* src/sfnt/sfobjs.c (sfnt_init_face): If the axis count in `fvar' is
zero, set `num_instances' to zero.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Handle `fvar' table with
zero axes as invalid.
* src/truetype/ttobjs.c (tt_face_init): Improve logic of loading
`loca', `cvt', `fpgm', and `prep' table.
* src/cff/cf2font.h: Include `cffload.h'.
* src/cff/cffload.c: Include FT_MULTIPLE_MASTERS_H and
FT_SERVICE_MULTIPLE_MASTERS_H.
(cff_vstore_load): Eliminate `vsSize'.
(cff_load_private_dict): Tag as `FT_LOCAL_DEF'.
* src/cff/cffload.h: Include `cffobjs.h'.
Provide declaration for `cff_load_private_dict'.
* src/truetype/ttgxvar.c (ft_var_load_hvar): Eliminate
`minorVersion' and `map_offset'.
The font variation code. All parts dependent on the GX code in the
`truetype' module are guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
In other words, you can still compile the `cff' module without
defining TT_CONFIG_OPTION_GX_VAR_SUPPORT (which brings you CFF2
support without font variation).
* src/cff/cf2font.c (cf2_font_setup): Add support for font
variation.
* src/cff/cf2font.h (CF2_Font): Add fields for variation data.
* src/cff/cf2ft.c (cf2_free_instance): Free blend data.
(cf2_getVStore, cf2_getNormalizedVector): New functions.
* src/cff/cf2ft.h: Updated.
* src/cff/cf2intrp.c: Include `cffload.h'.
(cf2_cmdRESERVED_15, cf2_cmdRESERVED_16): Replace with...
(cf2_cmdVSINDEX, cf2_cmdBLEND): ... this new enum values.
(cf2_doBlend): New function.
(cf2_interpT2CharString): Handle `vsindex' and `blend' opcodes.
* src/cff/cffload.c (FT_fdot14ToFixed): New macro.
(cff_vstore_done, cff_vstore_load): New functions.
(cff_blend_clear, cff_blend_doBlend, cff_blend_build_vector,
cff_blend_check_vector): New functions.
(cff_load_private_dict): Add arguments for blend vector.
Handle blend data.
(cff_subfont_load, cff_subfont_done): Updated.
(cff_font_load): Handle CFF2 variation store data.
(cff_font_done): Updated.
* src/cff/cffload.h: Include `cffparse.h'.
Updated.
* src/cff/cffobjs.c (cff_face_done): Updated.
* src/cff/cffparse.c: Include `cffload.h'.
(cff_parse_num): Handle internal value 255.
(cff_parse_vsindex, cff_parse_blend): New functions.
(CFF_FIELD_BLEND): New macro.
(cff_parser_run): Updated.
* src/cff/cffparse.h (cff_kind_blend): New enum value.
* src/cff/cfftoken.h: Handle `vstore', `vsindex', and `blend'
dictionary values.
* src/cff/cfftypes.h (CFF_VarData, CFF_AxisCoords, CFF_VarRegion,
CFF_VStore, CFF_Blend): New structures.
(CFF_FontRecDict): Add `vstore_offset' field.
(CFF_Private): Add `vsindex' field.
(CFF_SubFont): Add fields for blend data.
(CFF_Font): Add `vstore' field.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): `CFF2' is equal to `gvar',
since glyph variation data is directly embedded.
(TT_Set_MM_Blend): Don't load `gvar' table for CFF2 fonts.
Note that this is not complete yet; it only handles advance width
variation.
Activation of the code follows in another commit.
* include/freetype/ftmm.h (FT_Var_Named_Style): Add `psid' member.
* src/truetype/ttgxvar.h (GX_HVarData, GX_AxisCoords, GX_HVarRegion,
GX_HVStore, GX_WidthMap): New auxiliary structures for...
(GX_HVarTable): ... HVAR main structure.
(GX_BlendRec): Add data for HVAR loading.
* src/truetype/ttgxvar.c (FT_FIXED_ONE, FT_fdot14ToFixed,
FT_intToFixed, FT_fixedToInt): New macros.
(ft_var_load_hvar): New function.
(TT_Get_MM_Var): Updated.
(tt_done_blend): Deallocate HVAR data.
No effect yet; service functions will be implemented later on.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/services/svmetric.h: New file.
* include/freetype/internal/ftserv.h
(FT_SERVICE_METRICS_VARIATIONS_H): New macro.
* include/freetype/internal/tttypes.h (TT_Face): New field `var'.
* src/sfnt/sfobjs.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(sfnt_init_face): Initialize `face->var'.
* src/truetype/ttdriver.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(tt_service_metrics_variations): New service.
(tt_services): Updated.
* src/truetype/ttpic.h: Updated.
For internal use; we want to share code between the forthcoming CFF2
support and TrueType.
* include/freetype/internal/services/svmm.h (FT_Get_Var_Blend_Func):
New typedef.
(MultiMasters): Add `get_var_blend'.
(FT_Service_MultiMasters): Updated.
* src/truetype/ttgxvar.c (tt_get_var_blend): New function.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
* src/type1/t1driver.c (t1_service_multi_masters): Updated.
For internal use; we want to share code between the forthcoming CFF2
support and TrueType.
* include/freetype/internal/services/svmm.h (FT_Done_Blend_Func):
New typedef.
(MultiMasters): Add `done_blend'.
(FT_Service_MultiMasters): Updated.
* src/truetype/ttgxvar.c (tt_done_blend): Use `TT_Face' as argument.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttobjs.c (TT_Face_Done): Updated.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
* src/type1/t1driver.c (t1_service_multi_masters): Updated.
Note that the low-level functions aren't implemented yet.
* include/freetype/ftmm.h: Declare.
* include/freetype/internal/services/svmm.h
(FT_Get_Var_Design_Func): New typedef.
(MultiMasters): New MM service function `get_var_design'.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
Update all callers.
* src/base/ftmm.c (FT_Get_Var_Design_Coordinates): Implement.
* src/truetype/ttdriver.c: Updated.
* src/truetype/ttgxvar.c (TT_Get_Var_Design): New dummy function to
handle `get_var_design' service.
* src/truetype/ttgxvar.h: Updated.
* src/type1/t1driver.c: Updated.
* src/type1/t1load.c (T1_Get_Var_Design): New dummp function to
handle `get_var_design' service.
* src/type1/t1load.h: Updated.
This is required by OpenType 1.8; it also avoids rounding surprises.
* src/truetype/ttgxvar.c (TT_Set_Var_Design): Clamp design coordinates
outside of the allowed range to always stay within the range instead
of producing an error.
* src/truetype/ttinterp.h (TT_ExecContextRec): Using `FT_ULong' for
loop counter handling.
* src/truetype/ttinterp.c: Updated.
(Ins_SCANTYPE): Use signed constant.
(TT_RunIns): Ensure `num_twilight_points' is 16bit.
* include/freetype/ftmm.h: Declare.
* include/freetype/internal/services/svmm.h (FT_Get_MM_Blend_Func):
New typedef.
(MultiMasters): New MM service function `get_mm_blend'.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
Update all callers.
* src/base/ftmm.c (FT_Get_MM_Blend_Coordinates,
FT_Get_Var_Blend_Coordinates): Implement.
* src/truetype/ttdriver.c: Updated.
* src/truetype/ttgxvar.c (TT_Get_MM_Blend): New function to handle
`get_mm_blend' service.
* src/truetype/ttgxvar.h: Updated.
* src/type1/t1driver.c: Updated.
* src/type1/t1load.c (T1_Get_MM_Blend): New function to handle
`get_mm_blend' service.
* src/type1/t1load.h: Updated.
* docs/CHANGES: Document.
This avoids additional calls to `tt_face_lookup_table' for the
`glyf' table, which can be expensive.
* include/freetype/internal/tttypes.h (TT_LoaderRec): Move
`glyf_offset' field to ...
(TT_FaceRec): ... this structure.
* src/truetype/ttgload.c (load_truetype_glyph): Updated.
(tt_loader_init): Move initialization of `glyf_offset' to ...
* src/truetype/ttpload.c (tt_face_load_loca): .. this function.
This speeds up FreeType's handling of malformed fonts.
* src/truetype/ttinterp.c (TT_RunIns): Set up limits for the number
of twilight points, the total number of negative jumps, and the
total number of loops in LOOPCALL opcodes. The values are based on
the number of points and entries in the CVT table.
(Ins_JMPR): Test negative jump counter.
(Ins_LOOPCALL): Test loopcall counter.
* src/truetype/ttinterp.h (TT_ExecContext): Updated.
* docs/CHANGES: Updated.
Without this patch, a loca sequence like `0 100000 0 100000 ...',
where value 100000 is larger than the `glyf' table size, makes
FreeType handle the whole `glyf' table as a single glyph again and
again, which is certainly invalid (and can be very slow, too).
* src/truetype/ttpload.c (tt_face_get_location): Implement.
Improve tracing messages.
Problems reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40
We now map the strike index right before accessing the physical
data, not earlier.
* src/sfnt/sfobjs.c (sfnt_load_face): Set `face->sbit_strike_map'
after creating the map so that...
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): ... this function
can be used before and after setting up `sbit_strike_map'.
(tt_face_set_sbit_strike): Revert change.
(tt_sbit_decoder_init, tt_face_load_sbix_image): Map strike index.
* src/truetype/ttdriver.c (tt_size_select): Revert change.
FreeType tries to sanitize strike header data; we now reject
completely broken ones.
* include/freetype/internal/tttypes.h (TT_FaceRec): New
`sbit_strike_map' array pointer.
* src/base/ftobjs.c (FT_Match_Size): Reject matches where either
width or height would be zero.
Add tracing message in case of error.
* src/sfnt/sfobjs.c (sfnt_load_face): Populate `sbit_strike_map',
only using (more or less) valid strike header data for
FT_Face's `available_sizes' array.
(sfnt_done_face): Updated.
* src/sfnt/ttsbit.c (tt_face_set_sbit_strike): Use
`sbit_strike_map'.
(tt_face_load_strike_metrics): Improve tracing.
* src/truetype/ttdriver.c (tt_size_select): Use `sbit_strike_map'.
Problems reported by Bob Taylor <Bob.Taylor@monotype.com>.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Fix rough
sanity test for glyph variation array header size.
Always set stream position before reading packed x and y deltas.
Fix thinko w.r.t. `localpoints' array.
Since 2016-05-16 we detect infinite recursion directly.
* src/sfnt/ttload.c (tt_face_load_maxp): Don't adjust
`maxComponentDepth'.
* src/truetype/ttgload.c (load_truetype_glyph): Don't abort if
`maxComponentDepth' is not valid. Instead, simply adjust its value
and emit a tracing message.
To match the logic in FDEF. The value of the end is only used for
bound-checking in `Ins_JMPR', so it may not have been obvious that
it was not recorded. Tested (as part of Font Validator 2.0) all the
fonts on Fedora and did not see any change.
* src/truetype/ttinterp.c (Ins_IDEF): Updated.
GETDATA[], opcode 0x92
bytecode instruction. It always returns 17, and we have absolutely
no idea what it is good for...
* src/truetype/ttinterp.c (Pop_Push_Count, opcode_name): Updated.
(Ins_GETDATA): New function.
(TT_RunIns): Add it.
This commit implements undocumented (but confirmed) stuff from
Apple's old bytecode engine.
GETVARIATION[], opcode 0x91
This opcode pushes normalized variation coordinates for all axes
onto the stack (in 2.14 format). Coordinate of first axis gets
pushed first.
GETINFO[], selector bit 3
If GX variation support is enabled, bit 10 of the result is set
to 1.
* src/truetype/ttinterp.c: Include FT_MULTIPLE_MASTERS_H.
(opcode_name) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Updated.
(Ins_GETINFO) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Handle selector
bit 3, checking support for variation glyph hinting.
(Ins_GETVARIATION) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: New function
to implement opcode 0x91.
(TT_RunIns) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Handle opcode 0x91.
This finally fixes the rendering of the cyclist and the lizard in
the `Zycon' font.
* src/truetype/ttgxvar.c (ft_var_readpackedpoints): `first' point
index is always cumulative.
(tt_handle_deltas): Rename to...
(tt_interpolate_deltas): ... This.
Add new parameter for output point array.
Update caller.
(TT_Vary_Apply_Glyph_Deltas): Add `points_out' array; it now holds
the intermediate results of `tt_interpolate_deltas' that are to be
added to `outline->points'.
Werner Lemberg