| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
sizeof(ASS_Style) is actually part of the ABI, so adding the Justify field
in commit e54c123d5a08b6212533ddcced2cb1a50fa3d2b2 broke the ABI even
though we tried to avoid it by placing the field at the end of the struct.
|
| |
|
|
|
|
|
|
| |
Previously was possible to set only bitmap_max_size,
now requested memory amount is divided between
bitmap_max_size and composite_max_size.
|
|
|
|
|
| |
Discovered by OSS-Fuzz.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=229.
|
|
|
|
|
| |
This did not cause any problems, but it's nicer
to guarantee that the return value is <= end.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When parse_tag is invoked recursively to handle the animated tags inside
a \t tag, the `end` argument is taken from the `end` field of a struct arg
in the enclosing parse_tag. When struct arg is filled by push_arg, this
field is always right-trimmed using rskip_spaces. Ultimately, the inner
parse_tag invokation sees its `end` argument point not to the ')' or '}'
of the \t as it expects but rather to the spaces preceding the ')' or '}'.
At this point, when parse_tag calls skip_spaces, which is ignorant of the
end pointer, it happily skips over the spaces preceding the ')', moving the
pointer past `end`. Subsequent `pointer != end` comparisons in parse_tag
fail (as in fact `pointer > end`), and parse_tag thinks it is still inside
the substring to be parsed.
This is harmless in many cases, but given either of the following inputs,
parse_tag reads past the end of the actual buffer that stores the string:
{\t(\ }
{\t(\ )(}
After this commit, parse_tag knows that `end` can point to a sequence of
spaces and avoids calling skip_spaces on `end`, thus avoiding the overread.
Discovered by OSS-Fuzz.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=194.
|
|
|
|
|
|
|
| |
MinGW and old versions of mingw-w64 don't define the SAL macros.
They don't serve any value to us, so just remove them from our code.
See https://github.com/libass/libass/pull/251.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid overflow in dblExp that prevents subnormal numbers from being
generated (or small normal numbers if `double` supports many more
negative exponents than positive): if `10**abs(exp)` would overflow
and we actually want a negative exponent, switch to using precomputed
negative powers of 10 rather than positive.
Also avoid underflow for numbers with a large negative exponent where
the exponent alone underflows but the significand has enough digits to
cancel this out, e. g. in `10e-324` with IEEE 754 double.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The exponent may overflow an integer, e. g. in
`14e888888888888888888888888888880000000000000000000000000000`
on a 32-bit platform. Correctly handle this, including the case
when the exponent overflows but the whole string still describes
a valid floating-point number, e. g. in
`1[4294967200 zeros]e-4294967300`.
This fixes libass#244. Buffer overflow was fixed in 67f647e, and
this ensures that the string is converted to the correct number.
|
|
|
|
|
|
|
|
| |
ass_strtod reads at most 18 leading digits of the mantissa.
This previously included zeros, even though they are not significant
digits, e. g. 0.000000000000000001e18 was converted to 0.0.
After this commit, leading zeros before and after the decimal point
will be skipped, so the above number will be correctly converted to 1.0.
|
| |
|
|
|
|
|
| |
This fixes overflow on extremely long input strings.
See libass#244.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Subtitle recommendations often include that multi line
subtitles should be left justified as this is easier for
the eyes. This is also the standard used by several television
companies.
This add the possibility to define how subtitles are to
be justified, independently of where they are aligned.
The most common way could be to set justify to left, and have
alignment to center. But you can, for example, have alignment
to left and justify to center, giving subtitles to the left but
justifed on the center (instead of normal left justified).
Using justify right and alignment of center, might be good
choice for Arabic.
If justify is not defined, all works like before.
If justify is defined, subtitles are aligned as defined
by alignment and justified as defined by justify.
ASS is not extended by this, justify can only be defined
by setting Justify to wanted justification.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes two separate bugs:
a) Don't move a linebreak into the first symbol. This results in a empty
line at the front, which does not help to equalize line lengths at all.
Instead, merge line with the second one.
b) When moving a linebreak into a symbol that already is a break, the
number of lines must be decremented. Otherwise, uninitialized memory
is possibly used for later layout operations.
Found by fuzzer test case
id:000085,sig:11,src:003377+003350,op:splice,rep:8.
This might also affect and hopefully fix libass#229.
v2: change semantics according to review
|
|
|
|
|
| |
Found by fuzzer test case id:000082,sig:11,src:002579,op:havoc,rep:8.
Correctness should be checked, but this fixes the overflow for good.
|
|
|
|
| |
Found by fuzzer test case id:000051,sig:11,sync:fuzzer3,src:004221.
|
|
|
|
|
|
|
|
| |
Update the variable that tracks the allocated size. This potentially
improves performance and avoid some side effects, which lead to
undefined behavior in some cases.
Fixes fuzzer test case id:000051,sig:11,sync:fuzzer3,src:004221.
|
| |
|
|
|
|
| |
This can improve perf somewhat with large bitmaps
|
| |
|
|
|
|
|
|
|
|
| |
This is a normal course of action and should not generate a warning,
especially for applications which use libass and might notify the user
on such "warnings", while in fact it should be info or even verbose.
Fixes #231
|
| |
|
| |
|
|
|
|
|
| |
That resources can be cached composite bitmap or raw bitmap buffer.
Consequently, free lists are no longer needed.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Advantages over the old algorithm consist of the following.
* There are no glitches due to full cache clearing.
Items are arranged into linked list ordered by time of last use.
Only the oldest items get deleted at the clearing event.
* Each item now keeps track of number of references.
Referenced cache values are immune to clearing.
* Reduced amount of total cache memory for the same performance.
* Reduced number of memory allocations per cache item.
|
|
|
|
|
|
|
|
| |
VSFilter uses LTR base direction even if Arabic or Hebrew font
encodings are used, so do the same. This resolves some reordering
issues.
Fixes #224.
|
| |
|
|
|
|
|
|
|
| |
Such points can overflow internal calculations and usually produced
as a result of NaN to integer conversion.
Should fix #210.
|
| |
|
| |
|
| |
|
|
|
|
| |
Finds the start of the subtitle at "now".
|
| |
|
|
|
|
|
|
|
|
| |
Not all API users will keep the event list on seeking. This also gives
the opportunity to API users to handle severely broken files with
duplicate ReadOrder entries. (It is not known whether this is really
needed, however VSFilter does not deduplicate using the ReadOrder
field.)
|
|
|
|
|
|
| |
This was always the intention, but the wording could be read as if this
is not allowed. There was a bug that broke ass_flush_events() too, which
gives all the more reason to clarify this.
|
|
|
|
|
| |
Otherwise, ass_process_chunk() will reject events that were previously
removed with ass_flush_events(), which is nonsense.
|
| |
|
| |
|
|
|
|
|
| |
This avoids unnecessary work and fixes a memory leak:
the character set wasn't released when code == 0.
|
| |
|
|
|
|
|
|
|
| |
Return true on success and false on failure.
get_font_info was actually inconsistent, returning false both
on success and on failure due to the face not being scalable.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
DirectWrite does not provide fast access to the is_postscript flag,
requiring each font to be loaded before its format can be determined.
Eagerly doing this for every installed font can be quite slow,
on the order of seconds.
To improve performance, ask the font provider for this information
only when it is actually needed, i.e. when one of the font's full
names or its PostScript name matches a requested font name and we
need to know whether to accept this match.
The return value of check_postscript is not cached in this commit.
This makes repeated calls slower than accessing is_postscript was.
This should not be a problem, but if it is, the value can be cached
(or precomputed) by font providers in their font private data.
This commit also potentially increases the memory usage of some
font providers by retaining data structures needed to implement
check_postscript in their font private data. This should not be
a problem either, but if it is, the value of check_postscript
can be precomputed by all providers other than DirectWrite.
|
|
|
|
|
|
|
|
|
|
| |
* Check malloc and calloc return values.
* Abort if a name can't be fetched, rather than supply a NULL
string to fontselect causing it to crash.
* Make sure to free all allocated memory.
* Always check FAILED(hr) before using the value of any output
argument returned by DirectWrite, because it is not clear whether
they are guaranteed to have correct values in case of error.
|
|
|
|
|
|
|
|
|
| |
* Metrics are not used, so don't fetch them.
* All variables except meta are always explicitly set before use,
so don't initialize them.
* Declare variables where they are used.
* Use int loop variables when the loop bound is int.
* Prefer post-increment to pre-increment.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This has the side effect that the ASS_FontProviderMetaData instance is now
cleared for every font rather than only once at the start of the search,
which fixes some use-after-free scenarios and prevents the creation of
chimeric fonts using names left over from other fonts processed earlier.
This lays the groundwork for further code simplification and error handling
improvements within this function, which will come in a separate commit.
This commit is transparent to `git blame -w` except for return statements.
|
|
|
|
|
| |
Keep all components signed, allowing for timestamps like 00:01:-05.00
to denote 55 seconds. This matches the behavior of VSFilter.
|
|
|
|
| |
Reported by gcc -Wall -Wextra.
|
|
|
|
|
|
|
| |
Some parts used in fontselect weren't properly defined.
v2: RAW_CFF face type was added later, so it's at the end of the
enum list.
|
|
|
|
|
|
|
|
| |
Fixing this properly involves constifying ASS_FontProviderMetaData
and refactoring code that allocates and frees strings stored in it.
This seems easy on the surface but turns out to be nontrivial when
you actually try to do it. This may still be done at a later date,
but for now, just add explicit casts.
|
|
|
|
|
|
|
|
|
|
|
|
| |
This matches the behavior of GDI and hence VSFilter.
Note that \fn arguments are trimmed during parsing.
However, none of the names inside fonts should be trimmed,
and @-prefixed fonts should keep whitespace following the @,
both of which this commit addresses.
Remove strdup_trimmed because it is no longer used. Also remove
the declaration of a function that was deleted a few months ago.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Related to commit e00691e8096cc69e5651480155ebc61d9e079290:
it turns out that GDI (and hence VSFilter) does not check full names of
fonts that have PostScript outlines when searching for a font by name.
To summarize the resulting behavior:
* Fonts with PostScript outlines can be found by family name
and by PostScript name.
* Fonts without PostScript outlines can be found by family name
and by full name.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Fonts without PostScript outlines (such as TrueType fonts) are unaffected,
and their PostScript names continue to be ignored when searching for fonts.
This matches the behavior of GDI and hence VSFilter.
|
|
|
|
|
|
|
| |
And fix two wrong comments.
Bump the Fontconfig version requirement to 2.10.92 (2.11 RC2), released
on 2013-03-29, to ensure Fontconfig caches and exposes PostScript names.
|
|
|
|
|
|
| |
Currently this affects only the verbose output in
ass_font_select, but it will become more useful when we
start matching against PostScript names in the future.
|
| |
|
|
|
|
| |
index is signed, and psname only overrides it iff index < 0.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The loop in check_duplicate_event() essentially makes event processing
with ass_process_chunk() O(n^2). Using a bitmap instead of a loop brings
it back to O(n).
This could be interpreted as an API change: since the event list is
freely modifieable by the API user through ASS_Track public fields,
libass can't know if the internal bitmap went out of sync with the
public event list. We just redefine it so that calling
ass_process_chunk() means the API user agrees not to manipulate the
event list otherwise.
|
| |
|
|
|
|
| |
Its only use was removed in commit b63d8931.
|
| |
|
|
|
|
|
| |
The ass_func_template.h entry was removed with commit c22a4ff9.
utils.asm is really new.
|
|
|
|
|
|
| |
As pointed out in #198. This is certainly just a typo.
Fixes #198.
|