==========================
Tag sources with `VER-2-12-0'.
* docs/VERSION.TXT: Add entry for version 2.12.0.
* docs/CHANGES, docs/release: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.11.1/2.12.0/, s/2111/2120/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 12.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:2:18.
* CMakeLists.txt (VERSION_MINOR): Set to 12.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (do-dist): Generate `ChangeLog` entries for all commits
since version 2.11.0 (when we stopped creating this file manually).
This is another bit to handle 'sbix' tables as described in the OpenType
specification.
* include/freetype/ftparams.h (FT_PARAM_TAG_IGNORE_SBIX): New macro.
* src/sfnt/sfobjc.c (is_apple_sbix): Rename to...
(has_sbix): ... this.
Check for more sbit tables.
Handle `FT_PARAM_TAG_IGNORE_SBIX` to eventually control `has_sbix`.
Only call sbit table loader if an sbit table is present.
* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Correct calculation of
'metrics->horiBearingY'.
Set vertical metrics.
* src/sfnt/sfobjs.c (sfnt_load_face): Adjust setting of `FT_FACE_FLAG_SBIX`.
Handle metrics of fonts with 'sbix' table.
* src/truetype/ttgload.c (TT_Load_Glyph): For 'sbix' embedded bitmaps, apply
bbox offset and bearing values of the corresponding glyph in the 'glyf'
table if it exists and has a contour.
* src/truetype/ttobjs.c (tt_face_init): Handle font with 'sbix' table.
Fixes issue #998.
Fonts with 'sbix' tables need special handling by the application.
* include/freetype/freetype.h (FT_FACE_FLAG_SBIX, FT_HAS_SBIX): New macros.
* src/sfnt/sfobjs.c (sfnt_load_face): Set `FT_FACE_FLAG_SBIX` if 'sbix'
table is present.
In the woff2 spec it has been proposed to allow the OVERLAP_SIMPLE flag
to be retained through the woff2 format [0].
[0] https://www.w3.org/TR/WOFF2/#glyf_table_format
* src/sfnt/sfwoff2.h (GLYF_OVERLAP_SIMPLE): add glyf flag.
* src/sfnt/sfwoff2.c (reconstruct_glyf): parse optionFlags and
overlapSimpleBitmap[]. (store_points): set OVERLAP_SIMPLE on first point's
flag if the overlap bit is set.
* src/sdf/ftsdf.c (sdf_generate_bounding_box): Always check for a corner if
two distances (for different curves) are very close.
(sdf_conic_to): Check whether the conic curve can be treated as a line
(which happens if the control point coincides with any end point).
* src/sdf/ftsdf.c (split_sdf_cubic, split_sdf_shape): Add checks to figure
out the deviation of Bezier curves and stop splitting if the curve is flat
enough.
* src/sdf/ftsdfcommon.h (ONE_PIXEL): New macro.
The `SVG_DOCUMENT_LIST_MINIMUM_SIZE` macro is non trivial and not
protected by parentheses. As a result, the expression
`table_size - SVG_DOCUMENT_LIST_MINIMUM_SIZE` expands to
`table_size - 2U + SVG_DOCUMENT_RECORD_SIZE` instead of the expected
`table_size - (2U + SVG_DOCUMENT_RECORD_SIZE)`. This causes an incorrect
bounds check which may lead to reading past the end of the `SVG ` table.
* src/sfnt/ttsvg.c (tt_face_load_svg): wrap macro definitions in
parentheses.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45179
It is possible for OtherSubr 19 to be invoked when `decoder->buildchar` is
NULL (so that `decoder->len_buildchar` is 0), the `blend` is non-NULL with
`blend->num_designs` set to 2, and the user supplied `idx` to be large (for
example 0xFFFFFFFE). Since these are all `FT_UInt32` the existing bounds
check overflows in a well defined manner, allowing for an invalid call to
`memcpy`.
In addition, it is possible to call OtherSubr 19 with
`decoder->len_buildchar`, `blend->num_designs`, and `idx` all zero (implying
that `blend->weight_vector` and `decoder->buildchar` are NULL). This passes
the bounds check (it is logically always fine to copy nothing starting at
index zero) but may invoke undefined behavior in `ft_memcpy` if it is backed
by `memcpy`. Calling `memcpy` with either the `src` or `dst` NULL is
undefined behavior (even if `count` is zero).
* src/psaux/psintrp.c (cf2_interpT2CharString): Correctly check that
`blend->num_designs` can be copied to `decoder->buildchar[idx]`.
Also avoid passing NULL to `ft_memcpy`.
Bug: https://crbug.com/1299259
Before the change, the hinting engine frequently confused horizontal
stem and serif hints making some stems too thin and some serifs too
thick. The value was tuned using serif fonts from the URW+ base 35
collection.
* src/pshinter/pshalgo.c [PSH_STRONG_THRESHOLD_MAXIMUM]: s/30/12/.
Since Type42 fonts don't have a 'Private' dictionary, the return value
should be `FT_Err_Invalid_Argument`.
* src/type42/t42drivr.c (t42_ps_get_font_private): Removed.
(t42_service_ps_info): Updated.
In PS hinter, memory allocations persist until the module is done.
Therefore, we have to clear reused masks.
* src/pshinter/pshrec.c (ps_mask_table_alloc): Clear reused mask.
We forgot to update the number of bits when merging a larger mask
into a smaller one. This fix might have rendering effects.
* src/pshinter/pshrec.c (ps_mask_table_merge): Inherit the number
of bits from a larger mask. There is no need to zero unused bits,
already zeroed during allocation.
(ps_mask_clear_bit): Removed.
(ps_mask_ensure): Minor.
* src/pshinter/pshrec.c (ps_hint_table_ensure): Remove redundant size
check; avoid array zeroing because it is fully initialized when used.
(ps_hint_table_alloc): Fix off-by-one comparison and remove another
zeroing of the array elements.
The old impleemntation was not using `FT_REALLOC`, buing too careful
with the offset rebasing. It shoudl be safe to rely on the base
movements.
* src/psaux/psobjs.c (reallocate_t1_table, shift_elements): Combine
into...
(ps_table_realloc): ... this function based on `FT_REALLOC`.
(ps_table_done): Simplified.
(ps_table_add): Updated.
* src/base/ftrfork.c (raccess_make_file_name): Do not set error.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string): Ditto.
* src/cff/cffobjs.c (cff_strcpy): Do not confuse about error.
* src/psaux/psobjs.c (ps_table_done): Ditto.
* src/truetype/ttgxvar.c (ft_var_readpacked*, ft_var_load_avar): Ditto.
Function `map_fixed_to_sdf` expects spread to be absolute
and not squared.
* src/sdf/ftbsdf.c (finalize_sdf): Pass absolute spread
while `map_fixed_to_sdf`.
* src/sdf/ftsdf.c (sdf_generate_bounding_box): Ditto.
* src/sfnt/ttsvg.c (SVG_TABLE_HEADER_SIZE, SVG_DOCUMENT_RECORD_SIZE,
SVG_DOCUMENT_LIST_MINIMUM_SIZE, SVG_MINIMUM_SIZE): New macros.
(tt_face_load_svg): Check offsets.
Check table and record sizes.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43918
* include/freetype/config/ftheader.h (FT_OTSVG_H): New macro.
* include/freetype/freetype.h (FT_FACE_FLAG_SVG, FT_HAS_SVG): New macros.
(FT_LOAD_SVG_ONLY): New internal macro.
* include/freetype/ftimage.h (FT_Glyph_Format): New enumeration value
`FT_GLYPH_FORMAT_SVG`.
* include/freetype/internal/ftobjs.h (FT_GLYPH_OWN_GZIP_SVG): New macro.
* include/freetype/internal/fttrace.h: Add `ttsvg` for `ttsvg.c`.
* include/freetype/internal/sfnt.h(load_svg, free_svg, load_svg_doc): New
functions.
* include/freetype/internal/tttypes.h (TT_FaceRec): Add `svg` for
the SVG table.
* include/freetype/otsvg.h (FT_SVG_DocumentRec): New structure to hold the
SVG document and other necessary information of an OT-SVG glyph in a glyph
slot.
* include/freetype/tttags.h (TTAG_SVG): New macro.
* src/base/ftobjs.c: Include `otsvg.h`.
(ft_glyphslot_init): Allocate `FT_SVG_DocumentRec` in `slot->other`
if the SVG table exists.
(ft_glyphslot_clear): Free it upon clean-up if it is a GZIP compressed
glyph.
(ft_glyphslot_done): Free the document data if it is a GZIP compressed
glyph.
(FT_Load_Glyph): Don't auto-hint SVG documents.
* src/cache/ftcbasic.c (ftc_basic_family_load_glyph): Add support for
FT_GLYPH_FORMAT_SVG.
* src/sfnt/rules.mk (SFNT_DRV_SRC): Add `ttsvg.c`.
* src/sfnt/sfdriver.c: Include `ttsvg.h`.
(sfnt_interface): Add `tt_face_load_svg`, `tt_face_free_svg` and
`tt_face_load_svg_doc`.
* src/sfnt/sfnt.c: Include `ttsvg.c`.
* src/sfnt/sfobjs.c (sfnt_load_face, sfnt_done_face): Add code to load and
free data of the the SVG table.
* src/sfnt/ttsvg.c: New file, implementing `tt_face_load_svg`,
`tt_face_free_svg` and `tt_face_load_svg_doc`.
* src/sfnt/ttsvg.h: Declarations of the SVG functions in
`ttsvg.c`.
It might be surprising that FreeType does not have default ppem and
the size has to be set explicitly or face undefined behavior with
undefined variables and errors. This offers an alternative to
missing or zero scale by simply setting FT_LOAD_NO_SCALE. Defined
behavior is bettr than undefined one.
This is alternative to !132 and discussed in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43708
* src/base/ftobjs.c (FT_Load_Glyph): Deal with zero scale.
* include/freetype/freetype.h: Document it.
The `normal_top.count` may be 0, implying no `normal_top.zones` exist.
The code must not access these (non-existent) `normal_top.zones`.
* src/pshinter/pshalgo.c (ps_hints_apply): Do not assume that
`normal_top.zones[0]` is initialized. Test `normal_top.count`
before using `normal_top.zones[0]`. Do not rescale if there are no
`zones`.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43675
According to the bzip documentation it is undefined what will happen if
`BZ2_bzDecompress` is called on a `bz_stream` it has previously returned an
error against. If `BZ2_bzDecompress` returns anything other than `BZ_OK`
the only valid next action is `BZ2_bzDecompressEnd`.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43564
* src/bzip2/ftbzip2.c (FT_BZip2FileRec_): Add `reset` to track the need to
reset the stream.
(ft_bzip2_file_init): Initialize `reset` to 0.
(ft_bzip2_file_reset): Set `reset` to 0 after resetting.
(ft_bzip2_file_fill_output): Set `reset` to 1 when `BZ2_bzDecompress`
returns anything other than `BZ_OK`.
This reverts commit d276bcb7f0.
The original commit did avoid the use of uninitialized memory. However,
it appears that the original commit is no longer required. The
underlying issue was resolved by a change in freetype2-testing "Build
bzip2 correctly." [0]. Prior to [0] bzip2 was built without msan, so
bzip2 writes were not tracked or considered initialized. Clearing
`buffer` in the original commit allowed msan to see the `buffer` content
initialized once in FreeType code, but msan saw no writes into buffer
from bzip2. With bzip2 now built with msan, the bzip2 writes are
properly instrumented and msan sees the bzip2 writes into the buffer. As
a result the original commit can be safely reverted to allow for better
detection of other uninitialized data scenarios.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Revert to using `FT_QNEW`.
[0] 3c052a837a
Currently `T42_Open_Face` eagerly allocates 12 bytes for the ttf header
data which it expects `t42_parse_sfnts` to fill out from /sfnts data.
However, there is no guarantee that `t42_parse_sfnts` will actually be
called while parsing the type42 data as the /sfnts array may be missing
or very short. This is also confusing behavior as it means
`T42_Open_Face` is tightly coupled to the implementation of the very
distant `t42_parse_sfnts` code which requires at least 12 bytes to
already be reserved in `face->ttf_data`.
`t42_parse_sfnts` itself eagerly updates `face->ttf_size` to track how
much space is reserved for ttf data instead of traking how much data has
actually been written into `face->ttf_data`. It will also act strangely
in the presense of multiple /sfnts arrays.
* src/type42/t42objs.c (T42_Open_Face): ensure `ttf_data` is initialized
to NULL. Free `ttf_data` on error.
* src/type42/t42parse.c (t42_parse_sfnts): delay setting `ttf_size` and
set it to the actual number of bytes read. Ensure `ttf_data` is freed
if there are multiple /sfnts arrays or there are any errors.
While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually
include some standard header files, making the typedef fail on systems where
the native `ptrdiff_t` type differs.
Fixes#1124.
* src/zlib/zutil.h: Comment out definition; it doesn't work on Windows.
* src/zlib/patches/freetype-zlib.diff: Updated.
We now first apply zlib's `zlib2ansi` script, then FreeType's patch file.
* src/gzip/README.freetype: Updated.
* patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed
to...
* patches/freetype-zlib.diff: This.
Clean up description, then regenerate it as follows:
- Copy unmodified files from `zlib` repository.
- Run `zlib2ansi` script.
- Run `git diff -R > patches/freetype-zlib.diff.new`.
- Insert patch description of old diff file, then replace old diff with
new diff file.
This can be tested by building with the Unix development build
make setup devel
make
or by building the freetype-demos programs with
meson setup build -Dfreetype2:zlib=internal
meson compile -C out
and trying to run `ftview` with a `.pcf.gz` font file.
* src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources. Also
remove the temporary fix introduced in commit 6a431038 to work around the
fact that the internal sources were too old.
* src/gzip/README.freetype: New file describing the origin of the sources
and how they were modified.
* src/gzip/patches/*: Patch files applied to original sources.
* src/gzip/*: Updated zlib sources with the patch file(s) from
`src/gzip/patches/` applied, followed by a conversion with zlib's
`zlib2ansi` script.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
`FT_NEW` for setting up `zip` to avoid uninitialized memory access while
handling malformed PCF fonts later on.
Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
The 0-base index is equal to the number of previosly parsed entries.
It is an error to adjust it by one to get the number truncated by
a stream error. This is probably inconsequential because valid
entries are correctly accounted for.
* src/sfnt/ttload.c (check_table_dir): Do not adjust the truncated
number of tables.
Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773.
* src/sfnt/ttload.c (check_table_dir): Revert change.
* src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but
`FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access
while handling malformed TrueType fonts later on.
When iterating over the cvt tuples and reading in the points it is necessary
to set all of `localpoints`, `points`, and `point_count` in all cases. The
existing code did not reset `localpoints` to `NULL` when there were no
private point numbers. If the previous tuple did have private point numbers
and set `localpoints` to `ALL_POINTS` this would not be cleared and the
wrong branch would be taken later, leading to possible heap buffer overflow.
* src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL`
when it isn't valid.
Fixes: https://crbug.com/1284742
* src/base/ftobjs.c (FT_Get_Paint): Operator has equivalent nested operands.
* src/bdf/bdflib.c (_bdf_add_property): Value stored to `fp` is never read.
* src/sdf/ftbsdf.c (bsdf_init_distance_map): Value stored to `pixel` is
never read.
* src/sdf/ftsdf.c (split_sdf_shape): Value stored to `error` is never read.
* src/truetype/ttobjs.h (TT_SizeRec): Add `widthp` for the hdmx
widths.
* src/truetype/ttobjs.c (tt_size_reset): Initialize `widthp` even
though it might never be used by the interpreter.
* src/truetype/ttgload.c (tt_loader_init): Avoid repeated searches
in the hdmx table.
This fixes fall-out from 7809007a5b, where the composite
accents were no longer hinted.
* src/truetype/ttgload.c (ttloader_init): Move the IUP-called flag
initialization from here...
* src/truetype/ttinterp.c (TT_Run_Context): ... to here.
The `hdmx` table is supposed to be sorted by ppem size, which
enables binary search. We also drop the check for the sufficient
length of the record because it is now enforced when the table
is loaded.
* include/freetype/internal/tttypes.h (TT_FaceRec): Store the `hdmx`
record pointers sorted by ppem instead of ppem's themselves.
* src/truetype/ttpload.c (tt_face_load_hdmx): Prudently sort records.
(tt_face_get_device_metrics): Implement binary search to retrieve
advances.
This simply shortcuts the glyph loading if FT_LOAD_ADVANCE_ONLY
is specified by FT_Get_Advances and the `hdmx` data are located.
Particularly, the classic v35 interpreter or "verified" ClearType
fonts might see 100x speed up in retrieving the hdmx cache.
* src/truetype/ttgload.c (TT_Load_Glyph): Insert the shortcut.
The `hdmx` matching can be done before the glyph is loaded.
* include/freetype/internal/tttypes.h (TT_LoaderRec): Add a field.
* src/truetype/ttgload.c (compute_glyph_metrics): Relocate the `hdmx`
code from here...
(tt_loader_init): ... to here, before the glyph is loaded.
`TT_RunIns` is too busy to deal with subpixel flags. It is better
to set them in `tt_loader_init`, which is executed before each
glyph program.
* src/truetype/ttinterp.c (TT_RunIns): Move the flag setting from
here...
* src/truetype/ttgload.c (tt_loader_init): ... to here.
* src/truetype/ttinterp.c (Ins_INSTCTRL): Limit its global effects
to the CVT program and local effects to the glyph program.
This also fixes an Infinality buglet. The `ignore_x_mode` should be
locally unset by the glyph program.
In _bdf_readstream if the data contained no newline then the buffer
would continue to grow and uninitialized data read until either the
uninitialized data contained a newline or the buffer reached its
maxiumum size. The assumption was that the line was always too long and
the buffer had been filled, however this case can also happen when there
is not enough data to fill the buffer.
Correct this by properly setting the cursor to the end of the available
data, which may be different from the end of the buffer. This may still
result in one extra allocation, but only on malformed fonts.
* src/bdf/bdflib.c (_bfd_readstream): Correctly update cursor. Remove
unread set of `avail`.
Bug: https://lists.nongnu.org/archive/html/freetype-devel/2021-12/msg00001.html
==========================
Tag sources with `VER-2-11-1'.
* docs/VERSION.TXT: Add entry for version 2.11.1.
* docs/CHANGES, docs/release: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.11.0/2.11.1/, s/2110/2111/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 24:1:18.
* CMakeLists.txt (VERSION_PATCH): Set to 1.
* builds/toplevel.mk (version_tag, CHANGELOG_SCRIPT): New variables.
(do-dist): Generate `ChangeLog` file with all commits since last release.
The `hdmx` table is optional and can be safely rejected without
an error if it does not follow specifications. The record size
must be equal to the number of glyphs + 2 + 32-bit padding.
* src/truetype/ttpload.c (tt_face_load_hdmx): Thoroughly check
the record size and improve tracing.
We really have to use double casts to avoid issues with C's and C++'s
signedness propagation rules in implicit casts.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41178https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41182
* include/freetype/config/public-macros.h (FT_STATIC_CAST,
FT_REINTERPRET_CAST): Modify macro to take two arguments.
Update all callers.
(FT_STATIC_BYTE_CAST): New macro.
* include/freetype/freetype.h (FT_ENC_TAG): Use `FT_STATIC_BYTE_CAST`.
* include/freetype/ftimage.h (FT_IMAGE_TAG): Ditto.
* include/freetype/fttypes.h (FT_MAKE_TAG): Ditto.
Use `FT_Tag` for casting.
* src/ftraster/ftmisc.h (FT_MAKE_TAG): Removed, no longer needed.
(FT_STATIC_BYTE_CAST): New macro.
* src/smooth/ftgrays.c (FT_STATIC_CAST): Replace with...
(FT_STATIC_BYTE_CAST): ... this.
Many FreeType clients use C++. However `g++ -Wold-style-cast` warns for
macros with C-style casts even for system header files; this also affects
directories included with `-isystem`. While this could be seen as a problem
with g++, the problem is more a philosophical one: Over the time, C and C++
diverged more and more, and some features of C are no longer the 'right'
solution in C++.
* include/freetype/config/public-macros.h (FT_STATIC_CAST,
FT_REINTERPRET_CAST): New macros.
* include/freetype/freetype.h (FT_ENC_TAG, FT_LOAD_TARGET_,
FT_LOAD_TARGET_MODE): Use `FT_STATIC_CAST`.
Correctly handle negative 'signed char' input.
* include/freetype/ftimage.h (FT_IMAGE_TAG): Ditto.
* include/freetype/fttypes.h (FT_MAKE_TAG, FT_BOOL): Ditto.
* include/freetype/ftmodapi.h (FT_FACE_DRIVER_NAME): Use
`FT_REINTERPRET_CAST`.
* src/smooth/ftgrays.c (FT_STATIC_CAST)[STANDALONE_]: New macro.
[!STANDALONE]: Include `FT_CONFIG_CONFIG_H`.
Fixes#1116.
* src/truetype/ttgxvar.c (ft_var_load_item_variation_store):
s/shortDeltaCount/wordDeltaCount/ (as done in the specification, too).
Recognize new format and reject it for now.
This is in preparation for implementing `DeltaSetIndexMap` format 1, which
is used by `COLR` v1 tables, and which allows 32bit indices.
https://docs.microsoft.com/en-us/typography/opentype/otspec190/delta/otvarcommonformats_delta.html
* src/truetype/ttgxvar.h (GX_DeltaSetIdxMapRec): Change type of `mapCount`
to `FT_ULong`.
* src/truetype/ttgxvar.c (ft_var_load_delta_set_index_mapping): Add argument
for passing the table size; update caller.
Implement new format.
Based on a patch from metarutaiga (MR !106). The gist of this commit is
that it doesn't make sense to support WOFF without compression (which would
be only possible in WOFF 1.0 anyway).
* src/sfnt/sfobjs.c (sfnt_open_font): Guard WOFF code with
`FT_CONFIG_OPTION_USE_ZLIB` block.
Guard WOFF2 code with `FT_CONFIG_OPTION_USE_BROTLI` block.
* src/sfnt/sfwoff.c, src/sfnt/sfwoff.h: Guard files with
`FT_CONFIG_OPTION_USE_ZLIB` blocks, not parts of the code.
* src/sfnt/sfwoff2.c, src/sfnt/sfwoff2.h, src/sfnt/woff2tags.c,
src/sfnt/woff2tags.h: Guard files with `FT_CONFIG_OPTION_USE_BROTLI` blocks,
not parts of the code.
Fixes#1111.
Based on a patch from metarutaiga (MR !106).
* src/truetype/ttobjs.c (tt_skip_pdffont_random_tag,
tt_check_trickyness_family, tt_synth_sfnt_checksum, tt_get_sfnt_checksum,
tt_check_trickyness_sfnt_ids, tt_check_trickyness): Put functions into a
`TT_USE_BYTECODE_INTERPRETER` block.
(tt_face_init): Put trickyness checks into a `TT_USE_BYTECODE_INTERPRETER`
block.
Fixes#1111.
DLG_STATIC is intended to disable Windows DLL linking attributes.
It does not hurt to define it explicitly when we wrap DLG code.
This fixes tons of LNK4286 and C4273 warnings from MSVC if we
forget to define DLG_STATIC as a compiler option.
* builds/windows/vc2010/freetype.vcxproj: Remove DLG_STATIC option.
* src/dlg/dlgwrap.c [FT_DEBUG_LOGGING]: Define DLG_STATIC.
* include/freetype/internal/ftdebug.h [FT_DEBUG_LOGGING]: Ditto.
The DLG wrapper needs to know if FT_DEBUG_LOGGING is defined in
`ftoption.h`. It does not need entire FreeType.
* src/dlg/dlgwrap.c: Include FT_CONFIG_OPTIONS_H directly.
* src/truetype/ttgxvar.c (ft_var_readpackeddeltas, ft_var_load_avar,
ft_var_load_item_variation_store, ft_var_load_gvar): Use FT_QNEW_ARRAY
if memory immediately initialized or discarded otherwise.
* src/truetype/ttgxvar (ft_var_readpackeddeltas): Don't expect the number of
bytes used to encode the deltas to be higher than the number of encoded
values. The specification allows a very compact encoding; for example, a
list of 200 zeros can be encoded with just a couple of bytes.
We now count the consumed bytes to make sure to not read more than expected.
* src/truetype/ttgxvar (tt_face_vary_cvt): Function
`ft_var_readpackedpoints`, when it returns `ALL_POINTS`, also sets
`point_count` to value 0. However, the CVAR code was incorrectly expecting
that `point_count` would be set to match the length of the CVT table.
In a Multiple Master font, the Blend dictionary must contain valid
Private, FontInfo, and FontBBox. The current code will error if any of
these are present and invalid, but will not error and will provide
uninitialized data if the Blend dictionary exists but does not contain
one of these entries. This change reverts to the older behavior of
treating any missing entries as containing all zero data and not
returning an error.
In the future it may be best to keep track of when these are actually
initialized and error if they are not.
* src/type1/t1load.c (t1_allocate_blend): Zero initiailize.
Previously the `blend->weight_vector`, `blend->default_weight_vector`,
and `blend->design_pos` were set early to allocated but uninitialized
memory under the assumption that the memory would eventually be
initialized. However, it is possible that some of the required
keywords may not actually be present, leaving the memory uninitialized.
This is different from a present but invalid table, which would produce
an error.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261762
* src/type1/t1load.c (t1_allocate_blend): Remove early allocation and
initialization.
(parse_blend_design_positions, parse_weight_vector): Parse into local
and assign to blend if valid.
(T1_Open_Face): Check that if a blend exists that it has the weight
vector and design positions.
The vstore->regionCount and vstore->dataCount were read directly
from the data. However, vstore->varRegionList and vstore->varData
would still contain uninitialized entries with uninitialized
pointers in the event of an error, leading to issues when attempting
to clean up.
Reportd as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40104
* src/cff/cffload.c (cff_vstore_load): Read the region and data counts
into locals and update the vstore counts immediately after each entry
becomes free-able.
Previously, the gasp.numRanges was set and gasp.gaspRanges was
allocated and assigned before a possible early exit if the frame could
not be entered. It is also possible that the gaspRanges allocation
could fail but the numRanges still be set to non-zero. In such cases
an error would be returned, but the face would have a gasp in an
inconsistent state which may still be accessed.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261450
* src/sfnt/ttload.c (tt_face_load_gasp): Delay setting gasp.numRanges
and gasp.gaspRanges until after the ranges are initialized.
Previously, the table->names and table->langTags fields were created
pointing to uninitialized memory and an early exit could happen if the
frame could not be entered. The caller would then be unable to properly
dispose of the memory as the string fields had not been initialized.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261343
* src/sfnt/ttload.c (tt_face_load_name): delay setting table->langTags
and table->names until after the memory they will point to is fully
initialized.
This is mainly for better diagnostics of malformed fonts.
* src/bdf/bdflib.c (_bfd_readstream): Stop font format testing if the first
input line is too long or doesn't end with `\r` or `\n`.
* src/cid/cidparse.c (cid_parser_new): Don't handle too short input as an
error but as an unknown format.
* src/pfr/pfrobjs.c (pfr_face_init): Ditto.
* src/winfonts/winfnt.c (fnt_font_load, fnt_face_get_dll_font): Ditto.
Fallout reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40027
* src/bdf/bdflib.c (_bdf_add_property): Cosmetic NULL.
(bdf_create_property): Limit allocations to customary signed
FT_Long and NULL-initialize unused storage.
(bdf_free_font): Do not free unused storage.
FT_QNEW_ARRAY and FT_QRENEW_ARRAY were using the non-Q
FT_MEM_NEW_ARRAY and FT_MEM_RENEW_ARRAY. Change these to use the Q
versions. Also fix the one issue discovered in tt_face_load_name
where table->names is created with FT_QNEW_ARRAY but the extra
string member is not initialized to NULL.
* include/freetype/internal/ftmemory.h (FT_Q(RE)NEW_ARRAY):
Use FT_MEM_Q(RE)NEW_ARRAY as needed.
* src/sfnt/ttload.c (tt_face_load_name): Initialize `entry->string`.
When a different hinting mode from the current is selected, the `prep` table
must be re-executed with the new mode. After this happens the context must
be re-loaded in preparation for the glyph program to be run.
Fixes#1104.
* truetype/ttgload.c (tt_loader_init): Add call to `TT_Load_Context`.
It is easier to check directions using flags than integer values.
* src/pshinter/pshalgo.h (PSH_Dir): Redefine directions.
(PSH_PointRec): Use them as an enum type.
* src/pshinter/pshalgo.c (psh_compute_dir): Modify return type.
(psh_glyph_init, psh_hint_table_find_strong_points,
psh_glyph_find_blue_points): Update users.
BDF comments are neither actually collected nor retrieved. There is
no need to be fancy with delimiters.
* src/bdf/bdflib.c (_add_bdf_comment): Delimit comments with zeros...
(bdf_load_font): ...and do not null-terminate comments additionally.
(_bdf_parse_glyphs): Check if comments are kept, which they are not.
(_bdf_parse_start): Minor clean up.
* src/pcf/pcfread.c (pcf_load_font): Do not call `FT_MulDiv` for a
small job.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Ditto.
* src/bdf/bdflib.c (_bdf_parse_glyphs): Fix a comment.
With Windows memory management tracking heap, it is important to use
it during the stream opening fallback. In Unix, the argument is
unused, but it is better to set it correctly.
* src/base/ftobjs.c (FT_Stream_New): Set memory before calling
`FT_Stream_Open`.
* builds/windows/ftsystem.c, builds/unix/ftsystem.c (FT_Stream_Open,
ft_close_stream_by_free): Call `ft_alloc` and `ft_free` with proper
memory argumment.
Loops with unsigned decrement can be reliably stopped when the counter
wraps around after reaching zero.
* src/cff/cffload.c (cff_charset_compute_cids): Use unsigned counter.
* src/pshinter/pshalgo.c (psh_hint_table_activate_mask): Ditto.
* src/pshinter/pshrec.c (ps_mask_table_merge): Ditto.
* src/base/ftdbgmem.c (FT_DumpMemory): Check for active debugger.
(ft_mem_table_destroy): Move `FT_DumpMemory` call from here...
(ft_mem_debug_done): ... to here.
These changes are neccessary to properly recover `memory->user` that
holds the Windows heap handle now.
* src/base/ftdbgmem.c (ft_mem_debug_init): Handle all table allocations,
initializations, and sizing instead of...
(ft_mem_table_new): ... this function removed.
(ft_mem_debug_done): Better check for the active debugger and free the
debugger table here instead of...
(ft_mem_table_destroy): ... here.
* src/base/ftstream.c (FT_Stream_ReadUShort, FT_Stream_ReadUOffset,
FT_Stream_ReadULong and their LE variants): Remove unnecessary
initialization and slightly refactor.
(FT_Stream_GetByte, FT_Stream_ReadByte): Rename to return unsigned
value and align with sister functions.
* include/freetype/internal/ftstream.h (FT_Stream_GetByte,
FT_Stream_ReadByte): Update prototypes and caller macros.
* src/smooth/ftgrays.c (FT_UDIVPREP, FT_UDIV): Reduce shift.
Smaller shifts that keep the division operands of FT_UDIVPREP within
32 bits result in slightly faster divisions, which is noticeable in
the overall performance. The loss of precision is tolerable until the
divisors (the components dx and dy) approach 32 - PIXEL_BITS. With
PIXEL_BITS = 8, this corresponds to 65,000 pixels or the bitmap size
that we refuse to render anyway.
Using `ftbench -p -s60 -t5 -bc timesi.ttf`,
Before: 8.52 us/op
After: 8.32 us/op
MSVC does not set `__SSE2__`. Instead one must check whether `_M_IX86_FP` is
defined and greater than or equal to 2.
* src/smooth/ftgrays.c (FT_SSE2): New macro.
Use it where appropriate.
* src/truetype/ttobjs.c (tt_check_trickyness_family): For the case
that the beginning part of a long tricky family name is already
registered as another tricky family name, no need to double-check
the longer one. Such long tricky family names are removed from
the `trick_names'.
* src/truetype/ttobjs.c (tt_skip_pdffont_random_tag):
New function to skip the randomization tag in the names of the
fonts embedded in a PDF. It is used by tt_check_trickyness_family(),
to keep from mistaking "DLC" in the randomization tag as a
tricky font name. See discussion in:
https://lists.nongnu.org/archive/html/freetype-devel/2021-02/msg00002.html
For technical detail about the randomization tag, please find
PDF Reference 5.5.3 "Font Subsets". Thanks to Justyna Wawrzynska
for pointing out the issue caused by the randomization tag.
Thanks to Ting717 for providing sample PDF. Fixes#1087.
* src/truetype/ttobjs.c (tt_check_trickyness_sfnt_ids): Add
checksums for 2 tricky fonts `DFHei-Bd-WIN-HK-BF' and
`DFMing-Md-WIN-HK-BF'.
Put the null cell at the end of the pool and store it explicitly so that
we can use it as both the limit and the dumpster.
* src/smooth/ftgrays.c (gray_TWorker): Store the last `cell_null` and
remove unnecesary fields.
(NULL_CELL_PTR, CELL_IS_NULL): Remove in favor of explicit `cell_null`.
(gray_dump_cells, gray_set_cell, gray_sweep{,_direct}): Update callers.
(gray_convert_glyph_inner): Trace remaining cells (oh well).
(gray_convert_glyph): Set up `cell_null` and slightly improve the pool
management.
The optional 'COLR' v1 glyph-specific clip box helps upstream graphics
libraries allocate a sufficiently large bitmap for a glyph without having to
traverse the glyph graph for that. See
https://github.com/googlefonts/colr-gradients-spec/issues/251
for background on the introduction of this specification change.
* include/freetype/ftcolor.h (FT_ClipBox): New structure.
(FT_Get_Color_Glyph_ClipBox): New function declaration.
* include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_ClipBox_Func):
New function type.
(SFNT_Interface, FT_DEFINE_SFNT_INTERFACE): Use it.
* src/base/ftobjs.c (FT_Get_Color_Glyph_ClipBox): New function to link API
with SFNT implementation.
* src/sfnt/sfdriver.c (sfnt_interface): Updated.
* src/sfnt/ttcolr.c (Colr): New field `clip_list`.
(tt_face_load_colr): Parse global clip list offset.
(tt_face_get_color_glyph_clipbox): New function to find the clip box for a
glyph id from the clip list array.
* src/sfnt/ttcolr.h: Updated.
* src/sdf/ftbsdf.c (first_pass, second_pass): Fix range during forward pass.
Otherwise the index goes out of range for the last column.
Fixes issue #1077.
Do not generate SDF from bitmap if the `FT_GLYPH_OWN_BITMAP` flag is not
set. In some cases the bitmap buffer is freed but still points to a valid
address; to handle those cases check the flag before accessing the memory.
* src/sdf/ftsdfrend.c (ft_bsdf_render): Handle the above case.
Also, return an error message if the bitmap's rows/pitch is invalid,
otherwise `slot->buffer` might be assigned to some invalid memory location.
(ft_sdf_render): Same as above.
Plus, move the outline back to original state after rasterization and not if
any error occurs.
Signed-off-by: Anuj Verma <anujv@iitbhilai.ac.in>
* src/sfnt/ttcolr.c (read_paint): PaintSweepGradient follows other
spec changes and now has the angles specified as F2DOT14, reflect
that in the implementation.
* include/freetype/ftcolor.h (FT_PaintSweepGradient): Update
documentation.
* src/sfnt/ttcolr.c (read_paint): Implement spec change where
affine transform matrix is now referenced by offset instead of
being placed inline in the PaintTransform table.
* src/sfnt/ttcolr.c (read_paint): Implement spec changes around
PaintSkew, PaintSkewAroundCenter. Update parsing to read shorter
values as changed in the spec.
* include/freetype/ftcolor.h (FT_PaintSkew): Update documentation.
* src/sfnt/ttcolr.c (read_paint): Implement spec change where
PaintRotate and PaintRotateAroundCenter were split for a more
compact format definition. Update parsing to read shorter values
as changed in the spec.
* include/freetype/ftcolor.h (FT_PaintRotate): Update documentation.
The header file `afwrtsys.h` has two distinct functions: to include the
required writing system headers and also to generate code for each writing
system. At each current use site only one or the other is used, with
various macro trickery selecting one or the other. Split this header into
`afws-decl.h` for the required writing system declarations and `afws-iter.h`
for iterating over the writing systems to generate code.
The motivation for this change is that the Visual C++ compiler treats the
standard include guard idiom like `#pragma once` 'if no non-comment code or
preprocessor directive comes before or after the standard form of the
idiom'. It appears to check this after macro expansion, so if
`WRITING_SYSTEM` expands to empty the bottom of `afwrtsys.h` is empty and
looks like the standard include guard idiom which is treated like `#pragma
once`, so subsequent inclusion of `afwrtsys.h` is elided.
Fixes#1075.
* src/autofit/afglobal.c (af_writing_system_classes), src/autofit/aftypes.h
(AF_WritingSystem), src/autofit/rules.mk (AUTOF_DRV_H): Updated.
* src/autofit/afwrtsys.h: Split into...
* src/autofit/afws-decl.h, src/autofit/afws-iter.h: New files.
==========================
Tag sources with `VER-2-11-0'.
* docs/VERSION.TXT: Add entry for version 2.11.0.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/index.html, docs/freetype-config.1:
s/2.10.4/2.11.0/, s/2104/2110/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 11.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:0:18.
* CMakeLists.txt (VERSION_MINOR): Set to 11.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (dist): Ignore more git-related files.
The code assumed that if `__SSE2__` is defined, then 64-bit integer
types are available. This is not the case apparently for certain
multilib compiler targets like 'x86_32.x86' used by Gentoo.
This patch fixes the issue by disabling the special code path when
64-bit integer types are not available.
Fixes#1071.
* src/smooth/ftgrays.c (gray_render_conic): Move variable and
structure declarations to beginning of function. Inspite of C99
compliance we still do this for the sake of backward compatibility.
This also avoids a shadowing declaration of `count`.
(gray_convert_glyph_inner): Fix typo.
Guard inclusion of emmintrin.h with "#ifdef __SSE2__". The gcc version
of this header, xmmintrin.h, and mmintrin.h check that the appropriate
defines are set before defining anything (are internally guarded).
However the clang versions of these includes are not internally guarded.
As a result of this, externally guard the inclusion of these headers.
Benchmarking shows that this provides a very slighty performance
boost when rendering fonts with lots of quadratic bezier arcs,
compared to the recursive arc splitting, but only when SSE2 is
available, or on 64-bit CPUs.
On a 2017 Core i5-7300U CPU on Linux/x86_64:
./ftbench -p -s10 -t5 -cb .../DroidSansFallbackFull.ttf
Before: 4.033 us/op (best of 5 runs for all numbers)
After: 3.876 us/op
./ftbench -p -s60 -t5 -cb .../DroidSansFallbackFull.ttf
Before: 13.467 us/op
After: 13.385 us/op
This speeds up the smooth rasterizer by avoiding a
conditional branches in the hot path. Namely:
- Define a fixed "null cell" which will be pointed
to whenever the current cell is outside of the current
target region. This avoids a "ras.cell != NULL"
check in the FT_INTEGRATE() macro.
- Also use the null cell as a sentinel at the end of
all ycells[] linked-lists, by setting its x coordinate
to INT_MAX. This avoids a 'if (!cell)' check in
gray_set_cell() as well.
- Slightly change the worker struct fields to perform
a little less operations during rendering.
Example results (on a 2013 Corei5-3337U CPU)
out/ftbench -p -s10 -t5 -bc /usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf
Before: 5.472 us/op
After: 5.275 us/op
out/ftbench -p -s60 -t5 -bc /usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf
Before: 17.988 us/op
After: 17.389 us/op
This was already true (though undocumented) most of the time, but
not if `FT_NEW` inside `FT_Stream_New` failed or if the
`FT_OPEN_XXX` flags were bad.
Normally, `FT_Open_Face` calls `FT_Stream_New`, which returns the
user-supplied stream unchanged, and in case of any subsequent error
in `FT_Open_Face`, the stream is closed via `FT_Stream_Free`.
Up to now, however, `FT_Stream_New` allocates a new stream even if
it is already given one by the user. If this allocation fails, the
user-supplied stream is not returned to `FT_Open_Face` and never
closed. Moreover, the user cannot detect this situation: all they
see is that `FT_Open_Face` returns `FT_Err_Out_Of_Memory`, but that
can also happen after a different allocation fails within the main
body of `FT_Open_Face`, when the user's stream has already been
closed by `FT_Open_Face`. It is plausible that the user stream's
`close` method frees memory allocated for the stream object itself,
so the user cannot defensively free it upon `FT_Open_Face` failure
lest it ends up doubly freed. All in all, this ends up leaking the
memory/resources used by user's stream.
Furthermore, `FT_Stream_New` simply returns an error if the
`FT_OPEN_XXX` flags are unsupported, which can mean either an
invalid combination of flags or a perfectly innocent
`FT_OPEN_STREAM` on a FreeType build that lacks stream support.
With this patch, the user-supplied stream is closed even in these
cases, so the user can be sure that if `FT_Open_Face` failed, the
stream is definitely closed.
* src/base/ftobjs.c (FT_Stream_New): Don't allocate a buffer
unnecessarily.
Move error-handling code to make the control flow more obvious.
Close user-supplied stream if the flags are unsupported.
`FT_Stream_Open` always sets `pathname.pointer`, so remove the
redundant (re)assignment. None of the `FT_Stream_Open...` functions
uses `stream->memory`, so keep just one assignment at the end,
shared among all possible control flow paths.
('Unsupported flags' that may need a stream closure can be either an
invalid combination of multiple `FT_OPEN_XXX` mode flags or a clean
`FT_OPEN_STREAM` flag on a FreeType build that lacks stream
support.)
The three modes are mutually exclusive, and the documentation of the
`FT_OPEN_XXX` constants notes this. However, there was no check to
validate this in the code, and the documentation on `FT_Open_Args`
claimed that the corresponding bits were checked in a well-defined
order, implying it was valid (if useless) to specify more than one.
Ironically, this documented order did not agree with the actual
code, so it could not be relied upon; hopefully, nobody did this and
nobody will be hurt by the new validation.
Even if multiple mode bits were allowed, they could cause memory
leaks: if both `FT_OPEN_STREAM` and `stream` are set along with
either `FT_OPEN_MEMORY` or `FT_OPEN_PATHNAME`, then `FT_Stream_New`
allocated a new stream but `FT_Open_Face` marked it as an 'external'
stream, so the stream object was never released.
* src/base/ftobjs.c (FT_Stream_New): Reject incompatible
`FT_OPEN_XXX` flags.
Move the af_sort_xxx() functions from afangles.c to afhints.c
in order to get rid of the obsolete angle-related types,
macros and function definitions.
This feature was always experimental, and probably nevery worked
properly. This patch completely removes it from the source code,
except for a documentation block describing it for historical
purpose.
This code has always been experimental and was never compiled
anyway (FT_OPTION_AUTOFIT2 does not appear in ftoption.h or even
any of our build files).
It is undefined behavior to pass `NULL` to `memcpy`. `coords' is
passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design`
explictly call `tt_set_mm_blend` with `coords` as `NULL`. In
addition, `TT_Set_MM_Blend` has a similar possible issue.
'COLR' v1 fonts do not necessarily need to have a layer list; for
this reason, 'fontTools' recently started generating fonts in a way
that drops the layer list if there are no layers in it. This
results in the layer list offset becoming zero, which FreeType
treated as an invalid table. Fix that and handle the case for layer
list offset being 0. This slightly changes how we need to calculate
the starting offset for paints.
* src/sfnt/ttcolr.c (tt_face_load_colr): Handle case of layer list
offset being zero without outright rejecting table.
The second pass also fixes horizontal lines through the pixel centers.
* src/raster/ftraster.c (black_TWorker): Do not use `second_pass'.
(Render_Glyph): Skip the second pass only with the appropriate flag.
* src/raster/ftraster.c (black_TWorker): Move `band_stack' from here..
(Render_Single_Pass): ... to here and accept limit arguments.
(Render_Glyph): Updated.
* src/raster/ftraster.c (black_TWorker): Move `arcs' from here...
(Conic_To, Cubic_To): ... to here to tighten their scope.
(Bezier_Up, Bezier_Down): ... Take the current `arc' argument.
Paint tables can appear before the `base_glyphs_v1` offset if the
font is produced with the layer list before the base glyph list. In
this case paint tables can occur after the layer list but before the
base glyph list. Checks in the 'COLR' v1 code were rejecting fonts
with this layout. Improve these checks by calculating a minimum
offset after which paint tables can occur and use that in safety
checks.
* src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare
`paint_start_v1` and calculate that as the minimum of the end of
layer list and base glyph list.
(get_child_table_pointer, read_paint, tt_face_get_paint_layers):
Use that in safety checks.
* src/raster/ftraster.c (black_TWorker): Replace the current line
offset with the pointer and drop the increment.
(Function_Sweep_Init): Take values as arguments instead of pointers.
(Vertical_Sweep_*, Horizontal_Sweep_Init, Draw_Sweep): Updated.
We can bisect a band until it is just a single scan line. This might
be slow and cause time-outs but if we need to impose limits it should
be elsewhere.
* src/raster/ftraster.c (Render_Single_Pass): Tweak sub-banding.
FT_Render_Glyph picked up FAILURE or 1 returned from the raster
function, which became a confusing error code. Instead, return
Raster_Overflow in the unlikely event that banding does not help or
another meaningful error.
* src/smooth/ftgrays.c (gray_convert_glyph_inner, gray_convert_glyph):
Use Raster_Overflow when the rendering pool is exhausted and return it
if banding does not help.
(gray_raster_render): Use Smooth_Err_Ok.
* src/raster/ftraster.c (Render_Single_Pass): Return Raster_Overflow
if banding does not help or another error code.
* include/freetype/ftcolor.h (FT_PaintTransformed, FT_PaintFormat,
FT_COLR_Paint): Do it to make it harmonize with other names such as
'PaintTranslate'.
* src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Ditto.
We need to inverse inheritance of FT_GlyphSlot_Internal so that we
have a chance to free the rendered bitmap from the parent slot.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of the child `ttslot' and replace it with the parent structure.
(T42_GlyphSlot_Done): Updated accordingly.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
in the `freetype2-testing` repository.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the
existing sanity checks, ensure that the pointer to the layer to be
read is within the 'COLR' v1 table.
* src/sdf/ftsdf.c: Include `ftbitmap.h`.
* src/sdf/ftsdfcommon.h: Move function bodies to `ftsdfcommon.c`.
Include `ftobjs.h` to get definitions of `FT_LOCAL` and friends.
* src/sdf/ftsdfcommon.c: New file.
* src/sdf/rules.mk, src/sdf/sdf.c: Updated.
Since 8-bits is enough to represent SDF data we no longer require
16-bits for this purpose. Also, we now normalize the output data
to use the entire 8-bit range efficiently. For example: if we use
3.5 format with a spread of 1 we basically only use the starting
5-bits. By normalizing we can use the entire 8-bit range.
* include/freetype/freetype.h (FT_Render_Mode): Updated description
for `FT_RENDER_MODE_SDF` regarding this change.
* include/freetype/ftimage.h (FT_Pixel_Mode): Removed
`FT_PIXEL_MODE_GRAY16` since no longer required.
* include/freetype/fttypes.h (FT_F6Dot10): Removed since no longer
required.
* src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Allocate 8-bit
bitmap instead of 16-bit buffer.
* src/sdf/ftsdfcommon.h (map_fixed_to_sdf): Added function to convert
16.16 distance value to our desired format.
* src/sdf/ftsdf.c (sdf_generate_with_overlaps,
sdf_generate_bounding_box): Use the new `map_fixed_to_sdf` function
and also use 8-bit output buffer.
* src/sdf/ftbsdf.c (finalize_sdf): Output to a 8-bit buffer instead
of 16-bit buffer.
The autohinter could not access the base (unscaled) outline in the
child TrueType glyph slot. We now share the internal parts between
the parent and child glyph slots. Fixes#1057.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of `T42_GlyphSlot' and replace it with the child TrueType structure.
(T42_GlyphSlot_Done): Updated accordingly.
While a function pointer may be cast to another function pointer
type, it is required to cast the function pointer back to the
original function pointer type before calling it. If a parameter is
a pointer the exact pointer type is required. Using a pointer to a
different underlying type is technically undefined behavior. The
wrapper functions `ft_gzip_alloc` and `ft_gzip_free` took
`FT_Memory` (a `FT_MemoryRec_*`) instead of `voidpf` (`void*`), so
when gzip calls these callbacks through `alloc_func` or `free_func`
it invokes undefined behavior. On most platforms this works out as
expected, but newer undefined behavior detectors and targets like
wasm can detect this and will produce an error.
* src/gzip/ftgzip.c (ft_gzip_alloc, ft_gzip_free): Update signatures
to exactly match `alloc_func` and `free_func`, respectively.
Internally, cast the `void*` opaque pointer to `FT_Memory`.
Fixes timeout (#1055) analyzed by Ben Wagner, reported as
https://crbug.com/1194092
* src/sfnt/ttload.c (tt_face_load_post): Check POST format.
* src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode
charmap only if the glyph names exist.
* src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and
".null".
Fixes timeout reported as
https://crbug.com/1206181
* src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it.
* src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.
Selecting the fill rule or checking the direct mode each time we call
`gray_hline' is sub-optimal. This effectively splits the direct mode
into a separate code path while inlining `gray_hline' and saving 5-7%
of rendering time.
* src/smooth/ftgrays.c (gray_hline): Eliminated in favor of...
(FT_FILL_RULE, FT_GRAY_SET): ... these new macros...
(gray_sweep): ... inlined here.
(gray_sweep_direct): New function that handles the direct span buffer.
(gray_TWorker): Remove the span buffer.
(gray_raster_render, gray_convert_glyph): Updated.
Add argument to return the actual number of bytes that were decoded.
The actual number of bytes decoded can be quite variable depending
on the number of ignored 'whitespace' bytes or early termination
with `>`.
(cid_face_open): Updated to use this calculated value. This avoids
trusting `parser->binary_length` is always be correct and reading
uninitialized bits if fewer are actually decoded.
First reported as
https://crbug.com/1203240
To reduce memory allocations, we read an entire Pascal-string buffer
and convert it to a C-string buffer. We also reject tables with
Postscript glyph names exceeding 63 bytes.
* src/sfnt/ttpost.c (load_format20): Implement it.
(load_post_names): Check the minimal POST table size.
(load_format25, tt_face_free_ps_names): Updated accordingly.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string,
sfnt_get_var_ps_name): Do not zero out the buffer.
* src/sfnt/sfobjs.c (sfnt_init_face): Ditto.
* src/sfnt/sfwoff.c (woff_open_font): Ditto.
* src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
* src/pcf/pcfread.c (pcf_interpret_style): Do not zero out the buffer.
* src/bdf/bdfdrivr.c (bdf_interpret_style): Ditto.
* src/winfonts/winfnt.c (FNT_Face_Init, FNT_Load_Glyph): Ditto.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream,
Mac_Read_sfnt_Resource): Do not zero out the buffer.
* src/base/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.
* src/base/ftrfork.c (raccess_make_file_name,
raccess_guess_darwin_hfsplus, raccess_guess_darwin_newvfs): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): Do not output
layer pointer to iterator if it is outside the 'COLR' table.
(read_paint): Do not attempt to read layers that are outside the
table.
* src/base/ftobjs.c (ft_glyphslot_clear): This function is intended
to reset all the values of a glyph slot. However, it was not
resetting the values of the advances and `glyph_index`. Reset the
advances and `glyph_index` to zero.
In commit 531d463aed
[truetype] Allocate TT_ExecContext in TT_Size instead of TT_Driver.
the `TT_ExecContext` was moved from being on the driver to being on the size
to make it easier to use FreeType in a multi-threaded environment. However,
the documentation for `TT_New_Context` was not updated and still reflects
the old behavior and parameter list.
This change updates `TT_New_Context` documentation to reflect the current
parameters and usage.
`FDEF` instructions are specified as allowed only in 'prep' or
'fpgm'. FreeType has attempted to prevent their use in the glyph
program, but they were still allowed in glyph programs if defined in
a function defined in 'prep' or 'fpgm' and called from the glyph
program.
Similarly, `IDEF` instructions are specified not to be able to
modify any existing instruction. FreeType has attempted to prevent
their use in the glyph program, but they can still be used like
`FDEF`.
This change stores the initial bytecode range type and disallows the
use of `FDEF` and `IDEF` while running the glyph program.
Most other state is copied from the `TT_Size` into the execution
context. However, it is possible for a glyph program to use `WS` to
write to the storage area or `WCVTP`, `WCVTF`, and `DELTAC[123]` to
write to the control value table.
Allowing any change to the global state from the glyph program is
problematic as the outlines of any given glyph may change based on
the order the glyphs are loaded or even how many times they are
loaded. There exist fonts that write to the storage area or the
control value table in the glyph program, so their use should not be
an error.
Possible solutions to using these in the glyph program are
* ignore the writes;
* value-level copy on write, discard modified values when finished;
* array-level copy on write, discard the copy when finished;
* array-level copy up-front.
Ignoring the writes may break otherwise good uses. A full copy
up-front was implemented, but was quite heavy as even well behaved
fonts required a full copy and the memory management that goes along
with it. Value-level copy on write could use less memory but
requires a great deal more record keeping and complexity. This
change implements array-level copy on write. If any attempt is made
to write to the control value table or the storage area when the
initial bytecode range was in a glyph program, the relevant array
will be copied to a designated storage area and the copy used for
the rest of the glyph program's execution.
* src/truetype/ttinterp.h (TT_ExecContextRec): New fields
`iniRange`, `glyfCvtSize`, `glyfCvt`, `origCvt`, `glyfStoreSize`,
`glyfStorage`, and `origStorage`.
* src/truetype/ttinterp.c (Modify_CVT_Check): New function to handle
`exc->glyfCvt`.
(Write_CVT, Write_CVT_Stretched, Move_CVT, Move_CVT_Stretched): Use
it.
(Ins_WS): Handle `exc->glyfStorage`.
(Ins_FDEF, Ins_IDEF): Updated.
(TT_RunIns): Updated.
(TT_Done_Context): Free 'glyf' CVT working and storage area.
(TT_Load_Context): Fix/add casts.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Fix cast.
* src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch
child table pointer early for all paint formats that compute a child
table pointer.
(read_color_line, read_paint): Updated.
(tt_face_get_colorline_stops): Check `colr->table`.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
Memory is allocated and the pointer assigned to `rows` inside a
'setjmp' scope. This memory must be freed outside the 'setjmp'
scope after a 'longjmp'. Since `rows` is a local and modified
inside the 'setjmp' scope it must be marked volatile or it will have
an indeterminate value after the 'longjmp'.
* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
We now record `cover' and `area' directly into the linked list. This
makes rendering faster by 10% or even more at larger sizes.
* src/smooth/ftgrays.c (FT_INTEGRATE): Write directly.
(gray_TWorker): Add direct cell reference and remove unused fields.
(gray_set_cell): Consolidate the linked list management and pointers.
(gray_convert_glyph, gray_convert_glyph_inner): Updated.
This change fixes a crash that occurs in `Load_SBit_Png` when
running on a 64-bit Windows OS. A memory access violation exception
would be raised by `setjmp` if the `jmp_buf` is not aligned to a
16-byte memory boundary. This is due to setjmp executing `movdqa`
instructions to store 128-bit XMM registers to memory, which require
correct memory alignment. This problem occurs because
`png_create_read_struct` uses `malloc` and `free` for memory
management, which only guarantees 8-byte alignment on Windows.
Instead, to fix the problem, `png_create_read_struct_2` is used on
64-bit Windows, which allows for user-defined memory allocation and
deallocation callbacks to be specified. These callbacks forward the
allocation and deallocation requests to `_aligned_alloc` and
`_aligned_free`, ensuring that the allocated `png_struct` and
internal `jmp_buf` have the requisite 16-byte alignment.
* src/sfnt/pngshim.c <_WIN64>: Include `malloc.h`.
(malloc_callback, free_callback) <_WIN64>: New functions.
(Load_SBit_Png) <_WIN64>: Use `png_create_read_struct_2` instead of
`png_create_read_struct`
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28148
* src/sfnt/sfwoff2.c (woff2_open_font): Reject fonts that have
multiple tables with the same tag. While not explicitly forbidden
in the OpenType specification, it is implicitly forbidden by
describing a binary search algorithm for tables that only works
reliably if table tags are unique.
This is for future changes with Meson, which doesn't allow a
different name for its `subprojects` directory. Having both a
`submodules` and a `subprojects` directory is confusing.
* .gitmodules, autogen.sh (copy_submodule_files, DLG_INC_DIR,
DLG_SRC_DIR): Updated.
* builds/toplevel.mk (<top-level>, do-dist),
builds/windows/vc2010/script.bat: Updated.
* src/tools/no-copyright: Updated.
* freetype.h (FT_PaintFormat): Update paint format identifiers after
a specification change. The specification was updated to have
sibling formats, variable and non-variable variants for each.
Reflect that here.
* sfnt/ttcolr.c (read_paint): Remove parsing of variable indices as
the non-variable formats no longer have them.
* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Add new macro.
* src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c,
src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c,
src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks.
Fixes#1026 when compiling FreeType with an unusual calling convention
while the C library qsort still expects cdecl.
* include/freetype/freetype.h (FT_Get_Color_Glyph_Paint):
Additional function argument root_transform to control whether
root transform should be returned.
(FT_OpaquePaint): Additional tracking field to denote whether
root transform is to be returned.
* include/freetype/internal/sfnt.h
(TT_Get_Color_Glyph_Paint_Func): Propagate additional argument.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Paint): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_colr_glyph_paint): Return root
transform reflecting the size and tranform configured on
FT_Face.
(read_paint): Initialize and track status of insert_root_transform
flag.
This ensures good logging output, with all lines having a proper
prefix (if requested).
This is a continuation of a similar patch from 2020-12-02, which
missed some locations.
It's easier to have stubs if FT_DEBUG_LOGGING is undefined than to
modify `ftexport.sym` conditionally.
Problem reported by Alexei.
* src/base/ftdebug.c: Include `ftlogging.h`.
(FT_Trace_Set_Level, FT_Trace_Set_Default_Level, FT_Set_Log_Handler,
FT_Set_Default_Log_Handler) [!FT_DEBUG_LOGGING]: Provide stubs.
* sfnt/ttcolr.c (tt_face_get_colr_glyph_paint,
tt_face_get_colorline_stops, tt_face_get_paint): Additional checks
for whether colr table is present. Prevents crashes when these
methods are called on non-COLR fonts.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Paint, FT_Get_Paint_Layers,
FT_Get_Paint, FT_Get_Colorline_Stops): Add basic sanity checks,
check for existence of `FT_Face`, check arguments and delegate calls
for the respective 'COLR' v1 API to the SFNT driver.
* include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_Paint_Func,
TT_Get_Paint_Layers_Func, TT_Get_Colorline_Stops_Func,
TT_Get_Paint_Func): New function pointer types.
(SFNT_Interface): Add them.
(FT_DEFINE_SFNT_INTERFACE): Updated.
* src/sfnt/sfdriver.c (PUT_COLOR_LAYERS_V1): New macro.
(sfnt_interface): Add new function pointers.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): New function to get
the layers of a `PaintColrLayers` table in the font, using an
`FT_LayerIterator` from an `FT_PaintColrLayers` object retrieved via
`tt_face_get_paint`.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_colorline_stops): New function to
return the current `FT_ColorStop` object from `FT_ColorStopIterator`.
Also increment the iterator.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_paint): New function to resolve an
`FT_OpaquePaint` paint reference into an `FT_COLR_Paint` object of a
certain format, which contains the detailed information stored in a
paint of the respective format.
(read_paint): New function to provide the format specific parsing
and to populate the data members of each specific `FT_COLR_Paint`
subtype.
(read_color_line): New function to parse retrieved color line
information into an `FT_ColorLine` object, which has information
about the color line extend mode as well as an
`FT_ColorStopIterator` object.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (BaseGlyphV1Record): New structure.
(tt_face_load_colr): Handle version 1 table header.
(find_base_glyph_v1_record): New auxiliary function.
(tt_face_get_colr_glyph_paint): New function to find the root
`FT_OpaquePaint` object for a given glyph ID.
* src/sfnt/ttcolr.h: Updated.
* include/freetype/freetype.h (FT_Get_Color_Glyph_Paint): New method
for retrieving the root paint object for a color glyph by specifying
a glyph ID.
(FT_Get_Paint_Layers): New method for retrieving the layers of a
`PaintColorGlyph`.
(FT_Get_ColorLine_Stops): New method for retrieving the stops of a
color.
(FT_Get_Paint): New method for resolving an `FT_OpaquePaint` into an
`FT_COLR_Paint` object.
* src/sdf/module.mk, src/sfd/rules.mk: New files.
* src/sdf/ftsdf.h (ft_sdf_raster): New forward declaration.
* include/freetype/ftmoderr.h (FT_MODERRDEF): Add error definition
for the 'sdf' module.
* include/freetype/internal/fttrace.h (FT_TRACE_DEF): Add trace
definition for the `sdf' module.
* modules.cfg (RASTER_MODULES): Add the `sdf' module to the list of
rasterizers.