This is a follow-up to commit 26a7f047,
[cff] Make blend operator work with floats in private dicts.
which addressed the 'party baseline' bug. However, the reporting user
indicated that the default location and some other points in design space
rendered OK, but other points in design space still had problems. The most
obvious issue being that the x-heights of lower-case letters did not align;
see
https://github.com/adobe-fonts/source-serif/issues/121#issuecomment-1773794136
After some analysis we determined that this was due to an interaction
between `BlueValue` rounding and the zone-based algorithm. In short, for a
point to be considered in a zone it must fall within the bounds of the zone.
(There is a slop factor in some cases, but only a very small one.) In the
Adobe-contributed side of the code, point values are not integer-rounded,
instead they're kept as (some form of) fixed. Rounding just the `BlueValues`
means that points that need to be considered within a zone will fall outside
of it at some points in design space.
The majority of this patch changes the storage and parsing of `BlueValues`
to keep them as `FT_Fixed`. No significant code changes were needed because
the values are converted to `Fixed` anyway when stored in `CF_BlueRec`. No
attempt was made to address problems in the older pshinter code beyond
converting the values from `FT_Fixed` to `FT_Short` when copying the private
dictionary. (However, as the point values are also rounded in that code,
the problem is much less likely to occur, although inconsistency between
rounding and truncation could cause an analogous problem.)
* include/freetype/internal/cfftypes.h (CFF_PrivateRec): Use `FT_Fixed` for
`blue_values`, `other_blues`, `family_blues`, and `family_other_blues`.
* src/cff/cffload.c (cff_blend_doBlend): Updated.
* src/cff/cffobjs.c (CFF_fixedToInt): New macro.
(cff_make_private_dict): Use it.
* src/cff/cffparse.h (cff_kind_delta_fixed): New enum value.
* src/cff/cffparse.c (do_fixed): Updated.
(CFF_FIELD_DELTA, CFF_FIELD_DELTA_FIXED, CFF_DELTA_KIND): New set of macros,
replacing `CFF_FIELD_DELTA`.
(cff_parser_run): Updated to handle fixed-float deltas.
* src/cff/cfftoken.h: Updated to use `CFF_FIELD_DELTA_FIXED` for blue
values.
* src/psaux/psblues.c (cf2_blueToFixed): Removed, no longer needed.
(cf2_blues_init): Updated.
* src/pxaux/psft.c, src/pxaux/psft.h (cf2_getBlueValues, cf2_getOtherBlues,
cf2_getFamilyBlues, cf2_getFamilyOtherBlues): Updated signatures.
* src/psaux/psobjs.c (t1_make_subfont): Updated.
This is mostly cosmetic because FT_UInt and FT_UInt32 are likely identical.
* src/sfnt/ttcmap.c, src/cff/cffcmap.c, src/psaux/t1cmap.c,
src/psnames/psmodule.c, include/freetype/internal/service/svpcsmap.h,
src/pfr/pfrcmap.c, src/winfonts/winfnt.c (*_char_next): return FT_UInt.
Modern compilers get more insistent on that...
* include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define.
* src/*: Use it instead of `/* fall through */` comments.
It is possible for OtherSubr 19 to be invoked when `decoder->buildchar` is
NULL (so that `decoder->len_buildchar` is 0), the `blend` is non-NULL with
`blend->num_designs` set to 2, and the user supplied `idx` to be large (for
example 0xFFFFFFFE). Since these are all `FT_UInt32` the existing bounds
check overflows in a well defined manner, allowing for an invalid call to
`memcpy`.
In addition, it is possible to call OtherSubr 19 with
`decoder->len_buildchar`, `blend->num_designs`, and `idx` all zero (implying
that `blend->weight_vector` and `decoder->buildchar` are NULL). This passes
the bounds check (it is logically always fine to copy nothing starting at
index zero) but may invoke undefined behavior in `ft_memcpy` if it is backed
by `memcpy`. Calling `memcpy` with either the `src` or `dst` NULL is
undefined behavior (even if `count` is zero).
* src/psaux/psintrp.c (cf2_interpT2CharString): Correctly check that
`blend->num_designs` can be copied to `decoder->buildchar[idx]`.
Also avoid passing NULL to `ft_memcpy`.
Bug: https://crbug.com/1299259
The old impleemntation was not using `FT_REALLOC`, buing too careful
with the offset rebasing. It shoudl be safe to rely on the base
movements.
* src/psaux/psobjs.c (reallocate_t1_table, shift_elements): Combine
into...
(ps_table_realloc): ... this function based on `FT_REALLOC`.
(ps_table_done): Simplified.
(ps_table_add): Updated.
* src/base/ftrfork.c (raccess_make_file_name): Do not set error.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string): Ditto.
* src/cff/cffobjs.c (cff_strcpy): Do not confuse about error.
* src/psaux/psobjs.c (ps_table_done): Ditto.
* src/truetype/ttgxvar.c (ft_var_readpacked*, ft_var_load_avar): Ditto.
==========================
Tag sources with `VER-2-11-0'.
* docs/VERSION.TXT: Add entry for version 2.11.0.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/index.html, docs/freetype-config.1:
s/2.10.4/2.11.0/, s/2104/2110/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 11.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:0:18.
* CMakeLists.txt (VERSION_MINOR): Set to 11.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (dist): Ignore more git-related files.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
in the `freetype2-testing` repository.
Fixes timeout reported as
https://crbug.com/1206181
* src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it.
* src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.
* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Add new macro.
* src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c,
src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c,
src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks.
Fixes#1026 when compiling FreeType with an unusual calling convention
while the C library qsort still expects cdecl.
This ensures good logging output, with all lines having a proper
prefix (if requested).
This is a continuation of a similar patch from 2020-12-02, which
missed some locations.