The subsetted demo font of the report that exhibits the bug has a
very unusual type 2 cmap for Unicode(!): It contains only two
sub-headers, one for one-byte characters (covering the range 0x20 to
0xFA), and a second one for higher byte 0x01 (just for character
code U+0131).
Before this commit, the iterator wasn't able to correctly handle a
sub-header for higher byte 0x01.
* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix character increment
for outer loop.
Some static function declarations cause unused function warnings if
certain config options are turned off via `ftoption.h'.
* src/base/ftbase.h, src/base/ftrfork.c, src/sfnt/ttbdf.h,
src/truetype/ttgxvar.h: Add #ifdef guards around these sections.
__builtin_shuffle() was introduced in gcc-4.7. The lowest
gcc to enable vector operation is delayed from 4.6 to 4.7.
* src/sfnt/pngshim.c (premultiply_data): Fix cpp-macro to
enable the vector operation, to change the lowest gcc version
from 4.6 to 4.7.
* src/autofit/afshaper.c: Include FT_ADVANCE_H, to use
FT_Get_Advance() in it.
* src/sfnt/ttcmap.c: Include FT_SERVICE_POSTSCRIPT_CMAPS_H
to use PS_Unicodes in it, also include `ttpost.h' to use
tt_face_get_ps_name() in it.
The first 32bit of standard TrueType variants is 0x00010000,
`OTTO', `ttcf', `true' or `typ1'. 2 marginal dfonts on legacy Mac
OS X, Keyboard.dfont and LastResort.dfont, have the sfnt resources
starting 0xA5 followed by `kbd' or `lst'. Considering the following
data could be parsed as conventional TrueType fonts, the header
checking is updated to allow these tags. It seems that recent Mac
OS X has already switched to normal TTF for these fonts.
See the discussion at
http://u88.n24.queensu.ca/exiftool/forum/index.php?topic=3931.0
* include/freetype/tttags.h (TTAG_0xA5kbd, TTAG_0xA5lst): New header
tags for Keyboard.dfont and LastResort.dfont.
* src/sfnt/sfobjs.c (sfnt_open_font): Accept the sfnt resource
starts with TTAG_0xA5kbd or TTAG_0xA5lst.
* src/truetype/ttobjs.c (tt_face_init): Accept the face with the
format tag is TTAG_0xA5kbd or TTAG_0xA5lst.
* src/sfnt/pngshim.c (premultiply_data): Use vectors instead of
scalars.
(vector_shuffle): New macro to take of a different built-in function
name on clang.
This reduces the overhead of `premultiply_data' by 60%.
* src/sfnt/pngshim.c (premultiply_data): Provide code which uses
gcc's (and clang's) `vector_byte' attribute to process 4 pixels at a
time.
Requested by Behdad.
Modern bitmap-only SFNTs like `NotoColorEmoji.ttf' don't contain
entries in the bitmap strike(s) for empty glyphs. Instead, they
rely that a space glyph gets created from the font's metrics data.
This commit makes FreeType behave accordingly.
* include/freetype/fterrdef.h (FT_Err_Missing_Bitmap): New error
code.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_image): Change error codes
to make a distinction between a missing bitmap in a composite and a
simple missing bitmap.
* src/truetype/ttgload.c (TT_Load_Glyph): For a missing bitmap (in a
bitmap-only font), synthesize an empty bitmap glyph if metrics are
available.
* src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now
(tighter) limits.
* src/truetype/ttgload.c (load_truetype_glyph): The new OpenType
version explicitly allows all negative values for the number of
contours if we have a composite glyph (this is for better backwards
compatibility I guess), but it still recommends value -1.
* src/sfnt/ttkern.c (tt_face_load_kern): Don't check for
cross-stream kerning tables since we reject format 2 tables later
on anyways.
Modify code for limit test...
(tt_face_get_kerning): ... to avoid a limit test here.
* src/autofit/afcjk.c, src/autofit/afindic.c: Include `afcjk.h'
earlier.
* src/sfnt/sfobjs.c (sfnt_init_face): Put `memory' variable into
TT_CONFIG_OPTION_GX_VAR_SUPPORT block.
(sfnt_done_face): Protect some code with
TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Remove compiler
warning.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Put `tmp' variable
into TT_USE_BYTECODE_INTERPRETER block.
(tt_loader_init): Put `error' variable into
TT_USE_BYTECODE_INTERPRETER block.
* src/base/ftsnames.c: Include FT_INTERNAL_DEBUG_H.
* src/cff/cffobjs.c [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Include
FT_MULTIPLE_MASTERS_H and FT_SERVICE_MULTIPLE_MASTERS_H.
* src/sfnt/sfdriver.c [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Include
FT_MULTIPLE_MASTERS_H and FT_SERVICE_MULTIPLE_MASTERS_H.
(get_win_string, get_apple_string): Initialize `result'.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/tttypes.h (TT_FaceRec): New fields
`var_postscript_prefix' and `var_postscript_prefix_len'.
* src/sfnt/sfdriver.c: Include FT_TRUETYPE_IDS_H.
(sfnt_is_alphanumeric): New wrapperfunction for `ft_isalnum'.
(get_win_string, get_apple_string): Remove `const' from return
value.
(MAX_VALUE_DESCRIPTOR_LEN, MAX_PS_NAME_LEN): New macros.
(hexdigits): New array.
(sfnt_get_var_ps_name): New function, implementing Adobe TechNote
5902 to construct a PS name for a variation font instance.
(sfnt_get_ps_name): Call `sfnt_get_var_ps_name' for font instances.
* src/sfnt/sfobjs.c (sfnt_done_face): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Reset
`face->postscript_name' to trigger recalculation for new instance
parameters.
Add 128bit MurmurHash 3 function.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* src/sfnt/sfdriver.c (ROTL32): New macro.
(fmix32, murmur_hash_3_128): New functions.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
* src/sfnt/sfobjs.c (sfnt_init_face): While setting number of
instances to zero for `CFF' fonts table, ensure that there is no
`CFF2' present also (which gets priority).
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
* src/sfnt/sfobjs.c (sfnt_init_face): While setting number of
instances to zero for `CFF' fonts table, ensure that there is no `glyf'
present also (which gets priority).
As documented in the OpenType specification, an entry for the
default instance may be omitted in the named instance table. In
particular this means that even if there is no named instance table
in the font we actually do have a named instance, namely the default
instance.
For consistency, we always want the default instance in our list of
named instances. If it is missing, we try to synthesize it.
* src/sfnt/sfobjs.c (sfnt_init_face): Check whether the default
instance is in the table of named instances. Otherwise adjust
number of instances.
* src/truetype/ttgxvar.c: Include FT_TRUETYPE_IDS_H.
(TT_Get_MM_Var): Use `face->root.style_flags' as the number of named
instances.
Sythesize a named instance entry if necessary.
(tt_done_blend): Free `normalized_stylecoords'.
Werner Lemberg