The circular dependency is still there, but at least we no longer depend on
the HarfBuzz API that is only present if HarfBuzz has been built with
FreeType support, making the bootstrapping a bit easier.
* src/autofit/ft-hb.c, src/autofit/ft-hb.h: New files, providing
`_hb_ft_font_create`, which is more or less a verbatim copy of the
corresponding HarfBuzz code from file `hb-ft.cc`.
* src/autofit/afglobal.c (af_face_globals_new): Use it.
* src/autofit/afshaper.h: Don't include `hb-ft.h` but `ft-hb.h`.
* src/autofit/autofit.c: Include `ft-hb.c`.
* LICENSE.TXT: Updated.
`tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`. While it
may return an error, the item store must be left in a consistent state so
that any use or destruction of the item store can properly use or free the
data in it. Before this change the counts from the font data were read
directly into the item store before the actual allocation of the arrays to
which they referred. There exist many opportunities between the time the
counts are read and the arrays are allocated to return early due to invalid
data. When this happened the item store claimed to have entires it actually
did not, leading to crashes later when it was used.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449
* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts
into local variables and store them in the item store only after the related
arrays are actually created on the item store.
In `open_face` the initial stream is set on the face, along with the
information about if FreeType is the owner of the stream object itself. The
loaders may in the course of their work replace this stream with a new
stream (as is the case for 'woff' and 'woff2'), which may have a different
ownership than the initial stream object (likely the original stream object
is owned by the user and is external, while the new stream object is created
internally to FreeType and is internal). When the stream is replaced, the
face's flags are updated with the new ownership status.
However, `open_face` cannot itself free this stream as its caller
`ft_open_face_internal` is responsible for this. In addition, in the case
of an error `open_face` cannot return an actual face with the new stream and
its ownership status to the caller. As a result, it must pass this
information back to the caller as a sort of "failed face" so that the caller
can clean up.
`open_face` was already passing back the new stream but was not passing back
the stream ownership information. As a result the stream may not have been
free'd when needed.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700
* src/base/ftobjs.c (open_face): Pass back the ownership information as
well.
(ft_open_face_internal): Updated.
Fixes https://bugs.chromium.org/p/skia/issues/detail?id=14021
* src/sfnt/ttcolr.c (VAR_IDX_BASE_SIZE): New macro.
(tt_face_get_colorline_stops): Fix off-by-one bounds check calculation, take
`VarColorStop` into account, and hopefully make it easier to read.
The division-by-zero might happen in broken fonts (see #1194).
Instead of returning a huge number from FT_DivFix and failing
to scale later, we now bail immediately.
* src/gzip/ftgzip.c (HAVE_HIDDEN): Do not define; it is no longer needed
because everything is static.
(HAVE_MEMCPY): Define.
(zcalloc, zcfree): Remove no longer needed definitions (because `Z_SOLO` is
active).
* src/gzip/patches/freetype-zlib.diff: Regenerated.
Fixes#1146.
Co-authored-by: Werner Lemberg <wl@gnu.org>
ftmodule.h is generated at the root of the build directory, but FT_CONFIG_MODULES_H
(freetype/config/ftmodule.h) is used instead.
This makes the build fail when disabling modules in modules.cfg.
* meson.build (harfbuzz_dep): Add '-DFT_CONFIG_MODULES_H=<ftmodule.h>'.
The sdf module wasn't recognized, so the generated ftmodule.h had "None_renderer_class".
* builds/meson/parse_modules_cfg.py: Handle sdf in RASTER_MODULES.
This gives users a possibility to deactivate new features not (yet) in the
OpenType standard.
* include/freetype/config/ftoption.h, devel/ftoption.h
(TT_CONFIG_OPTION_NO_BORING_EXPANSION): New macro.
* src/truetype/ttgxvar.c (ft_var_load_avar): Use it to disable 'avar'
version 2.0 support.
* src/truetype/ttgxvar.c (tt_hvadvance_adjust): Move bounds check ...
(tt_var_get_item_delta): ... to this function, because it is safer. For
example, the 'avar' table 2.0 codepath was not performing a bounds check at
all.
* builds/unix/configure.raw: Fix `-Wstrict-prototypes`.
Clang 16 warns on these and they will be dropped in C23.
* builds/unix/freetype2.m4: Ditto.
Signed-off-by: Sam James <sam@gentoo.org>
* src/truetype/ttgcvar.c (ft_var_load_hvvar): restore previous behavior
In a previous change [0] the behavior of `ft_var_load_hvvar` was changed
to not load the item variation store if it was at offset 0, but not
return an error when this happened. This broke any users, like
`tt_hvadvance_adjust`, that rely on successful completion of
`ft_var_load_hvvar` to imply that returned table's `itemStore` had been
initialized. This lead such users to dereference NULL.
This change appears to have been unintentional and unrelated to the
actual avar2 changes. As a result, fix these NULL dereferences by
restoring the code to always attempt to initialize the `itemStore`.
[0] ae4eb996 "[truetype] Add support for `avar` table 2.0 format."
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53061
Fix "make multi" by MR !223
* include/freetype/internal/services/svmm.h: include ftmm.h to define FT_Get_MM_Func.
* src/truetype/ttgxvar.h: include ftmmtypes.h to use GX_AVarTable properly.
* src/base/ftmac.c: include ftdebug.h to use FT_THROW() properly.
The binary searches within charmaps can be accelerated because they
often contain dense continuous blocks of character codes. Within such
blocks, you can predict matches based on misses. This method has been
deployed in `bdf` since 0f122fef34; we only refactor it there. We now
use it in `pfr` and `psnames`, which speeds up the unicode charmap
access by about 50% in PFR and Type 1 fonts.
* src/bdf/bdfdrivr.c (bdf_cmap_char_{index,next}): Refactor.
* src/pfr/pfrcmap.c (pfr_cmap_char_{index,next}): Predict `mid` based
on the mismatch distance.
* src/psnames/psmodule.c (ps_unicodes_char_{index,next}): Ditto.
See
https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md
for the specification.
Currently, this is implemented only in most recent OS versions on Apple
platforms and in the HarfBuzz library, but it is expected to be added to the
OpenType standard soon.
* src/truetype/ttgxvar.h (GX_AVarTableRec): New structure.
(GX_BlendRec): Use it to replace `avar_segment` with `avar_table`.
* src/truetype/ttgxvar.c (ft_var_load_avar): Load new table version.
(ft_var_to_normalized, tt_done_blend): Extend for new format.
(ft_var_load_hvvar, ft_var_to_design): Updated.
Use pre-calculated scaling factors. Also, the advance widths used
to be rounded, which was incorrect.
* src/cff/cffgload.c (cff_slot_load): Use `x_scale` and `y_scale`.
* src/truetype/ttgload.c (TT_Load_Glyph): Ditto.
* src/sfnt/ttcolr.c (read_paint): Add `colr` argument, necessary for...
... another use of `ENSURE_READ_BYTES`.
Update callers.
(tt_face_get_paint_layers): Ensure that the 4-byte paint table
offset can be read.
This is a follow-up to !124 and issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
* src/sfnt/ttcolr.c (ENSURE_READ_BYTES): New macro.
(read_paint): Use it – after the start pointer `p` has been checked for
whether it allows reading the format byte, each successive paint table field
read need to be bounds-checked before reading further values.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
This ancient option stayed completely undocumented. Given that the 'cff'
driver requires the 'psnames' module, it makes no sense today to have this
macro.
* src/cff/cffdrivr.c (cff_services), src/cff/cffobjs.c (cff_face_init):
Remove corresponding conditional code.
Matthias Clasen