`FDEF` instructions are specified as allowed only in 'prep' or
'fpgm'. FreeType has attempted to prevent their use in the glyph
program, but they were still allowed in glyph programs if defined in
a function defined in 'prep' or 'fpgm' and called from the glyph
program.
Similarly, `IDEF` instructions are specified not to be able to
modify any existing instruction. FreeType has attempted to prevent
their use in the glyph program, but they can still be used like
`FDEF`.
This change stores the initial bytecode range type and disallows the
use of `FDEF` and `IDEF` while running the glyph program.
Most other state is copied from the `TT_Size` into the execution
context. However, it is possible for a glyph program to use `WS` to
write to the storage area or `WCVTP`, `WCVTF`, and `DELTAC[123]` to
write to the control value table.
Allowing any change to the global state from the glyph program is
problematic as the outlines of any given glyph may change based on
the order the glyphs are loaded or even how many times they are
loaded. There exist fonts that write to the storage area or the
control value table in the glyph program, so their use should not be
an error.
Possible solutions to using these in the glyph program are
* ignore the writes;
* value-level copy on write, discard modified values when finished;
* array-level copy on write, discard the copy when finished;
* array-level copy up-front.
Ignoring the writes may break otherwise good uses. A full copy
up-front was implemented, but was quite heavy as even well behaved
fonts required a full copy and the memory management that goes along
with it. Value-level copy on write could use less memory but
requires a great deal more record keeping and complexity. This
change implements array-level copy on write. If any attempt is made
to write to the control value table or the storage area when the
initial bytecode range was in a glyph program, the relevant array
will be copied to a designated storage area and the copy used for
the rest of the glyph program's execution.
* src/truetype/ttinterp.h (TT_ExecContextRec): New fields
`iniRange`, `glyfCvtSize`, `glyfCvt`, `origCvt`, `glyfStoreSize`,
`glyfStorage`, and `origStorage`.
* src/truetype/ttinterp.c (Modify_CVT_Check): New function to handle
`exc->glyfCvt`.
(Write_CVT, Write_CVT_Stretched, Move_CVT, Move_CVT_Stretched): Use
it.
(Ins_WS): Handle `exc->glyfStorage`.
(Ins_FDEF, Ins_IDEF): Updated.
(TT_RunIns): Updated.
(TT_Done_Context): Free 'glyf' CVT working and storage area.
(TT_Load_Context): Fix/add casts.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Fix cast.
* src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch
child table pointer early for all paint formats that compute a child
table pointer.
(read_color_line, read_paint): Updated.
(tt_face_get_colorline_stops): Check `colr->table`.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
Memory is allocated and the pointer assigned to `rows` inside a
'setjmp' scope. This memory must be freed outside the 'setjmp'
scope after a 'longjmp'. Since `rows` is a local and modified
inside the 'setjmp' scope it must be marked volatile or it will have
an indeterminate value after the 'longjmp'.
* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
We now record `cover' and `area' directly into the linked list. This
makes rendering faster by 10% or even more at larger sizes.
* src/smooth/ftgrays.c (FT_INTEGRATE): Write directly.
(gray_TWorker): Add direct cell reference and remove unused fields.
(gray_set_cell): Consolidate the linked list management and pointers.
(gray_convert_glyph, gray_convert_glyph_inner): Updated.
This change fixes a crash that occurs in `Load_SBit_Png` when
running on a 64-bit Windows OS. A memory access violation exception
would be raised by `setjmp` if the `jmp_buf` is not aligned to a
16-byte memory boundary. This is due to setjmp executing `movdqa`
instructions to store 128-bit XMM registers to memory, which require
correct memory alignment. This problem occurs because
`png_create_read_struct` uses `malloc` and `free` for memory
management, which only guarantees 8-byte alignment on Windows.
Instead, to fix the problem, `png_create_read_struct_2` is used on
64-bit Windows, which allows for user-defined memory allocation and
deallocation callbacks to be specified. These callbacks forward the
allocation and deallocation requests to `_aligned_alloc` and
`_aligned_free`, ensuring that the allocated `png_struct` and
internal `jmp_buf` have the requisite 16-byte alignment.
* src/sfnt/pngshim.c <_WIN64>: Include `malloc.h`.
(malloc_callback, free_callback) <_WIN64>: New functions.
(Load_SBit_Png) <_WIN64>: Use `png_create_read_struct_2` instead of
`png_create_read_struct`
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28148
* src/sfnt/sfwoff2.c (woff2_open_font): Reject fonts that have
multiple tables with the same tag. While not explicitly forbidden
in the OpenType specification, it is implicitly forbidden by
describing a binary search algorithm for tables that only works
reliably if table tags are unique.
This fixes warnings reported by autoupdate.
* builds/unix/ax_pthread.m4: Replace `as_echo` with `AS_ECHO`.
* builds/unix/configure.raw: Remove obsolete `AC_HEADER_STDC`.
Don't escape back quotes in messages for `AC_MSG_WARN`.
<top_level>: Use `TOP_DIR` in `wildcard` function.
(check_out_submodule, copy_submodule): Move down to come after
definition of `all` rule.
Call `mkdir` conditionally.
We use a dummy variable to catch its output. Otherwise the `make`
program is going to interpret the return value of `shell`; this can
cause obscure warning or error messages or even be harmful.
This is for future changes with Meson, which doesn't allow a
different name for its `subprojects` directory. Having both a
`submodules` and a `subprojects` directory is confusing.
* .gitmodules, autogen.sh (copy_submodule_files, DLG_INC_DIR,
DLG_SRC_DIR): Updated.
* builds/toplevel.mk (<top-level>, do-dist),
builds/windows/vc2010/script.bat: Updated.
* src/tools/no-copyright: Updated.
* freetype.h (FT_PaintFormat): Update paint format identifiers after
a specification change. The specification was updated to have
sibling formats, variable and non-variable variants for each.
Reflect that here.
* sfnt/ttcolr.c (read_paint): Remove parsing of variable indices as
the non-variable formats no longer have them.
* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Add new macro.
* src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c,
src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c,
src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks.
Fixes#1026 when compiling FreeType with an unusual calling convention
while the C library qsort still expects cdecl.
* include/freetype/freetype.h (FT_Get_Color_Glyph_Paint):
Additional function argument root_transform to control whether
root transform should be returned.
(FT_OpaquePaint): Additional tracking field to denote whether
root transform is to be returned.
* include/freetype/internal/sfnt.h
(TT_Get_Color_Glyph_Paint_Func): Propagate additional argument.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Paint): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_colr_glyph_paint): Return root
transform reflecting the size and tranform configured on
FT_Face.
(read_paint): Initialize and track status of insert_root_transform
flag.
Many projects (e.g., fontconfig, cairo) hardcode the `freetype_dep`
variable name to use FreeType as subproject because that was the
variable name in Centricular's Meson port of FreeType. While they
should stop hardcoding that variable name, it does not cost us
anything to keep using that name to ease transition.
* meson.build (harfbuzz_dep): Do not fall back to HarfBuzz by
default.
Otherwise it causes a dependency cycle:
cairo => fontconfig => freetype2 => harfbuzz => cairo
Meson will still fall back to HarfBuzz subprojects if the `harfbuzz`
option is set to `enabled` instead of `auto` and a
`subprojects/harfbuzz.wrap` file is present. In that case it is the
responsibility of the main project to set the proper options on each
subproject to break the dependency cycle.
Fixes: #1028.
[meson] Fix dependency lookup and generate `ftconfig.h`.
- zlib: If not found on the system, meson can build it as a
subproject. We thus never use the (outdated) zlib support that
comes with FreeType. Doing so has the additional advantage that
the zlib code can be shared with other projects like GLib if both
are subprojects of an application.
- harfbuzz: Build as a subproject if not found on the system.
- 'QUESTION: What if the compiler doesn't support `-D` but uses `/D`
instead as on Windows?' Answer: Meson translate arguments for us.
- visibility: Replace self-made code with meson-specific solution.
* meson.build (ft2_defines): Rewrite logic to set and handle it.
(process_header_command): New variable, previously called
`ftoption_command`.
(ftoption_command, ftconfig_command): New variables.
(zlib_option): Removed.
(zlib_dep): New variable.
(ft2_deps): Updated.
(harfbuzz_dep): Updated.
(ftconfig_h_in, ftconfig_h): New variables.
(ft2_sources): Updated.
(ft2_lib): Updated, handle visibility.
(summary): Updted.
* meson_options.txt (zlib): Updated.
This is copied from GStreamer's meson port of FreeType.
(ft2_sources): Add both debug and resource file (the latter for
Windows only).
(ft2_debug_src): Removed.
This is a new meson mechanism to avoid other projects to hard-code
the `freetype2_dep` variable name in their build definition. It
also ensures that meson does not mix system and subproject versions
of FreeType inside of the same project.
Also remove outdated TODO because `declare_dependency` was already
there.
We remove `static:false` from `find_library('bz2')`.
I don't know whether the previous code was a workaround for an old
meson bug, but at least with version >=0.55.0 (which FreeType uses)
it picks the shared library when both are available.
With this commit, file `freetype2.pc` no longer contains the full path to
file `libbz2.so`; instead, it correctly uses `-lbz2`. Note that this is a
meson bug is still present in the current version (0.57.0).
This ensures good logging output, with all lines having a proper
prefix (if requested).
This is a continuation of a similar patch from 2020-12-02, which
missed some locations.