This commit (mainly for 32bit CPUs) is the first of a series of
similar commits to handle known integer overflows. Basically, all
of them are harmless, since they affect rendering of glyphs only,
not posing security threats. It is expected that fuzzying will show
up more overflows, to be fixed in due course.
The idea is to mark places where overflows can occur, using macros
that simply cast to unsigned integers, because overflow arithmetic
is well defined in this case. Doing so suppresses run-time errors
of sanitizers without adding computational overhead.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT,
OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros.
* src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply,
FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled,
ft_corner_orientation): Use new macros.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros.
The new name better describes what the macro actually does;
additionally, we don't need a trailing `f' for literals (there was
only a single such instance in the code, but this caused a clang
warning because the macro itself uses `double' literals).
* src/cff/cf2blues.c, src/cff/cf2blues.h, src/cff/cf2fixed.h,
src/cff/cf2font.c, src/cff/cf2hints.c: Updated.
* src/base/ftcalc.c (FT_MOVE_SIGN): Add argument to pass unsigned
value, to be used as the result.
(FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix, FT_MulFix,
FT_Vector_NormLen): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Compute all design
coordinates if we have to create the `blends->coord' array.
(TT_Get_MM_Blend, TT_Get_Var_Design): Select default instance
coordinates if no instance is selected yet.
Extra bitmap padding for LCD filtering depends on the filter. The
default 5-tap filter needs 2 extra subpixels. The light 3-tap filter
needs only 1 extra subpixel. This space could be already available
due to rounding. In order to optimize the padding, we now expand
CBox for the given filter weights before rounding.
This change breakes current Skia (and Firefox).
* include/freetype/internal/ftobjs.h (FT_LibraryRec)
[FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Remove `lcd_extra' field.
* src/base/ftlcdfil.c (FT_Library_SetLcdFilterWeights,
FT_Library_SetLcdFilter): Remove `lcd_extra' initializations.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Implement dymanic
LCD padding.
Problem reported by Hin-Tak Leung <htl10@users.sourceforge.net>.
* src/truetype/ttgload.c (TT_Load_Glyph)
[TT_CONFIG_OPTION_EMBEDDED_BITMAPS]: Handle error if font is not
scalable.
This moves warping option from LIGHT to NORMAL mode. This makes LIGHT
truly void of hinting in x-direction, with left side bearing never
changed and right side bearing only altered by advance rounding.
Therefore, LIGHT is now ready to return fractional advance. As a
NORMAL option, warping substitutes normal hinting.
* src/autofit/afcjk.c (af_cjk_hints_apply): Updated.
* src/autofit/aflatin.c (af_latin_hints_apply): Updated.
* src/autofit/aflatin2.c (af_latin2_hints_apply): Updated.
* src/autofit/afloader.c (af_loader_load_glyph): Handle warping
phantom points as normal.
=======================
Tag sources with `VER-2-8'.
* docs/VERSION.TXT: Add entry for version 2.8.
* docs/CHANGES: Updated.
* README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj,
builds/windows/vc2005/index.html,
builds/windows/vc2008/freetype.vcproj,
builds/windows/vc2008/index.html,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.7.1/2.8/, s/271/28/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 8.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 20:0:14.
* CMakeLists.txt (VERSION_MINOR): Set to 8.
(VERSION_PATCH): Set to 0.
* src/autofit/afblue.dat: Add blue zone data for Chakma.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Chakma standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Chakma data.
* src/autofit/afblue.dat: Add blue zone data for Kayah Li.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Kayah Li standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Kayah Li data.
* src/autofit/afblue.dat: Add blue zone data for Bamum.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Bamum standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Bamum data.
* src/autofit/afblue.dat: Add blue zone data for Saurashtra.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Saurashtra standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Saurashtra
data.
* src/autofit/afblue.dat: Add blue zone data for Buhid.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Buhid standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Buhid data.
* src/autofit/afblue.dat: Add blue zone data for Shavian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Shavian standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Shavian data.
* src/autofit/afblue.dat: Add blue zone data for Vai.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Vai standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Vai data.
* src/autofit/afblue.dat: Add blue zone data for Osmanya.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Osmanya standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Osmanya data.
* src/autofit/afblue.dat: Add blue zone data for Coptic.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Coptic standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Coptic data.
* src/autofit/afblue.dat: Add blue zone data for Carian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Carian standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Carian data.
* src/autofit/afblue.dat: Add blue zone data for Unified Canadian
Syllabics.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Unified Canadian Syllabics standard
character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Unified
Canadian Syllabics data.
This essentially moves the Sundanese script from the `Indic' hinter
to the `Latin' hinter.
* src/autofit/afblue.dat: Add blue zone data for Sundanese.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Sundanese standard character and move
data out of AF_CONFIG_OPTION_INDIC block.
* src/autofit/afranges.c: Move Sundanese data out of
AF_CONFIG_OPTION_INDIC block.
* src/autofit/afstyles.h: Update Sundanese data; in particular, use
AF_WRITING_SYSTEM_LATIN.
* src/autofit/afblue.dat: Add blue zone data for Avestan.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Avestan standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Avestan data.
When points are not touched by gvar interpolation deltas, FreeType
gave a slightly different result than Apple's CoreText.
The OpenType working group will update the specification to document
the following behaviour: If the two points with deltas to the `left'
and `right' of the untouched point have the same coordinate, then
the inferred delta for the untouched point should be zero.
* src/truetype/ttgxvar.c (tt_delta_interpolate): Implement new
behaviour.
Problem reported by Markus Trippelsdorf <markus@trippelsdorf.de> and
Nikolaus Waxweiler <madigens@gmail.com>.
* src/base/ftobjs.c (FT_Request_Size): Trigger recomputation of
auto-hinter metrics. Without this change, multiple size changing
calls for a single face fail.
* include/freetype/config/ftoption.h
(AF_CONFIG_OPTION_TT_SIZE_METRICS): New option, commented out by
default.
* src/autofit/afloader.c (af_loader_load_glyph): Use
AF_CONFIG_OPTION_TT_SIZE_METRICS to guard the corresponding code.
* src/truetype/ttobs.h (TT_SizeRec): Add field `hinted_metrics' to
hold hinted metrics.
Make `metrics' a pointer so that `tt_glyph_load' can easily switch
between metrics.
* src/truetype/ttdriver.c (tt_size_request): Updated.
(tt_glyph_load): Use top-level metrics if FT_LOAD_NO_HINTING is
used.
* src/truetype/ttgload.c (TT_Hint_Glyph, TT_Process_Simple_Glyph,
TT_Process_Composite_Component, load_truetype_glyph,
compute_glyph_metrics, TT_Load_Glyph): Updated.
* src/truetype/ttinterp.c (TT_Load_Context): Updated.
* src/truetype/ttobjs.c (tt_size_reset): Updated.
* src/truetype/ttsubpix.c (sph_set_tweaks): Updated.
This mode uses fractional advance widths and doesn't scale glyphs
horizontally, only applying vertical scaling and hinting.
At the same time, the behaviour of the `light' auto-hinter gets
restored for backwards compatibility: Both vertical and horizontal
scaling is again based on rounded metrics values (this was changed
in a commit from 2017-03-30 as a side effect). To be more precise,
the behaviour is restored for TrueType fonts only; for other font
formats like Type 1, this is a new feature of the `light' hinting
mode.
* include/freetype/freetype.h (FT_LOAD_TARGET_SLIGHT): New macro.
(FT_RENDER_MODE_SLIGHT): New render mode.
* include/freetype/internal/ftobjs.h (FT_Size_InternalRec): Add
`autohint_mode' and `autohint_metrics' fields.
* src/autofit/afcjk.c (af_cjk_hints_init), src/autofit/aflatin.c
(af_latin_hints_init), src/autofit/aflatin2 (af_latin2_hints_init):
Updated.
* src/autofit/afloader.c (af_loader_embolden_glyph_in_slot): Use
`autohint_metrics'.
(af_loader_load_glyph): s/internal/slot_internal/.
Initialize `autohint_metrics' and `autohint_mode' depending on
current auto-hint mode.
Use `autohint_metrics'.
Updated.
* src/base/ftadvanc.c (LOAD_ADVANCE_FAST_CHECK): Updated.
* src/base/ftobjs.c (FT_Load_Glyph): Updated.
(FT_New_Size): Allocate `internal' object.
* src/pshinter/pshalgo.c (ps_hints_apply): Updated.
* src/smooth/ftsmooth.c (ft_smooth_render): Updated.
We are going to extend this later on.
* include/freetype/internal/ftobjs.h (FT_Size_InternalRec): New
structure with a single field `module_data'.
* src/base/ftobjs.c (FT_New_Size): Allocate `internal' field of
`FT_Size' structure.
* src/cff/cffgload.c (cff_builder_init, cff_decoder_prepare): Use
`size->internal->module_data' instead of `size->internal'.
* src/cff/cffobjs.c (cff_size_done): Deallocate `module_data'.
(cff_size_init, cff_size_select, cff_size_request): Use
`size->internal->module_data' instead of `size->internal'.
* src/cif/cidobjs.c (cid_size_done, cid_size_init,
cid_size_request): Use `size->internal->module_data' instead of
`size->internal'.
* src/psaux/psobjs.c (t1_builder_ini): Use
`size->internal->module_data' instead of `size->internal'.
* src/type1/t1objs.c (T1_Size_Done, T1_Size_Init, T1_Size_Request):
Use `size->internal->module_data' instead of `size->internal'.
Werner Lemberg