | It's always such a bother to write the changelog on release. And in fact, there is no reason why the changelog should be written on release. It's easier to edit it as we commit fixes or features. I'm adding the changelog entries for the past two commits, and in the future, we should add entries as we commit bug fixes or new features.
* ass: reset the ReadOrder bitmap on ass_flush_events()wm42015-12-201-0/+3
| | | | | Otherwise, ass_process_chunk() will reject events that were previously removed with ass_flush_events(), which is nonsense.
* coretext: fix NULL CFStringRef dereferencewm42015-12-091-0/+2
|
* Release 0.13.10.13.1Oleg Oshmyan2015-12-014-3/+24
|
* coretext: don't fetch character set when it isn't neededOleg Oshmyan2015-12-011-3/+3
| | | | | This avoids unnecessary work and fixes a memory leak: the character set wasn't released when code == 0.
* fontselect: destroy private data of fonts that fail to be addedOleg Oshmyan2015-12-011-0/+4
|
* fontselect: fix bool return valuesOleg Oshmyan2015-12-011-6/+6
| | | | | | | Return true on success and false on failure. get_font_info was actually inconsistent, returning false both on success and on failure due to the face not being scalable.
* coretext: don't forget to release font format attributeOleg Oshmyan2015-11-071-0/+2
|
* fontselect: replace is_postscript flag with check_postscript functionOleg Oshmyan2015-11-045-86/+133
| | | | | | | | | | | | | | | | | | | | | | | DirectWrite does not provide fast access to the is_postscript flag, requiring each font to be loaded before its format can be determined. Eagerly doing this for every installed font can be quite slow, on the order of seconds. To improve performance, ask the font provider for this information only when it is actually needed, i.e. when one of the font's full names or its PostScript name matches a requested font name and we need to know whether to accept this match. The return value of check_postscript is not cached in this commit. This makes repeated calls slower than accessing is_postscript was. This should not be a problem, but if it is, the value can be cached (or precomputed) by font providers in their font private data. This commit also potentially increases the memory usage of some font providers by retaining data structures needed to implement check_postscript in their font private data. This should not be a problem either, but if it is, the value of check_postscript can be precomputed by all providers other than DirectWrite.
* directwrite: improve error handlingOleg Oshmyan2015-10-301-23/+51
| | | | | | | | | | * Check malloc and calloc return values. * Abort if a name can't be fetched, rather than supply a NULL string to fontselect causing it to crash. * Make sure to free all allocated memory. * Always check FAILED(hr) before using the value of any output argument returned by DirectWrite, because it is not clear whether they are guaranteed to have correct values in case of error.
* directwrite: slightly clean up the codeOleg Oshmyan2015-10-301-19/+17
| | | | | | | | | * Metrics are not used, so don't fetch them. * All variables except meta are always explicitly set before use, so don't initialize them. * Declare variables where they are used. * Use int loop variables when the loop bound is int. * Prefer post-increment to pre-increment.
* directwrite: split out the inner loop of scan_fonts as a separate functionOleg Oshmyan2015-10-301-109/+117
| | | | | | | | | | | | This has the side effect that the ASS_FontProviderMetaData instance is now cleared for every font rather than only once at the start of the search, which fixes some use-after-free scenarios and prevents the creation of chimeric fonts using names left over from other fonts processed earlier. This lays the groundwork for further code simplification and error handling improvements within this function, which will come in a separate commit. This commit is transparent to `git blame -w` except for return statements.
* Interpret timestamps with negative components more obviouslyOleg Oshmyan2015-10-291-2/+2
| | | | | Keep all components signed, allowing for timestamps like 00:01:-05.00 to denote 55 seconds. This matches the behavior of VSFilter.
* Fix several signedness bugsOleg Oshmyan2015-10-292-2/+2
| | | | Reported by gcc -Wall -Wextra.
* Fix Windows buildGrigori Goronzy2015-10-291-1/+3
| | | | | | | Some parts used in fontselect weren't properly defined. v2: RAW_CFF face type was added later, so it's at the end of the enum list.
* fontselect: silence warnings about discarding constOleg Oshmyan2015-10-291-2/+2
| | | | | | | | Fixing this properly involves constifying ASS_FontProviderMetaData and refactoring code that allocates and frees strings stored in it. This seems easy on the surface but turns out to be nontrivial when you actually try to do it. This may still be done at a later date, but for now, just add explicit casts.
* Fix the Linux build on Travis CIOleg Oshmyan2015-10-231-1/+6
| | | | | We need a newer Fontconfig than the default Ubuntu environment provides, so switch to a newer Ubuntu.
* fontselect: don't trim font namesOleg Oshmyan2015-10-233-39/+6
| | | | | | | | | | | | This matches the behavior of GDI and hence VSFilter. Note that \fn arguments are trimmed during parsing. However, none of the names inside fonts should be trimmed, and @-prefixed fonts should keep whitespace following the @, both of which this commit addresses. Remove strdup_trimmed because it is no longer used. Also remove the declaration of a function that was deleted a few months ago.
* fontselect: don't find fonts with PostScript outlines by full nameOleg Oshmyan2015-10-231-18/+13
| | | | | | | | | | | | Related to commit e00691e8096cc69e5651480155ebc61d9e079290: it turns out that GDI (and hence VSFilter) does not check full names of fonts that have PostScript outlines when searching for a font by name. To summarize the resulting behavior: * Fonts with PostScript outlines can be found by family name and by PostScript name. * Fonts without PostScript outlines can be found by family name and by full name.
* font: check FT_Get_Postscript_Name return value for NULLOleg Oshmyan2015-10-231-1/+3