Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7371
* src/cff/cffload.c (cff_load_private_dict): Sanitize
`priv->blue_shift' and `priv->blue_fuzz' to avoid overflows later
on.
* src/type1/t1load.c (T1_Open_Face): Ditto.
* src/truetype/ttgxvar.c (ft_var_to_normalized): Don't emit number
of coordinates.
(TT_Get_MM_Var): Trace instance indices names.
(TT_Set_Var_Design): Updated.
* src/tools/apinames.c (PROGRAM_VERSION): Set to 0.3.
(OutputFormat): Add `OUTPUT_GNU_VERMAP'.
(names_dump): Handle it.
(usage): Updated.
(main): Handle new command line flag `-wL'.
* builds/unix/configure.raw: Check for resource compiler.
* builds/unix/unix-cc.in: Conditionally set up resource compiler.
* builds/freetype.mk: Add conditional rule for `ftver.rc'.
* src/base/ftver.rc: Copyright notice and year update.
According to the CFF specification, charstrings can have up to 96 stem
hints. Due to hint replacement routines in Type 1 charstrings, some
glyphs are rejected by the Adobe engine, which implements the above
limit. This fix turns off hinting for such glyphs.
* src/psaux/pshints.c (cf2_hintmap_build): Reset the error from calling
`cf2_hintmask_setAll' on a problematic Type 1 charstring and turn off
hinting.
This is necessary in case the application's memory routines differ
from FreeType. A typical example is a Python application on Windows
that calls FreeType compiled as a DLL via the `ctypes' interface.
* include/freetype/ftmm.h, src/base/ftmm.c (FT_Done_MM_Var): Declare
and define.
* docs/CHANGES: Updated.
Behdad reported that setting blend coordinates, then getting design
coordinates did incorrectly return the default instance's
coordinates.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Fix it.
* include/freetype/internal/ftpsprop.h: Use `FT_BASE_CALLBACK'.
(ps_property_get): Harmonize declaration with corresponding
function typedef.
* include/freety[e/internal/fttrace.h: Add `trace_psprops'.
* src/base/ftpsprop.c: Include necessary header files.
(FT_COMPONENT): Define.
(ps_property_set): Tag with `FT_BASE_CALLBACK_DEF'.
(ps_property_get): Tag with `FT_BASE_CALLBACK_DEF'.
Harmonize declaration with corresponding function typedef.
This reduces the amount of duplicated code across PostScript drivers.
* src/cff/cffdrivr.c, src/cid/cidriver.c, src/type1/t1driver.c
({cff,cid,t1}_property_{get,set}): Moved to...
* include/freetype/internal/ftpsprop.h: ...this new file.
(ps_property_{get,set}): New functions to replace moved ones.
* src/base/ftpsprop.c: Implement above functions.
* include/freetype/internal/internal.h (FT_INTERNAL_POSTSCRIPT_PROPS_H):
New macro.
* src/cff/cffdrivr.c, src/cid/cidriver.c, src/type1/t1driver.c: Updated.
* src/base/Jamfile, src/base/rules.mk, src/base/ftbase.c: Updated.
We exit early if the current design or blend coordinates are
identical to the new ones.
* src/truetype/ttgxvar.c (tt_set_mm_blend, TT_Set_Var_Design):
Implement it, returning internal error code -1 if there will be no
variation change.
* src/type1/t1load.c (t1_set_mm_blend): Ditto.
* src/base/ftmm.c (FT_Set_Var_Design_Coordinates,
FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Updated.
The subsetted demo font of the report that exhibits the bug has a
very unusual type 2 cmap for Unicode(!): It contains only two
sub-headers, one for one-byte characters (covering the range 0x20 to
0xFA), and a second one for higher byte 0x01 (just for character
code U+0131).
Before this commit, the iterator wasn't able to correctly handle a
sub-header for higher byte 0x01.
* src/sfnt/ttcmap.c (tt_cmap2_char_next): Fix character increment
for outer loop.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Always adjust
`pp1' to `pp4', except if we have an HVAR and/or VVAR table.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Handle
alternative code branch identically w.r.t. presence of an HVAR
and/or VVAR table.
Stuff like
{
<bla>
}
confused the parser, which incorrectly treated `<bla>' as a markup
tag.
* src/tools/docmaker/content.py (ContentProcessor::process_content):
Apply `re_markup_tags' only outside of code sections.
Werner Lemberg