If table tag is not 0x3f, we expect a value between 0 and 62. If this is
not the case, exit with errors.
* src/sfnt/sfwoff2/c: Check whether table tag makes sense.
* src/sfnt/woff2tags.c: Return 0 if tag is out of bounds.
`reconstruct_hmtx' requires `info->x_mins' and `info->num_glyphs' to
reconstruct the hmtx table. In case glyf is not transformed, we call
`get_x_mins' which does the necessary work.
(get_x_mins): New function.
(reconstruct_font): Call get_x_mins.
Set correct value of `face->num_faces' for WOFF2 fonts. This is being
handled separately because we only load the tables for the requested
font face in `woff2_open_font' and create a single-face sfnt stream.
The full discussion is at:
https://lists.gnu.org/archive/html/freetype-devel/2019-08/msg00000.html
* src/sfnt/sfobjs.c (sfnt_open_font): Add parameter `woff2_num_faces'.
(sfnt_init_face): Introduce var `woff2_num_faces', and change
`face->root.num_faces' if `woff2_num_faces' is set.
* src/sfnt/sfwoff2.c (woff2_open_font): Validate requested face index
and handle negative face indices.
* src/sfnt/sfwoff2.h (woff2_open_font): Add parameter `num_faces' to
declaration.
We do this by using `totalSfntSize' as an initial reference, and extending
the buffer when required. This reduces rendering time considerably.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add
`totalSfntSize', rename `total_sfnt_size' to `actual_sfnt_size'.
* src/sfnt/sfwoff2.c (write_buf): Add parameter `dst_size' to keep track
of and update total size of stream.
(WRITE_SFNT_BUF, WRITE_SFNT_BUF_AT): Modify macros accordingly.
(pad4, store_loca, reconstruct_glyf, reconstruct_hmtx): Update parameters
to accept `sfnt_size'.
(woff2_open_font): Add variable `sfnt_size'. Use WOFF2 header field
`totalSfntSize' as initial reference (if value makes sense) and allocate
`totalSfntSize' bytes for the sfnt stream. `write_buf' handles
reallocation if and when required. Also resize the stream to
`actual_sfnt_size' after reconstruction.
Add necessary functions to reconstruct loca and hmtx tables (the 2
remaining tables that can have a transform). `woff2_open_font' is now
capable of loading a woff2 font face. This code may still need more
refining and better memory management.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add total (final)
size of sfnt stream.
(WOFF2_InfoRec): Add header checksum value.
* src/sfnt/sfobjs.c (sfnt_open_font): Change `face_instance_index' parameter
to its pointer so its value can be modified by `woff2_open_font'.
* src/sfnt/sfwoff2.c: (WRITE_SFNT_BUF_AT): New macro to write into sfnt
buffer at given position.
(write_buf): Add parameter `extend_buf' which allows caller to specify
whether buffer should be reallocated before copying data. Modify macro
`WRITE_SFNT_BUF' accordingly.
(pad4): New function to pad buffer to closest multiple of 4.
(store_loca): Store loca values (provided by `reconstruct_glyf') to output
stream.
(reconstruct_glyf): Calculate loca values and store them.
(reconstruct_hmtx): Reconstruct transformed hmtx table.
(reconstruct_font): Call `reconstruct_hmtx', write table record entries, and
calculate table checksums. Also calculate font checksum and update
`checksumAdjustment' entry in head table.
(woff2_open_font): Open stream for sfnt buffer, swap out input stream and
return.
* src/sfnt/sfwoff2.h (woff2_open_font): Modify parameter to accept pointer
to `face_index'.
Reconstruct `glyf' table if it is transformed in the uncompressed table
stream. Also add necessary structures, macros and functions.
* include/freetype/internal/wofftypes.h (WOFF2_InfoRec,
WOFF2_SubstreamRec, WOFF2_PointRec): New structures.
* src/sfnt/sfwoff2.c (READ_255USHORT, READ_BASE128): Use `FT_SET_ERROR'
to set implicit `error' variable.
(WRITE_SHORT): New macro.
(N_CONTOUR_STREAM, N_POINTS_STREAM, FLAG_STREAM, GLYPH_STREAM,
COMPOSITE_STREAM, BBOX_STREAM, INSTRUCTION_STREAM): New macros to refer
to substreams of the transformed `glyf' tables.
(Read255UShort, ReadBase128): Return errors set by `FT_READ_XXX' macros.
(with_sign, safe_int_addition): New functions to add sign to values
based on a flag and perform safe addition respectively.
(triplet_decode): Decode variable-length (flag, xCoordinate, yCoordinate)
triplet for a simple glyph. See
https://www.w3.org/TR/WOFF2/#triplet_decoding
(store_points): Store decoded points in the glyph buffer.
(compute_bbox): Derive bounding box for a glyph by computing the minimum
and maximum x and y coordinates in the outline.
(reconstruct_glyf): Main routine to reconstruct transformed `glyf' table.
(reconstruct_font): Call `reconstruct_glyf'.
* src/sfnt/sfwoff2.h: Add required constants.
* src/sfnt/woff2tags.h: Move out constants to `sfwoff2.h'.
Copy un-transformed tables to the sfnt stream.
* src/sfnt/sfwoff2.c: (WRITE_SFNT_BUF): New macro.
(write_buf): New function. Extend memory of `dst' buffer and copy bytes
from `src'.
(compute_ULong_sum): New function. Calculate checksum of table.
(woff2_uncompress): Change `FT_Byte* sfnt' to `FT_Byte** sfnt_bytes'.
This has been done because we reallocate memory to `sfnt' multiple
times, which may change the pointer value of `sfnt'. This new pointer
must be propogated back to the caller. Same reason for using a double
pointer in `write_buf'.
* src/sfnt/woff2tags.h: Define default max size to prevent overflow.
Uncompressed buffer is now an `FT_Stream'.
Perform basic checks and start iterating over tables.
* src/sfnt/sfwoff2.c (stream_close, find_table, read_num_hmetrics): New
functions.
(reconstruct_font): Modify params and iterate over tables.
We `handle' TTCs by modifying the `indices' array to point to only those
tables that are part of the requested `face_index'.
Set and use `num_tables' in `WOFF2_TtcFont'.
Start reconstruction of font.
* src/sfnt/sfwoff2.c (reconstruct_font): New function.
Change `KnownTags' to a function (`woff2_known_tags'). This avoids
introducing a global constant array. This function returns the specified
index without *any* checks. The caller must ensure that `index' is
within array limits.
* src/sfnt/sfwoff2.c (woff2_open_font): Change `KnownTags[...]' notation
to `woff2_known_tags( ... )'.
* src/sfnt/woff2tags.c: Perform changes.
* src/sfnt/woff2tags.h: Update definitions.
WOFF2 compressed stream is now uncompressed if Brotli is available. This
data is stored in a separate buffer (uncompressed_buf) because it does
not contain direct table data. Certain tables have transformations
applied to them, and they must be reconstructed before we can write
those tables to the SFNT stream.
`face_index' is now being passed as a parameter to `woff2_open_font'.
* src/sfnt/sfobjs.c (sfnt_open_font): Add parameter
`face_instance_index'.
* src/sfnt/sfwoff2.c (woff2_uncompress): New function.
(woff2_open_font): Call `woff2_uncompress'.
* src/sfnt/sfwoff2.h (woff2_open_font): Modify declaration.
Add constants required for WOFF2, and known table tags as defined in the
specification. See
https://www.w3.org/TR/WOFF2/#table_dir_format
for details.
* src/sfnt/woff2tags.c, src/sfnt/woff2tags.h: New files.
Check for WOFF2 tag, call `woff2_open_font', and implement it to read
header according to specification.
* include/freetype/internal/fttrace.h: Add `sfwoff2.c'.
* src/sfnt/rules.mk: Add `sfwoff2.c'.
* src/sfnt/sfnt.c: Include `sfwoff2.c'.
* src/sfnt/sfobjs.c: Check for `wOF2' tag and call `woff2_open_font'.
* src/sfnt/sfwoff2.c, src/sfnt/sfwoff2.h: New files.
* src/autofit/afglobal.c (af_face_global_get_metrics): Start again
(with dummy hinter module) if no blue zones are present.
* src/autofit/aflatin.c (af_latin_metrics_init_blues): Change
signature to return error code.
If no blue zones are found, update `glyph_styles' array to hold
AF_STYLE_NONE_DFLT instead of the current style.
(af_latin_metrics_init): Return internal error code if no blue zones
are found.
The buffer size FT_MAX_GRAY_SPANS is set to 10 spans, which should be
enough to cover the entire scanline for simple glyphs in most cases:
each slightly slanted edge needs up to two spans, plus a filling span
in-between. This is not new, we used to do it before cb4388783c.
* src/smooth/ftgrays.c (gray_TWorker): Add `spans' and `num_spans'.
(gray_hline, gray_sweep): Implement the span buffering.
(gray_raster_render): Use negative `num_spans' to avoid the direct
mode.
Up to now, only the unscaled CVT values were varied; in other words,
the `CVAR' data was never used for bytecode hinting.
* src/truetype/ttgxvar.c (tt_cvt_ready_iterator): New auxiliary
function.
(tt_face_vary_cvt): Use it to trigger rescaling of CVT values.
If `CVAR' data is applied to variation fonts, fractional values are
possible.
* include/freetype/internal/tttypes.h (TT_FaceRec): Change type of
`cvt' from `FT_Short' to `FT_Int32'.
* src/truetype/ttgxvar.c (FT_fdot6ToFixed): New macro.
(tt_face_vary_cvt): Use it to update code to 26.6 format.
* src/truetype/ttobjs.c (tt_size_run_prep): Update code to 26.6
format.
* src/truetype/ttpload.c (tt_face_load_cvt): Stora data in 26.6
format.
Very embarassing :-)
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14701https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14705https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14710
* src/truetype/ttgload.c (IS_DEFAULT_INSTANCE): Move up and add
argument; update all callers.
(TT_Process_Simple_Glyph): Use it. The `unrounded' array is active
for variation fonts only, thus also enclose related code with
`#ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT ... #endif' where
necessary.
Revert commit a113e5d from 2019-05-09, and don't use `extra_points2'
but allocate a temporary array.
Speed up the scaling of the `unrounded' array.
* src/truetype/ttgxvar.c (FT_fixedToInt, FT_FixedToFdot6): Fix type
conversions and rounding. The unsigned type must have more or equal
bits to the signed type.
This patch make FreeType use font units in 26.6 format internally
instead of integers.
* src/truetype/ttgxvar.c (FT_fixedToFdot6): New macro.
(TT_Vary_Apply_Glyph_Deltas): Add argument to output unrounded font
coordinates.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Use
`extra_points2' array to temporarily hold unrounded point
coordinates; use them to compute scaled coordinates and linear
advance width and height.
(load_truetype_code): Adjust similarly.