Problem reported by Marek Kašík <mkasik@redhat.com>.
The problematic font that exceeds the old limit is Padauk-Bold,
version 3.002, containing bytecode generated by a buggy version of
ttfautohint.
This commit handles the new engine.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT32,
OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, NEG_INT, NEG_LONG,
NEG_INT32): New macros.
* src/cff/cf2ft.c (cf2_getScaleAndHintFlag): Use OVERFLOW_ADD_INT32.
* src/cff/cf2hints.c (cf2_getWindingMomentum, cf2_hint_init,
cf2_hintmap_map, cf2_glyphpath_hintPoint,
cf2_glyphpath_computeIntersection, cf2_glyphpath_computeOffset,
cf2_glyphpath_lineTo, cf2_glyphpath_curveTo): Use
OVERFLOW_ADD_INT32, OVERFLOW_SUB_INT32, OVERFLOW_MUL_INT32, and
NEG_INT32 where appropriate.
* src/cff/cf2intrp.c (cf2_doFlex, cf2_doBlend,
cf2_interpT2CharString): Ditto.
Also add some other code where needed to avoid overflow.
This commit handles the old engine.
* src/cff/cffgload.c: Include FT_INTERNAL_CALC_H.
(cff_decoder_parse_charstrings): Use OVERFLOW_ADD_LONG and
OVERFLOW_SUB_LONG where needed.
* src/cff/cffparse.c: Include FT_INTERNAL_CALC_H.
(power_ten_limits): New static array.
(do_fixed): Use it to prevent multiplication overflow.
(cff_parser_run): Use OVERFLOW_ADD_LONG.
* src/pcf/pcfread.c (pcf_get_accel): Add sanity checks for
`fontAscent' and `fontDescent'.
(pcf_load_font): Add sanity checks for global height.
Add sanity checks for AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE,
RESOLUTION_X, and RESOLUTION_Y properties.
This commit (mainly for 32bit CPUs) is the first of a series of
similar commits to handle known integer overflows. Basically, all
of them are harmless, since they affect rendering of glyphs only,
not posing security threats. It is expected that fuzzying will show
up more overflows, to be fixed in due course.
The idea is to mark places where overflows can occur, using macros
that simply cast to unsigned integers, because overflow arithmetic
is well defined in this case. Doing so suppresses run-time errors
of sanitizers without adding computational overhead.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT,
OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros.
* src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply,
FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled,
ft_corner_orientation): Use new macros.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros.
The new name better describes what the macro actually does;
additionally, we don't need a trailing `f' for literals (there was
only a single such instance in the code, but this caused a clang
warning because the macro itself uses `double' literals).
* src/cff/cf2blues.c, src/cff/cf2blues.h, src/cff/cf2fixed.h,
src/cff/cf2font.c, src/cff/cf2hints.c: Updated.
* src/base/ftcalc.c (FT_MOVE_SIGN): Add argument to pass unsigned
value, to be used as the result.
(FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix, FT_MulFix,
FT_Vector_NormLen): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Compute all design
coordinates if we have to create the `blends->coord' array.
(TT_Get_MM_Blend, TT_Get_Var_Design): Select default instance
coordinates if no instance is selected yet.
Extra bitmap padding for LCD filtering depends on the filter. The
default 5-tap filter needs 2 extra subpixels. The light 3-tap filter
needs only 1 extra subpixel. This space could be already available
due to rounding. In order to optimize the padding, we now expand
CBox for the given filter weights before rounding.
This change breakes current Skia (and Firefox).
* include/freetype/internal/ftobjs.h (FT_LibraryRec)
[FT_CONFIG_OPTION_SUBPIXEL_RENDERING]: Remove `lcd_extra' field.
* src/base/ftlcdfil.c (FT_Library_SetLcdFilterWeights,
FT_Library_SetLcdFilter): Remove `lcd_extra' initializations.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Implement dymanic
LCD padding.
Problem reported by Hin-Tak Leung <htl10@users.sourceforge.net>.
* src/truetype/ttgload.c (TT_Load_Glyph)
[TT_CONFIG_OPTION_EMBEDDED_BITMAPS]: Handle error if font is not
scalable.
This moves warping option from LIGHT to NORMAL mode. This makes LIGHT
truly void of hinting in x-direction, with left side bearing never
changed and right side bearing only altered by advance rounding.
Therefore, LIGHT is now ready to return fractional advance. As a
NORMAL option, warping substitutes normal hinting.
* src/autofit/afcjk.c (af_cjk_hints_apply): Updated.
* src/autofit/aflatin.c (af_latin_hints_apply): Updated.
* src/autofit/aflatin2.c (af_latin2_hints_apply): Updated.
* src/autofit/afloader.c (af_loader_load_glyph): Handle warping
phantom points as normal.
=======================
Tag sources with `VER-2-8'.
* docs/VERSION.TXT: Add entry for version 2.8.
* docs/CHANGES: Updated.
* README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj,
builds/windows/vc2005/index.html,
builds/windows/vc2008/freetype.vcproj,
builds/windows/vc2008/index.html,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.7.1/2.8/, s/271/28/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 8.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 20:0:14.
* CMakeLists.txt (VERSION_MINOR): Set to 8.
(VERSION_PATCH): Set to 0.
* src/autofit/afblue.dat: Add blue zone data for Chakma.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Chakma standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Chakma data.
* src/autofit/afblue.dat: Add blue zone data for Kayah Li.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Kayah Li standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Kayah Li data.
* src/autofit/afblue.dat: Add blue zone data for Bamum.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Bamum standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Bamum data.
* src/autofit/afblue.dat: Add blue zone data for Saurashtra.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Saurashtra standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Saurashtra
data.
* src/autofit/afblue.dat: Add blue zone data for Buhid.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Buhid standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Buhid data.
* src/autofit/afblue.dat: Add blue zone data for Shavian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Shavian standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Shavian data.
* src/autofit/afblue.dat: Add blue zone data for Vai.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Vai standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Vai data.
* src/autofit/afblue.dat: Add blue zone data for Osmanya.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Osmanya standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Osmanya data.
* src/autofit/afblue.dat: Add blue zone data for Coptic.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Coptic standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Coptic data.
* src/autofit/afblue.dat: Add blue zone data for Carian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Carian standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Carian data.
* src/autofit/afblue.dat: Add blue zone data for Unified Canadian
Syllabics.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Unified Canadian Syllabics standard
character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Unified
Canadian Syllabics data.
This essentially moves the Sundanese script from the `Indic' hinter
to the `Latin' hinter.
* src/autofit/afblue.dat: Add blue zone data for Sundanese.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Sundanese standard character and move
data out of AF_CONFIG_OPTION_INDIC block.
* src/autofit/afranges.c: Move Sundanese data out of
AF_CONFIG_OPTION_INDIC block.
* src/autofit/afstyles.h: Update Sundanese data; in particular, use
AF_WRITING_SYSTEM_LATIN.
* src/autofit/afblue.dat: Add blue zone data for Avestan.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Avestan standard character.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Avestan data.
When points are not touched by gvar interpolation deltas, FreeType
gave a slightly different result than Apple's CoreText.
The OpenType working group will update the specification to document
the following behaviour: If the two points with deltas to the `left'
and `right' of the untouched point have the same coordinate, then
the inferred delta for the untouched point should be zero.
* src/truetype/ttgxvar.c (tt_delta_interpolate): Implement new
behaviour.
Problem reported by Markus Trippelsdorf <markus@trippelsdorf.de> and
Nikolaus Waxweiler <madigens@gmail.com>.
* src/base/ftobjs.c (FT_Request_Size): Trigger recomputation of
auto-hinter metrics. Without this change, multiple size changing
calls for a single face fail.
* include/freetype/config/ftoption.h
(AF_CONFIG_OPTION_TT_SIZE_METRICS): New option, commented out by
default.
* src/autofit/afloader.c (af_loader_load_glyph): Use
AF_CONFIG_OPTION_TT_SIZE_METRICS to guard the corresponding code.
Werner Lemberg