Very embarassing :-)
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14701https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14705https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14710
* src/truetype/ttgload.c (IS_DEFAULT_INSTANCE): Move up and add
argument; update all callers.
(TT_Process_Simple_Glyph): Use it. The `unrounded' array is active
for variation fonts only, thus also enclose related code with
`#ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT ... #endif' where
necessary.
Revert commit a113e5d from 2019-05-09, and don't use `extra_points2'
but allocate a temporary array.
Speed up the scaling of the `unrounded' array.
* src/truetype/ttgxvar.c (FT_fixedToInt, FT_FixedToFdot6): Fix type
conversions and rounding. The unsigned type must have more or equal
bits to the signed type.
This patch make FreeType use font units in 26.6 format internally
instead of integers.
* src/truetype/ttgxvar.c (FT_fixedToFdot6): New macro.
(TT_Vary_Apply_Glyph_Deltas): Add argument to output unrounded font
coordinates.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Use
`extra_points2' array to temporarily hold unrounded point
coordinates; use them to compute scaled coordinates and linear
advance width and height.
(load_truetype_code): Adjust similarly.
Reported by Sender Ghost <lightside@gmx.com>.
* src/autofit/afcjk.c (af_cjk_hints_compute_edges): Catch a corner
case where `edge->first' could be NULL.
* src/pfr/pfrobjs.c (pfr_slot_load): Remove unnecessary test of
`size'.
* src/raster/ftraster.c (Draw_Sweep): Catch a corner case where
`draw_right' might be NULL.
* src/sfnt/ttmtx.c (tt_face_get_metrics): Fix limit test for
`aadvance'.
Ensure `abearing' always hold a meaningful result.
* src/truetype/ttgload.c (load_truetype_glyph): Ensure `subglyph' is
not NULL before accessing it.
* src/truetype/ttgxvar.c (TT_Set_Named_Instance): Remove unnecessary
test of `namedstyle'.
* src/type42/t42parse.c (t42_parser_done): Ensure
`parser->root.funcs.done' is not NULL before accessing it.
Before this commit we had code like
(FT_Bool)( globals->glyph_styles[gindex] & 0x8000)
Since `FT_Bool' is defined to be an `unsigned char', the code
evaluated to something like
(unsigned char)( 0x8532 & 0x8000)
which in turn expanded to
(unsigned char)( 0x8000)
and finally yielded 0x00 – i.e., false – not as expected.
Problem reported and analyzed by Tony Smith <tony.smith@macro4.com>.
* include/freetype/fttypes.h (FT_BOOL): Add a comparison against
zero so that we always have a Boolean expression.
*/*: Replace castings to `FT_Bool' with calls to `FT_BOOL' where
possible.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10054
* src/truetype/ttgload.c (load_truetype_glyph): Don't use variable
`opened_frame' to trace whether a frame must be closed at the end of
function: This fails because `TT_Vary_Apply_Glyph_Deltas' (which
gets called for space glyphs) uses a frame by itself. Instead,
close the frame after loading the header, then use another frame for
the remaining part of the glyph later on.
Also avoid calling `tt_get_metrics' twice under some circumstances.
* src/truetype/ttgload.c (ON_CURVE_POINT, X_SHORT_VECTOR,
Y_SHORT_VECTOR, REPEAT_FLAG, X_POSITIVE, SAME_X, Y_POSITIVE, SAME_Y,
OVERLAP_SIMPLE): New macros.
(TT_Load_Simple_Glyph): Use new macros to make code more readable.
Remove useless adjustment of `outline->tags' elements.
This monster commit was created by applying Nikhil's scripts
`docconverter.py' and `markify.py' to all C header and source files,
followed up by minor manual clean-up.
No change in functionality, of course.
I used commit f7419907bc6044b9b7057f9789866426c804ba82 from
https://github.com/nikramakrishnan/freetype-docs.git.
* include/freetype/internal/ftobjs.h (FT_Glyph_LayerRec): Move this
structure to...
* include/freetype/freetype.h (FT_Glyph_LayerRec): ... this
header file.
(FT_Glyph_Layer): New typedef.
Update code to use it where appropriate.
* src/base/ftobjs.c (FT_Get_GlyphLayers): New function.
* src/truetype/ttgload.c (TT_Load_Glyph): Free old `layers' array
before reassigning allocated memory.
Only allocate `color_layers' if we don't have one already.
* src/sfnt/ttcolr.c (tt_face_load_colr_layers): Return FT_Err_Ok if
current glyph is not a `COLR' base glyph.
* src/truetype/ttgload.c (TT_Load_Glyph): Don't allocate
`color_layers' if there are no color layers.
This commit enables OpenType's COLR/CPAL table handling; a typical
application are color emojis that can be scaled to any size.
If the color palette does not exist or is invalid, the rendering
step rasterizes the outline instead. The current implementation
assumes that the foreground is black.
Enable this by defining option TT_CONFIG_OPTION_COLOR_LAYERS.
There are still some issues with metrics; additionally, an API to
fetch color layers is missing.
* devel/ftoption.h, include/freetype/config/ftoption.h
(TT_CONFIG_OPTION_COLOR_LAYERS): New macro.
* include/freetype/internal/ftobjs.h (FT_Glyph_LayerRec,
FT_Colr_InternalRec): New structures.
(FT_Slot_InternalRec): Add `color_layers' field.
* include/freetype/internal/sfnt.h (TT_Load_Colr_Layer_Func,
TT_Blend_Colr_Func): New function types.
(SFNT_Interface): Add `load_colr', `free_colr', `load_colr_layer',
and `colr_blend' fields.
* include/freetype/internal/tttypes.h (TT_FaceRec): Add
`colr_and_cpal' field.
* include/freetype/internal/tttags. (TTAG_COLR, TTAG_CPAL): New
macros.
* src/sfnt/ttcolr.c, src/sfnt/ttcolr.h: New files.
* src/base/ftobjs.c (ft_glyphslot_done, FT_Render_Glyph_Internal):
Handle glyph color layers.
* src/sfnt/Jamfile (_sources), src/sfnt/rules.mk (SFNT_DRV_SRC): Add
`ttcolr.c'.
* src/sfnt/sfdriver.c: Include `ttcolr.h'.
(PUT_COLOR_LAYERS): New macro.
Update call to `FT_DEFINE_SFNT_INTERFACE'.
* src/sfnt/sfnt.c: Include `ttcolr.c'.
* src/sfnt/sfobjs.c (sfnt_load_face): Load `COLR' and `CPAL' tables.
(sfnt_done_face): Updated.
* src/truetype/ttgload.c (TT_Load_Glyph): Handle color layers.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Always adjust
`pp1' to `pp4', except if we have an HVAR and/or VVAR table.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Handle
alternative code branch identically w.r.t. presence of an HVAR
and/or VVAR table.
This reduces redundancy and increases synergy; it also reduces the
number of header files.
* include/freetype/config/ftheader.h (FT_DRIVER_H): New macro.
(FT_AUTOHINTER_H, FT_CFF_DRIVER_H, FT_TRUETYPE_DRIVER_H,
FT_PCF_DRIVER_H, FT_TYPE1_DRIVER_H): Make them aliases to
FT_DRIVER_H.
* include/freetype/ftautoh.h, include/freetype/ftcffdrv.h,
include/freetype/ftpcfdrv.h, include/freetype/ftt1drv.h,
include/freetype/ftttdrv.h: Replaced with...
* include/freetype/ftdriver.h: ...this new file.
(FT_CFF_HINTING_ADOBE, FT_T1_HINTING_ADOBE): Renamed to...
(FT_HINTING_ADOBE): ... this new macro.
(FT_CFF_HINTING_FREETYPE, FT_T1_HINTING_FREETYPE): Renamed to...
(FT_HINTING_FREETYPE): ... this new macro.
* src/*/*: Updated accordingly.
Requested by Behdad.
Modern bitmap-only SFNTs like `NotoColorEmoji.ttf' don't contain
entries in the bitmap strike(s) for empty glyphs. Instead, they
rely that a space glyph gets created from the font's metrics data.
This commit makes FreeType behave accordingly.
* include/freetype/fterrdef.h (FT_Err_Missing_Bitmap): New error
code.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_image): Change error codes
to make a distinction between a missing bitmap in a composite and a
simple missing bitmap.
* src/truetype/ttgload.c (TT_Load_Glyph): For a missing bitmap (in a
bitmap-only font), synthesize an empty bitmap glyph if metrics are
available.
Phantom points are now saved outside v40 backwards compatibility
mode. This fixes the jumping glyphs when switching between v35 and
v40 monochrome mode.
* src/truetype/ttgload.c (TT_Hint_Glyph): Fix inversed bool logic.
* src/sfnt/sfobjs.c (sfnt_load_face): The units per EM value has now
(tighter) limits.
* src/truetype/ttgload.c (load_truetype_glyph): The new OpenType
version explicitly allows all negative values for the number of
contours if we have a composite glyph (this is for better backwards
compatibility I guess), but it still recommends value -1.
Problem reported by Hin-Tak Leung <htl10@users.sourceforge.net>.
* src/truetype/ttgload.c (TT_Load_Glyph)
[TT_CONFIG_OPTION_EMBEDDED_BITMAPS]: Handle error if font is not
scalable.
* src/truetype/ttobs.h (TT_SizeRec): Add field `hinted_metrics' to
hold hinted metrics.
Make `metrics' a pointer so that `tt_glyph_load' can easily switch
between metrics.
* src/truetype/ttdriver.c (tt_size_request): Updated.
(tt_glyph_load): Use top-level metrics if FT_LOAD_NO_HINTING is
used.
* src/truetype/ttgload.c (TT_Hint_Glyph, TT_Process_Simple_Glyph,
TT_Process_Composite_Component, load_truetype_glyph,
compute_glyph_metrics, TT_Load_Glyph): Updated.
* src/truetype/ttinterp.c (TT_Load_Context): Updated.
* src/truetype/ttobjs.c (tt_size_reset): Updated.
* src/truetype/ttsubpix.c (sph_set_tweaks): Updated.
* src/truetype/ttdriver.c (tt_size_request): Revert change from
2011-07-16; the intended metrics fix seems now to be implemented in
a different way, making the patch unnecessary. Note that this
change was usually patched out by all major GNU/Linux distributions
due to heavy side effects.
* src/truetype/ttgload.c (compute_glyph_metrics, TT_Load_Glyph):
Refer to the metrics of the `TT_Size' object.
At least on FreeBSD there is a global declaration of `index' in file
`/usr/include/strings.h'.
* src/cff/cf2intrp.c, src/truetype/ttgload.c: s/index/idx/ where
appropriate.
Too much local variables holding different structures were called
`metrics'.
* src/truetype/ttdriver.c (tt_size_select): s/metrics/size_metrics/.
* src/truetype/ttgload.c (tt_get_metrics_incr_overrids,
compute_glyph_metrics): s/metrics/incr_metrics/.
(load_sbit_image): s/metrics/sbit_metrics/.
* src/truetype/ttobjs.c (tt_size_run_fpgm): s/metrics/size_metrics/.
(tt_size_init_bytecode): s/metrics/tt_metrics/.
(tt_size_reset): s/metrics/size_metrics/.
We have to make a separate case for Windows 64's LLP64 data model.
* builds/unix/ftconfig.in, builds/vms/ftconfig.h,
include/freetype/config/ftconfig.h (FT_UINT_TO_POINTER): New macro.
* src/truetype/ttgload.c (load_truetype_glyph): Use it.
* src/autofit/afcjk.c, src/autofit/afindic.c: Include `afcjk.h'
earlier.
* src/sfnt/sfobjs.c (sfnt_init_face): Put `memory' variable into
TT_CONFIG_OPTION_GX_VAR_SUPPORT block.
(sfnt_done_face): Protect some code with
TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Remove compiler
warning.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Put `tmp' variable
into TT_USE_BYTECODE_INTERPRETER block.
(tt_loader_init): Put `error' variable into
TT_USE_BYTECODE_INTERPRETER block.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check instruction
size only if we do native hinting.
(TT_Load_Glyph): Trace returned error code.
* src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Trace
returned error code.
(tt_size_ready_bytecode): Don't run `prep' table if `fpgm' table is
invalid.
* src/cff/cffdrivr.c: Don't include
`FT_SERVICE_METRICS_VARIATIONS_H'.
(cff_get_advances): Use `ttface->variation_support'.
* src/truetype/ttdriver.c (tt_get_advances): Use
`ttface->variation_support'.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Use `ttface->variation_support'.
When asking for an unhinted non-default variations,
`linearVertAdvance' is currently the value from the `hmtx' table
instead of the actual value after applying the variation. `HVAR'
support fixes this, but fonts will exist without that table and will
need sane fallback.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Implement linear advance adjustments if `HVAR'
or `VVAR' tables are missing.
* include/freetype/internal/tttypes.h (TT_Face): Move
`is_default_instance' into TT_CONFIG_OPTION_GX_VAR_SUPPORT
block.
* src/sfnt/sfobjs.c (sfnt_init_face): Updated.
* src/truetype/ttgload.c (IS_DEFAULT_INSTANCE): New macro.
(TT_Load_Glyph): Use it.
This avoids additional calls to `tt_face_lookup_table' for the
`glyf' table, which can be expensive.
* include/freetype/internal/tttypes.h (TT_LoaderRec): Move
`glyf_offset' field to ...
(TT_FaceRec): ... this structure.
* src/truetype/ttgload.c (load_truetype_glyph): Updated.
(tt_loader_init): Move initialization of `glyf_offset' to ...
* src/truetype/ttpload.c (tt_face_load_loca): .. this function.
Since 2016-05-16 we detect infinite recursion directly.
* src/sfnt/ttload.c (tt_face_load_maxp): Don't adjust
`maxComponentDepth'.
* src/truetype/ttgload.c (load_truetype_glyph): Don't abort if
`maxComponentDepth' is not valid. Instead, simply adjust its value
and emit a tracing message.
This patch prepares data structures and the like.
See added comments in `ttinterp.h' for more information on this and
the following commits in the series.
* devel/ftoption.h, include/freetype/config/ftoption.h
(TT_CONFIG_OPTION_SUBPIXEL_HINTING): Assign values to differentiate
between subpixel versions.
(TT_SUPPORT_SUBPIXEL_HINTING_INFINALITY,
TT_SUPPORT_SUBPIXEL_HINTING_MINIMAL): New macros.
* include/freetype/ftttdrv.h (TT_INTERPRETER_VERSION_40): New macro.
* include/freetype/internal/tttypes.h (TT_FaceRec): Updated.
* src/truetype/ttinterp.h (TT_ExecContextRec): Define new fields
`subpixel_hinting_lean', `vertical_lcd_lean',
`backwards_compatibility', `iupx_called', iupy_called', and
`grayscale_cleartype' for new hinting mode.
* src/truetype/ttdriver.c (tt_property_set): Handle v38 and v40
interpreters conditionally.
* src/truetype/ttgload.c (TT_Hint_Glyph): Save phantom points unless
in v38 backwards compatibility mode.
Updated.
(compute_glyph_metrics): Add v38 backwards compatibility mode
constraint for adjusting advance widths.
Updated.
(tt_loader_init): Handle new flags `subpixel_hinting_lean',
`grayscale_cleartype', and `vertical_lcd_lean'.
Updated.
(tt_get_metrics, TT_Process_Simple_Glyph, TT_LOADER_SET_PP):
Updated.
* src/truetype/ttobjs.c (tt_driver_init): Conditionally set
default interpreter version number.
* src/truetype/ttsubpix.c, src/truetype/ttsubpix.h: Updated.
The previous fix for #46372 misunderstood a composite glyph referring
same component twice as a recursive reference. See the discussion
http://lists.gnu.org/archive/html/freetype/2016-05/msg00000.html
Thanks to Khaled Hosny for finding this issue.
* src/truetype/ttgload.c (ft_list_get_node_at): A function to get
the i-th node from FT_List. (load_truetype_glyph): In the traversal
scan of the reference tree in the composite glyph, we clear the
nodes filled by previous sibling chain.
* include/freetype/internal/tttypes.h (TT_LoaderRec): New field
`composites'.
* src/truetype/ttgload.c: Include FT_LIST_H.
(load_truetype_glyph): Add composite subglyph index to a list;
abort if index is already in list.
(tt_loader_init): Updated.
(tt_loader_done): New function.
(TT_Load_Glyph): Call `tt_loader_done'.
* src/base/ftrfork.c (FT_Raccess_Get_HeaderInfo): Only accept
positive values from header.
Check overflow.
* src/base/ftoutln.c (SCALED): Correctly handle left-shift of
negative values.
* src/bdf/bdf.h (_bdf_glyph_modified, _bdf_set_glyph_modified,
_bdf_clear_glyph_modified): Use unsigned long constant.
* src/bdf/bdfdrivr.c (BDF_Size_Select, BDF_Glyph_Load): Don't
left-shift values that can be negative.
* src/pcf/pcfdrivr.c (PCF_Size_Select, PCF_Glyph_Load): Don't
left-shift values that can be negative.
* src/raster/ftraster.c (SCALED): Correctly handle left-shift of
negative values.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Don't left-shift
values that can be negative.
* src/truetype/ttgload.c (TT_Load_Composite_Glyph,
compute_glyph_metrics, load_sbit_image): Don't left-shift values
that can be negative.
This is completely missing in Apple's documentation: If a `gvar'
tuple uses private point numbers (this is, deltas are specified for
some points only), the uncovered points must be interpolated for
this tuple similar to the IUP bytecode instruction. Examples that
need this functionality are glyphs `Oslash' and `Q' in Skia.ttf.
* src/truetype/ttgxvar.c (tt_delta_shift, tt_delta_interpolate,
tt_handle_deltas): New functions.
(TT_Vary_Get_Glyph_Deltas): Renamed to...
(TT_Vary_Apply_Glyph_Deltas): ... this; it directly processes the
points and does no longer return an array of deltas.
Add tracing information.
Call `tt_handle_deltas' to interpolate missing deltas.
Also fix a minor memory leak in case of error.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Updated.
* src/truetype/ttgload.c, src/truetype/ttinterp.c: Guard new code
with `TT_CONFIG_OPTION_SUBPIXEL_HINTING'.
Problem reported by Nikolaus Waxweiler <madigens@gmail.com>.
This flag activates `native ClearType hinting', disabling backwards
compatibility mode as described in Greg Hitchcocks whitepaper. In
other words, it enables unrestricted functionality of all TrueType
instructions in ClearType.
* src/truetype/ttgload.c (tt_get_metrics): Call `sph_set_tweaks'
unconditionally.
(tt_loader_init): Unset `ignore_x_mode' flag if bit 2 of
`GS.instruct_control' is active.
* src/truetype/ttinterp.c (Ins_INSTCTRL): Handle selector index 3.
(Ins_GETINFO): Updated.
* docs/CHANGES: Document it.
* src/truetype/ttgload.c (TT_Load_Composite_Glyph): If the
ARGS_ARE_XY_VALUES flag is not set, handle argument values as
unsigned. I trust `ttx' (which has exactly such code) that it does
the right thing here...
The reason that noone has ever noticed this bug is probably the fact
that point-aligned subglyphs are rare, as are subglyphs with a
number of points in the range [128;255], which is quite large (or
even in the range [32768;65535], which is extremely unlikely).
Werner Lemberg