==========================
Tag sources with `VER-2-11-0'.
* docs/VERSION.TXT: Add entry for version 2.11.0.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/index.html, docs/freetype-config.1:
s/2.10.4/2.11.0/, s/2104/2110/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 11.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:0:18.
* CMakeLists.txt (VERSION_MINOR): Set to 11.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (dist): Ignore more git-related files.
'COLR' v1 fonts do not necessarily need to have a layer list; for
this reason, 'fontTools' recently started generating fonts in a way
that drops the layer list if there are no layers in it. This
results in the layer list offset becoming zero, which FreeType
treated as an invalid table. Fix that and handle the case for layer
list offset being 0. This slightly changes how we need to calculate
the starting offset for paints.
* src/sfnt/ttcolr.c (tt_face_load_colr): Handle case of layer list
offset being zero without outright rejecting table.
Paint tables can appear before the `base_glyphs_v1` offset if the
font is produced with the layer list before the base glyph list. In
this case paint tables can occur after the layer list but before the
base glyph list. Checks in the 'COLR' v1 code were rejecting fonts
with this layout. Improve these checks by calculating a minimum
offset after which paint tables can occur and use that in safety
checks.
* src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare
`paint_start_v1` and calculate that as the minimum of the end of
layer list and base glyph list.
(get_child_table_pointer, read_paint, tt_face_get_paint_layers):
Use that in safety checks.
* include/freetype/ftcolor.h (FT_PaintTransformed, FT_PaintFormat,
FT_COLR_Paint): Do it to make it harmonize with other names such as
'PaintTranslate'.
* src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the
existing sanity checks, ensure that the pointer to the layer to be
read is within the 'COLR' v1 table.
Fixes timeout (#1055) analyzed by Ben Wagner, reported as
https://crbug.com/1194092
* src/sfnt/ttload.c (tt_face_load_post): Check POST format.
* src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode
charmap only if the glyph names exist.
* src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and
".null".
To reduce memory allocations, we read an entire Pascal-string buffer
and convert it to a C-string buffer. We also reject tables with
Postscript glyph names exceeding 63 bytes.
* src/sfnt/ttpost.c (load_format20): Implement it.
(load_post_names): Check the minimal POST table size.
(load_format25, tt_face_free_ps_names): Updated accordingly.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string,
sfnt_get_var_ps_name): Do not zero out the buffer.
* src/sfnt/sfobjs.c (sfnt_init_face): Ditto.
* src/sfnt/sfwoff.c (woff_open_font): Ditto.
* src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): Do not output
layer pointer to iterator if it is outside the 'COLR' table.
(read_paint): Do not attempt to read layers that are outside the
table.
* src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch
child table pointer early for all paint formats that compute a child
table pointer.
(read_color_line, read_paint): Updated.
(tt_face_get_colorline_stops): Check `colr->table`.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
Memory is allocated and the pointer assigned to `rows` inside a
'setjmp' scope. This memory must be freed outside the 'setjmp'
scope after a 'longjmp'. Since `rows` is a local and modified
inside the 'setjmp' scope it must be marked volatile or it will have
an indeterminate value after the 'longjmp'.
* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
This change fixes a crash that occurs in `Load_SBit_Png` when
running on a 64-bit Windows OS. A memory access violation exception
would be raised by `setjmp` if the `jmp_buf` is not aligned to a
16-byte memory boundary. This is due to setjmp executing `movdqa`
instructions to store 128-bit XMM registers to memory, which require
correct memory alignment. This problem occurs because
`png_create_read_struct` uses `malloc` and `free` for memory
management, which only guarantees 8-byte alignment on Windows.
Instead, to fix the problem, `png_create_read_struct_2` is used on
64-bit Windows, which allows for user-defined memory allocation and
deallocation callbacks to be specified. These callbacks forward the
allocation and deallocation requests to `_aligned_alloc` and
`_aligned_free`, ensuring that the allocated `png_struct` and
internal `jmp_buf` have the requisite 16-byte alignment.
* src/sfnt/pngshim.c <_WIN64>: Include `malloc.h`.
(malloc_callback, free_callback) <_WIN64>: New functions.
(Load_SBit_Png) <_WIN64>: Use `png_create_read_struct_2` instead of
`png_create_read_struct`
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28148
* src/sfnt/sfwoff2.c (woff2_open_font): Reject fonts that have
multiple tables with the same tag. While not explicitly forbidden
in the OpenType specification, it is implicitly forbidden by
describing a binary search algorithm for tables that only works
reliably if table tags are unique.
* freetype.h (FT_PaintFormat): Update paint format identifiers after
a specification change. The specification was updated to have
sibling formats, variable and non-variable variants for each.
Reflect that here.
* sfnt/ttcolr.c (read_paint): Remove parsing of variable indices as
the non-variable formats no longer have them.
* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Add new macro.
* src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c,
src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c,
src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks.
Fixes#1026 when compiling FreeType with an unusual calling convention
while the C library qsort still expects cdecl.
* include/freetype/freetype.h (FT_Get_Color_Glyph_Paint):
Additional function argument root_transform to control whether
root transform should be returned.
(FT_OpaquePaint): Additional tracking field to denote whether
root transform is to be returned.
* include/freetype/internal/sfnt.h
(TT_Get_Color_Glyph_Paint_Func): Propagate additional argument.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Paint): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_colr_glyph_paint): Return root
transform reflecting the size and tranform configured on
FT_Face.
(read_paint): Initialize and track status of insert_root_transform
flag.
This ensures good logging output, with all lines having a proper
prefix (if requested).
This is a continuation of a similar patch from 2020-12-02, which
missed some locations.
* sfnt/ttcolr.c (tt_face_get_colr_glyph_paint,
tt_face_get_colorline_stops, tt_face_get_paint): Additional checks
for whether colr table is present. Prevents crashes when these
methods are called on non-COLR fonts.
* include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_Paint_Func,
TT_Get_Paint_Layers_Func, TT_Get_Colorline_Stops_Func,
TT_Get_Paint_Func): New function pointer types.
(SFNT_Interface): Add them.
(FT_DEFINE_SFNT_INTERFACE): Updated.
* src/sfnt/sfdriver.c (PUT_COLOR_LAYERS_V1): New macro.
(sfnt_interface): Add new function pointers.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): New function to get
the layers of a `PaintColrLayers` table in the font, using an
`FT_LayerIterator` from an `FT_PaintColrLayers` object retrieved via
`tt_face_get_paint`.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_colorline_stops): New function to
return the current `FT_ColorStop` object from `FT_ColorStopIterator`.
Also increment the iterator.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_paint): New function to resolve an
`FT_OpaquePaint` paint reference into an `FT_COLR_Paint` object of a
certain format, which contains the detailed information stored in a
paint of the respective format.
(read_paint): New function to provide the format specific parsing
and to populate the data members of each specific `FT_COLR_Paint`
subtype.
(read_color_line): New function to parse retrieved color line
information into an `FT_ColorLine` object, which has information
about the color line extend mode as well as an
`FT_ColorStopIterator` object.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (BaseGlyphV1Record): New structure.
(tt_face_load_colr): Handle version 1 table header.
(find_base_glyph_v1_record): New auxiliary function.
(tt_face_get_colr_glyph_paint): New function to find the root
`FT_OpaquePaint` object for a given glyph ID.
* src/sfnt/ttcolr.h: Updated.
* include/freetype/internal/autohint.h
(FT_DECLARE_AUTOHINTER_INTERFACE): New macro.
* src/autofit/afmodule.h: Use it to declare
`af_autofitter_interface'.
* include/freetype/internal/ftobjs.h (FT_DECLARE_GLYPH): New macro.
* src/base/ftbase.h: Use it to declare `ft_bitmap_glyph_class' and
`ft_outline_glyph_class'.
* src/base/ftglyph.c: Include `ftbase.h'.
* src/cff/cffparse.c (cff_parser_run): Fix type of `t2_size'.
* src/pcf/pcfdrivr.c (pcf_cmap_char_next): Fix type of `result'.
* src/psaux/psauxmod.c (psaux_module_class): Use `FT_DEFINE_MODULE'.
* src/psaux/psauxmod.h: Declare `afm_parser_funcs',
`t1_cmap_classes', `cff_decoder_funcs', and `psaux_module_class'.
* src/pshinter/pshmod.c: Include `pshmod.h'.
* src/sfnt/sfwoff2.c (ROUND4, WRITE_SHORT): Fix implicit sign
conversion.
(compute_ULong_sum): Fix return type.
Fix implicit sign conversion.
(store_points): Fix type of `last_flag', `repeat_count', and `flag'.
Use casts to avoid warnings.
(reconstruct_glyf): Fix implicit sign conversion.
Use cast to avoid warning.
(get_x_mins): Fix implicit sign conversion.
* src/sfnt/ttcmap.c: Undef `TTCMAPCITEM'.
* src/sfnt/ttcmap.h: Define `TTCMAPCITEM' and include `ttcmapc.h' to
declare cmap classes.
* src/smooth/ftsmooth.c (ft_smooth_overlap_spans): Use cast.
* src/truetype/ttinterp.c (Ins_MIAP): Fix typo.
The following builds were failing due to previous changes:
make multi
make multi CC="c++"
* include/freetype/config/ftconfig.h: Remove `FT_END_HEADER'.
* include/freetype/config/ftheader.h (FT_BEGIN_HEADER,
FT_END_HEADER): Protect against redefinition.
* src/cache/ftccache.h, src/cache/ftcmru.h, src/pcf/pcfutil.h,
src/psaux/pserror.h, src/psaux/psft.h, src/psaux/psstack.h,
src/sfnt/woff2tags.h: Include `compiler-macros.h'.
* src/sfnt/woff2tags.c: Include `woff2tags.h'.
We no longer have to take care of the 8.3 file name limit; this
allows us (a) to introduce longer, meaningful file names, and (b) to
avoid macro names in `#include' lines altogether since some
compilers (most notably Visual C++) doesn't support this properly.
*/*: Replace
#include FOO_H
with
#include <freetype/foo.h>
or something similar. Also update the documentation.
These have not been used in a very, very long time, so better remove
them. A corresponding patch will be submitted to the
`freetype2-demos' repository.
* src/Jamfile, src/*/Jamfile, Jamrules: Delete.
* src/base/ftoutln.c (FT_Outline_Transform): Bail on empty points.
* src/cff/cffload.c (cff_subfont_load): Use `FT_OFFSET'.
* src/psaux/psft.c (cf2_decoder_parse_substrings): Early out if
`charstring_base' or `charstring_len' are null.
* src/sfnt/ttload.c (tt_face_load_name): Use `FT_OFFSET'.
Also reduce number of SFNT table lookups.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18065
* include/freetype/internal/wofftypes.h (WOFF2_InfoRec): Add fields
`glyf_table', `loca_table', and `head_table'.
* src/sfnt/sfwoff2.c (reconstruct_glyf): Update signature.
Use table pointers in `info' parameter.
(get_x_mins): Check `maxp_table'
Use table pointers in `info' parameter.
(reconstruct_font): Use and set table pointers in `info' parameter.
Fix check for `glyf' and `loca' tables.
Update call to `reconstruct_glyf'.
(woff2_open_font): Updated.
Also fix memory deallocation in case of error.
`head' problem reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17820
* src/sfnt/sfwoff2.c (reconstruct_glyf): Don't use `stream_close'.
Abort if `head_table' is NULL.
Don't free `transformed_buf' in case of error.
(woff2_open_font): Don't set `uncompressed_buf' to NULL.
* src/sfnt/sfwoff2.c (woff2_open_font): Use `FT_UInt32' for
`file_offset'. This fixes builds on platforms where `FT_LONG64' is
not defined while still being sufficient to store a file offset.
If table tag is not 0x3f, we expect a value between 0 and 62. If
this is not the case, exit with errors.
* src/sfnt/sfwoff2/c: Check whether table tag makes sense.
* src/sfnt/woff2tags.c: Return 0 if tag is out of bounds.
`reconstruct_hmtx' requires `info->x_mins' and `info->num_glyphs' to
reconstruct the hmtx table. In case glyf is not transformed, we
call `get_x_mins' which does the necessary work.
* src/sfnt/sfwoff2.c (get_x_mins): New function.
(reconstruct_font): Call get_x_mins.
Set correct value of `face->num_faces' for WOFF2 fonts. This is
being handled separately because we only load the tables for the
requested font face in `woff2_open_font' and create a single-face
sfnt stream.
The full discussion is at:
https://lists.gnu.org/archive/html/freetype-devel/2019-08/msg00000.html
* src/sfnt/sfobjs.c (sfnt_open_font): Add parameter
`woff2_num_faces'.
(sfnt_init_face): Introduce variable `woff2_num_faces', and change
`face->root.num_faces' if `woff2_num_faces' is set.
* src/sfnt/sfwoff2.c (woff2_open_font): Validate requested face
index and handle negative face indices.
* src/sfnt/sfwoff2.h (woff2_open_font): Add parameter `num_faces' to
declaration.
We do this by using `totalSfntSize' as an initial reference, and
extending the buffer when required. This reduces rendering time
considerably.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add
`totalSfntSize', rename `total_sfnt_size' to `actual_sfnt_size'.
* src/sfnt/sfwoff2.c (write_buf): Add parameter `dst_size' to keep
track of and update total size of stream.
(WRITE_SFNT_BUF, WRITE_SFNT_BUF_AT): Modify macros accordingly.
(pad4, store_loca, reconstruct_glyf, reconstruct_hmtx,
reconstruct_font): Update parameters to accept `sfnt_size'.
(woff2_open_font): Add variable `sfnt_size'. Use WOFF2 header field
`totalSfntSize' as initial reference (if value makes sense) and
allocate `totalSfntSize' bytes for the sfnt stream. `write_buf'
handles reallocation if and when required. Also resize the stream
to `actual_sfnt_size' after reconstruction.
Add necessary functions to reconstruct loca and hmtx tables (the two
remaining tables that can have a transform). `woff2_open_font' is
now capable of loading a woff2 font face. This code may still need
more refining and better memory management.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add total
(final) size of sfnt stream.
(WOFF2_InfoRec): Add header checksum value.
* src/sfnt/sfobjs.c (sfnt_open_font): Change `face_instance_index'
parameter to its pointer so its value can be modified by
`woff2_open_font'.
* src/sfnt/sfwoff2.c: (WRITE_SFNT_BUF_AT): New macro to write into
sfnt buffer at given position.
(write_buf): Add parameter `extend_buf' which allows caller to
specify whether buffer should be reallocated before copying data.
(WRITE_SFNT_BUF): Updated.
(pad4, store_loca, reconstruct_htmx): New functions.
(reconstruct_glyf): Calculate loca values and store them.
(reconstruct_font): Call `reconstruct_hmtx', write table record
entries, and calculate table checksums. Also calculate font
checksum and update `checksumAdjustment' entry in head table.
(woff2_open_font): Open stream for sfnt buffer, swap out input
stream and return.
* src/sfnt/sfwoff2.h (woff2_open_font): Modify parameter to accept
pointer to `face_index'.
Reconstruct `glyf' table if it is transformed in the uncompressed
table stream. Also add necessary structures, macros and functions.
* include/freetype/internal/wofftypes.h (WOFF2_InfoRec,
WOFF2_SubstreamRec, WOFF2_PointRec): New structures.
(WOFF2_TableRec): s/OrigLength/dst_length/.
* src/sfnt/sfwoff2.c (READ_255USHORT, READ_BASE128): Use
`FT_SET_ERROR' to set implicit `error' variable.
(WRITE_SHORT): New macro.
(N_CONTOUR_STREAM, N_POINTS_STREAM, FLAG_STREAM, GLYPH_STREAM,
COMPOSITE_STREAM, BBOX_STREAM, INSTRUCTION_STREAM): New macros to
refer to substreams of the transformed `glyf' tables.
(Read255UShort, ReadBase128): Return errors set by `FT_READ_XXX'
macros.
(with_sign, safe_int_addition): New functions to add sign to values
based on a flag and perform safe addition respectively.
(triplet_decode): Decode variable-length (flag, xCoordinate,
yCoordinate) triplet for a simple glyph. See
https://www.w3.org/TR/WOFF2/#triplet_decoding
(store_points, compute_bbox, composteGlyph_size, reconstruct_glyf):
New functions.
(reconstruct_font): Call `reconstruct_glyf'.
* src/sfnt/sfwoff2.h: Add required constants.
* src/sfnt/woff2tags.h: Move out constants to `sfwoff2.h'.
Copy un-transformed tables to the sfnt stream.
* src/sfnt/sfwoff2.c: (WRITE_SFNT_BUF): New macro.
(write_buf): New function. Extend memory of `dst' buffer and copy
bytes from `src'.
(compute_ULong_sum): New function. Calculate checksum of table.
(reconstruct_font): Change `FT_Byte* sfnt' to `FT_Byte**
sfnt_bytes'. This has been done because we reallocate memory to
`sfnt' multiple times, which may change the pointer value of `sfnt'.
This new pointer must be propogated back to the caller. Same reason
for using a double pointer in `write_buf'.
* src/sfnt/woff2tags.h (WOFF2_DEFAULT_MAX_SIZE): New macro used for
overflow checking.
Dominik Röttsches