Otherwise we get zillions of clang 15 warnings.
* src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c,
src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c,
src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c,
src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use
`double` cast in debugging and tracing macros.
`tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`. While it
may return an error, the item store must be left in a consistent state so
that any use or destruction of the item store can properly use or free the
data in it. Before this change the counts from the font data were read
directly into the item store before the actual allocation of the arrays to
which they referred. There exist many opportunities between the time the
counts are read and the arrays are allocated to return early due to invalid
data. When this happened the item store claimed to have entires it actually
did not, leading to crashes later when it was used.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449
* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts
into local variables and store them in the item store only after the related
arrays are actually created on the item store.
This gives users a possibility to deactivate new features not (yet) in the
OpenType standard.
* include/freetype/config/ftoption.h, devel/ftoption.h
(TT_CONFIG_OPTION_NO_BORING_EXPANSION): New macro.
* src/truetype/ttgxvar.c (ft_var_load_avar): Use it to disable 'avar'
version 2.0 support.
* src/truetype/ttgxvar.c (tt_hvadvance_adjust): Move bounds check ...
(tt_var_get_item_delta): ... to this function, because it is safer. For
example, the 'avar' table 2.0 codepath was not performing a bounds check at
all.
* src/truetype/ttgcvar.c (ft_var_load_hvvar): restore previous behavior
In a previous change [0] the behavior of `ft_var_load_hvvar` was changed
to not load the item variation store if it was at offset 0, but not
return an error when this happened. This broke any users, like
`tt_hvadvance_adjust`, that rely on successful completion of
`ft_var_load_hvvar` to imply that returned table's `itemStore` had been
initialized. This lead such users to dereference NULL.
This change appears to have been unintentional and unrelated to the
actual avar2 changes. As a result, fix these NULL dereferences by
restoring the code to always attempt to initialize the `itemStore`.
[0] ae4eb996 "[truetype] Add support for `avar` table 2.0 format."
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53061
See
https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md
for the specification.
Currently, this is implemented only in most recent OS versions on Apple
platforms and in the HarfBuzz library, but it is expected to be added to the
OpenType standard soon.
* src/truetype/ttgxvar.h (GX_AVarTableRec): New structure.
(GX_BlendRec): Use it to replace `avar_segment` with `avar_table`.
* src/truetype/ttgxvar.c (ft_var_load_avar): Load new table version.
(ft_var_to_normalized, tt_done_blend): Extend for new format.
(ft_var_load_hvvar, ft_var_to_design): Updated.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Reject retrieving master when
'fvar' values locally do not match with sanitized values from initialization
at `sfnt_init_face` time.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1360295
Fixes#1172.
* src/sfnt/sfobjs.c (sfnt_load_face): Tag font as Multiple Masters font if
`fvar` is present; do not require other tables to be present.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Allow for a missing 'gvar' table
when setting variation coordinates. However, if a 'gvar' table is actually
present, do perform a sanity check and fail on malformedness.
(TT_Get_MM_Var): Don't assume 'fvar' needs 'gvar' or 'CFF2 tables in all
cases, which is an overly tight check.
* include/freetype/internal/ftmmtypes.h (FT_ItemVarDelta): Make type
explicitly 32-bit.
* include/freetype/internal/services/svmm.h
(FT_Var_Get_Item_Delta_Func): Change return type to `FT_ItemVarDelta`
* truetype/ttgxvar.h (tt_var_get_item_delta): Change return type to
`FT_ItemVarDelta`.
* truetype/ttgxvar.c (tt_var_get_item_delta): Store scalars and deltas
to intermediate array, perform computation using new method
`FT_MulAddFix`.
This formalizes that the phantom points appended in the outline
do not increase its point count, nor are they tagged or included
in any additional contours. Only their coordinates are stored.
They are counted in the glyph zone, however.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Infer `n_points`
from the outline size plus four phantom points.
* src/truetype/ttgxvar.h (TT_Vary_Apply_Glyph_Deltas): Remove this
argument.
* src/truetype/ttgload.c (tt_prepare_zone): Add phantom four.
(TT_Process_Simple_Glyph, load_truetype_glyph): Update all callers.
This moves phantom point and advance variation adjustment next to
calculations. The logic stays the same, HVAR and VVAR take priority.
* src/truetype/ttgload.c (load_truetype_glyph): Move it from here...
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): ... to here
and check for HVAR and VVAR presence outside the main loop.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph, load_truetype_glyph):
Move the advance adjustment from here...
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): ... to here and
simplify arguments.
* src/truetype/ttgxvar.h (TT_Vary_Apply_Glyph_Deltas): Update prototype
with fewer arguments.
* include/freetype/internal/ftmmtypes.h (FT_ItemVarDelta): Define type
to be used for delta arrays, upgrade to FT_long.
* src/truetype/ttgxvar.c: Adhere to long_words bit and read either
Short/Byte pairs or Long/Short pairs, as defined by spec. For better
readability, define macro for repetitive read code.
* truetype/ttgxvar.c (tt_hvadvance_adjust, tt_apply_mvar,
tt_var_get_item_delta): Remove special 0xFFFF handling in favor of less
redundant handling inside the tt_var_get_item_delta function, as it is
equivalent to returning a 0 delta. Avoids code-duplication checking for
special value 0xFFFF.
This is a preparation for handling `DeltaSetIdxMap` and `VarStore` as a
FreeType service.
* src/truetype/ttgxvar.c (ft_var_done_delta_set_index_map): New function.
(tt_done_blend): Use it.
This was introduced in OpenType 1.8.4.
* src/truetype/ttgxvar.c (ft_var_load_delta_set_index_mapping,
tt_hvadvance_adjust, ft_var_load_mvar, tt_apply_mvar): Handle special
inner/outer index values.
(ft_var_load_item_variation_store): Add test.
Fixes#1154.
* src/base/ftrfork.c (raccess_make_file_name): Do not set error.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string): Ditto.
* src/cff/cffobjs.c (cff_strcpy): Do not confuse about error.
* src/psaux/psobjs.c (ps_table_done): Ditto.
* src/truetype/ttgxvar.c (ft_var_readpacked*, ft_var_load_avar): Ditto.
When iterating over the cvt tuples and reading in the points it is necessary
to set all of `localpoints`, `points`, and `point_count` in all cases. The
existing code did not reset `localpoints` to `NULL` when there were no
private point numbers. If the previous tuple did have private point numbers
and set `localpoints` to `ALL_POINTS` this would not be cleared and the
wrong branch would be taken later, leading to possible heap buffer overflow.
* src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL`
when it isn't valid.
Fixes: https://crbug.com/1284742
* src/truetype/ttgxvar.c (ft_var_load_item_variation_store):
s/shortDeltaCount/wordDeltaCount/ (as done in the specification, too).
Recognize new format and reject it for now.
This is in preparation for implementing `DeltaSetIndexMap` format 1, which
is used by `COLR` v1 tables, and which allows 32bit indices.
https://docs.microsoft.com/en-us/typography/opentype/otspec190/delta/otvarcommonformats_delta.html
* src/truetype/ttgxvar.h (GX_DeltaSetIdxMapRec): Change type of `mapCount`
to `FT_ULong`.
* src/truetype/ttgxvar.c (ft_var_load_delta_set_index_mapping): Add argument
for passing the table size; update caller.
Implement new format.
* src/truetype/ttgxvar.c (ft_var_readpackeddeltas, ft_var_load_avar,
ft_var_load_item_variation_store, ft_var_load_gvar): Use FT_QNEW_ARRAY
if memory immediately initialized or discarded otherwise.
* src/truetype/ttgxvar (ft_var_readpackeddeltas): Don't expect the number of
bytes used to encode the deltas to be higher than the number of encoded
values. The specification allows a very compact encoding; for example, a
list of 200 zeros can be encoded with just a couple of bytes.
We now count the consumed bytes to make sure to not read more than expected.
* src/truetype/ttgxvar (tt_face_vary_cvt): Function
`ft_var_readpackedpoints`, when it returns `ALL_POINTS`, also sets
`point_count` to value 0. However, the CVAR code was incorrectly expecting
that `point_count` would be set to match the length of the CVT table.
It is undefined behavior to pass `NULL` to `memcpy`. `coords' is
passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design`
explictly call `tt_set_mm_blend` with `coords` as `NULL`. In
addition, `TT_Set_MM_Blend` has a similar possible issue.
This ensures good logging output, with all lines having a proper
prefix (if requested).
This is a continuation of a similar patch from 2020-12-02, which
missed some locations.