In the unlikely case the source is built with OpenWatcom's -ec?
switches to enforce a calling convention, the qsort() compare
function must still be set to __watcall.
* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Updated.
The `normal_top.count` may be 0, implying no `normal_top.zones` exist.
The code must not access these (non-existent) `normal_top.zones`.
* src/pshinter/pshalgo.c (ps_hints_apply): Do not assume that
`normal_top.zones[0]` is initialized. Test `normal_top.count`
before using `normal_top.zones[0]`. Do not rescale if there are no
`zones`.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43675
* include/freetype/config/integer-types.h: Make sure `long long` is
used then available.
* include/freetype/internal/ftcalc.h (FT_MSB): Add Watcom C/C++ pragma.
According to the bzip documentation it is undefined what will happen if
`BZ2_bzDecompress` is called on a `bz_stream` it has previously returned an
error against. If `BZ2_bzDecompress` returns anything other than `BZ_OK`
the only valid next action is `BZ2_bzDecompressEnd`.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43564
* src/bzip2/ftbzip2.c (FT_BZip2FileRec_): Add `reset` to track the need to
reset the stream.
(ft_bzip2_file_init): Initialize `reset` to 0.
(ft_bzip2_file_reset): Set `reset` to 0 after resetting.
(ft_bzip2_file_fill_output): Set `reset` to 1 when `BZ2_bzDecompress`
returns anything other than `BZ_OK`.
Fetch current list of valid CAs from Windows Update and manually import them
to trusted datastore. This action is required to make downloads work from
sites that need recent Let's Encrypt ISRG Root X1 certificate.
This reverts commit d276bcb7f0.
The original commit did avoid the use of uninitialized memory. However,
it appears that the original commit is no longer required. The
underlying issue was resolved by a change in freetype2-testing "Build
bzip2 correctly." [0]. Prior to [0] bzip2 was built without msan, so
bzip2 writes were not tracked or considered initialized. Clearing
`buffer` in the original commit allowed msan to see the `buffer` content
initialized once in FreeType code, but msan saw no writes into buffer
from bzip2. With bzip2 now built with msan, the bzip2 writes are
properly instrumented and msan sees the bzip2 writes into the buffer. As
a result the original commit can be safely reverted to allow for better
detection of other uninitialized data scenarios.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Revert to using `FT_QNEW`.
[0] 3c052a837a
Currently `T42_Open_Face` eagerly allocates 12 bytes for the ttf header
data which it expects `t42_parse_sfnts` to fill out from /sfnts data.
However, there is no guarantee that `t42_parse_sfnts` will actually be
called while parsing the type42 data as the /sfnts array may be missing
or very short. This is also confusing behavior as it means
`T42_Open_Face` is tightly coupled to the implementation of the very
distant `t42_parse_sfnts` code which requires at least 12 bytes to
already be reserved in `face->ttf_data`.
`t42_parse_sfnts` itself eagerly updates `face->ttf_size` to track how
much space is reserved for ttf data instead of traking how much data has
actually been written into `face->ttf_data`. It will also act strangely
in the presense of multiple /sfnts arrays.
* src/type42/t42objs.c (T42_Open_Face): ensure `ttf_data` is initialized
to NULL. Free `ttf_data` on error.
* src/type42/t42parse.c (t42_parse_sfnts): delay setting `ttf_size` and
set it to the actual number of bytes read. Ensure `ttf_data` is freed
if there are multiple /sfnts arrays or there are any errors.
While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually
include some standard header files, making the typedef fail on systems where
the native `ptrdiff_t` type differs.
Fixes#1124.
* src/zlib/zutil.h: Comment out definition; it doesn't work on Windows.
* src/zlib/patches/freetype-zlib.diff: Updated.
We now first apply zlib's `zlib2ansi` script, then FreeType's patch file.
* src/gzip/README.freetype: Updated.
* patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed
to...
* patches/freetype-zlib.diff: This.
Clean up description, then regenerate it as follows:
- Copy unmodified files from `zlib` repository.
- Run `zlib2ansi` script.
- Run `git diff -R > patches/freetype-zlib.diff.new`.
- Insert patch description of old diff file, then replace old diff with
new diff file.
This can be tested by building with the Unix development build
make setup devel
make
or by building the freetype-demos programs with
meson setup build -Dfreetype2:zlib=internal
meson compile -C out
and trying to run `ftview` with a `.pcf.gz` font file.
* src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources. Also
remove the temporary fix introduced in commit 6a431038 to work around the
fact that the internal sources were too old.
* src/gzip/README.freetype: New file describing the origin of the sources
and how they were modified.
* src/gzip/patches/*: Patch files applied to original sources.
* src/gzip/*: Updated zlib sources with the patch file(s) from
`src/gzip/patches/` applied, followed by a conversion with zlib's
`zlib2ansi` script.
* meson_options.txt, meson.build: Change the format of the 'zlib' meson
build configuration option to be a combo with the following choices:
- none: Do not support gzip-compressed streams at all.
- internal: Support gzip-compressed streams using the copy of the gzip
sources under `src/gzip/`; this should only be used during development
to ensure these work properly.
- external: Support gzip-compressed streams using the 'zlib' Meson
subproject, linked as a static library.
- system: Support gzip-compressed streams using a system-installed version
of zlib.
- auto: Support gzip-compressed streams using a system-installed version
of zlib, if available, or using the 'zlib' subproject otherwise. This
is the default.
- disabled: Backward-compatible alias for 'none'.
- enabled: Backward-compatible alias for 'auto'.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
`FT_NEW` for setting up `zip` to avoid uninitialized memory access while
handling malformed PCF fonts later on.
Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
The 0-base index is equal to the number of previosly parsed entries.
It is an error to adjust it by one to get the number truncated by
a stream error. This is probably inconsequential because valid
entries are correctly accounted for.
* src/sfnt/ttload.c (check_table_dir): Do not adjust the truncated
number of tables.
Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773.
* src/sfnt/ttload.c (check_table_dir): Revert change.
* src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but
`FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access
while handling malformed TrueType fonts later on.
When iterating over the cvt tuples and reading in the points it is necessary
to set all of `localpoints`, `points`, and `point_count` in all cases. The
existing code did not reset `localpoints` to `NULL` when there were no
private point numbers. If the previous tuple did have private point numbers
and set `localpoints` to `ALL_POINTS` this would not be cleared and the
wrong branch would be taken later, leading to possible heap buffer overflow.
* src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL`
when it isn't valid.
Fixes: https://crbug.com/1284742
* src/base/ftobjs.c (FT_Get_Paint): Operator has equivalent nested operands.
* src/bdf/bdflib.c (_bdf_add_property): Value stored to `fp` is never read.
* src/sdf/ftbsdf.c (bsdf_init_distance_map): Value stored to `pixel` is
never read.
* src/sdf/ftsdf.c (split_sdf_shape): Value stored to `error` is never read.
The python module's `find_installation` method is intended to provide
routines for compiling and installing python modules into the
`site-packages` directory. It does a couple of slow things, including run
an introspection command to scrape sysconfig info from the detected
interpreter, which are not needed for the sole use case of invoking the
found installation as an executable.
Furthermore, when invoked without the name or path of a python binary, it is
hardcoded to always look for `python3` corresponding to the interpreter
meson itself uses to run. So using `find_installation` did not even allow
detecting `python2` as a fallback.
Instead, switch to a simple `find_program` lookup that finishes as soon as
the program is found.
The previous change to check the return code of `run_command` invocations
caused the CI to fail. Although most scripts used `python_exe` as the
program command, the script to determine the project version did not.
But, all scripts used `python` as the shebang, and this is not available on
all systems. Particularly Debian does not provide a `python` command,
though `python3` does exist. This meant that formerly the version number
was lacking, and now the build simply fails.
Instead, rely on `python3` since it is guaranteed to exist when running
meson, and `python2` is end of life anyway.
By default, errors are not checked and a command that is somehow broken will
just capture incorrect output (likely an empty string). Current development
versions of meson now raise a warning for this implicit behavior, and advise
explicitly setting the `check:` keyword argumend to determine whether a
failing return code should be considered an error.
Since none of the commands in this project are expected to fail, mark them
as required to succeed.
* src/truetype/ttobjs.h (TT_SizeRec): Add `widthp` for the hdmx
widths.
* src/truetype/ttobjs.c (tt_size_reset): Initialize `widthp` even
though it might never be used by the interpreter.
* src/truetype/ttgload.c (tt_loader_init): Avoid repeated searches
in the hdmx table.
This fixes fall-out from 7809007a5b, where the composite
accents were no longer hinted.
* src/truetype/ttgload.c (ttloader_init): Move the IUP-called flag
initialization from here...
* src/truetype/ttinterp.c (TT_Run_Context): ... to here.
The `hdmx` table is supposed to be sorted by ppem size, which
enables binary search. We also drop the check for the sufficient
length of the record because it is now enforced when the table
is loaded.
* include/freetype/internal/tttypes.h (TT_FaceRec): Store the `hdmx`
record pointers sorted by ppem instead of ppem's themselves.
* src/truetype/ttpload.c (tt_face_load_hdmx): Prudently sort records.
(tt_face_get_device_metrics): Implement binary search to retrieve
advances.
This simply shortcuts the glyph loading if FT_LOAD_ADVANCE_ONLY
is specified by FT_Get_Advances and the `hdmx` data are located.
Particularly, the classic v35 interpreter or "verified" ClearType
fonts might see 100x speed up in retrieving the hdmx cache.
* src/truetype/ttgload.c (TT_Load_Glyph): Insert the shortcut.
The `hdmx` matching can be done before the glyph is loaded.
* include/freetype/internal/tttypes.h (TT_LoaderRec): Add a field.
* src/truetype/ttgload.c (compute_glyph_metrics): Relocate the `hdmx`
code from here...
(tt_loader_init): ... to here, before the glyph is loaded.
`TT_RunIns` is too busy to deal with subpixel flags. It is better
to set them in `tt_loader_init`, which is executed before each
glyph program.
* src/truetype/ttinterp.c (TT_RunIns): Move the flag setting from
here...
* src/truetype/ttgload.c (tt_loader_init): ... to here.
* src/truetype/ttinterp.c (Ins_INSTCTRL): Limit its global effects
to the CVT program and local effects to the glyph program.
This also fixes an Infinality buglet. The `ignore_x_mode` should be
locally unset by the glyph program.
In _bdf_readstream if the data contained no newline then the buffer
would continue to grow and uninitialized data read until either the
uninitialized data contained a newline or the buffer reached its
maxiumum size. The assumption was that the line was always too long and
the buffer had been filled, however this case can also happen when there
is not enough data to fill the buffer.
Correct this by properly setting the cursor to the end of the available
data, which may be different from the end of the buffer. This may still
result in one extra allocation, but only on malformed fonts.
* src/bdf/bdflib.c (_bfd_readstream): Correctly update cursor. Remove
unread set of `avail`.
Bug: https://lists.nongnu.org/archive/html/freetype-devel/2021-12/msg00001.html