* src/base/ftstream.c (FT_Stream_ReadUShort, FT_Stream_ReadUOffset,
FT_Stream_ReadULong and their LE variants): Remove unnecessary
initialization and slightly refactor.
(FT_Stream_GetByte, FT_Stream_ReadByte): Rename to return unsigned
value and align with sister functions.
* include/freetype/internal/ftstream.h (FT_Stream_GetByte,
FT_Stream_ReadByte): Update prototypes and caller macros.
* src/smooth/ftgrays.c (FT_UDIVPREP, FT_UDIV): Reduce shift.
Smaller shifts that keep the division operands of FT_UDIVPREP within
32 bits result in slightly faster divisions, which is noticeable in
the overall performance. The loss of precision is tolerable until the
divisors (the components dx and dy) approach 32 - PIXEL_BITS. With
PIXEL_BITS = 8, this corresponds to 65,000 pixels or the bitmap size
that we refuse to render anyway.
Using `ftbench -p -s60 -t5 -bc timesi.ttf`,
Before: 8.52 us/op
After: 8.32 us/op
MSVC does not set `__SSE2__`. Instead one must check whether `_M_IX86_FP` is
defined and greater than or equal to 2.
* src/smooth/ftgrays.c (FT_SSE2): New macro.
Use it where appropriate.
* src/truetype/ttobjs.c (tt_check_trickyness_family): For the case
that the beginning part of a long tricky family name is already
registered as another tricky family name, no need to double-check
the longer one. Such long tricky family names are removed from
the `trick_names'.
* src/truetype/ttobjs.c (tt_skip_pdffont_random_tag):
New function to skip the randomization tag in the names of the
fonts embedded in a PDF. It is used by tt_check_trickyness_family(),
to keep from mistaking "DLC" in the randomization tag as a
tricky font name. See discussion in:
https://lists.nongnu.org/archive/html/freetype-devel/2021-02/msg00002.html
For technical detail about the randomization tag, please find
PDF Reference 5.5.3 "Font Subsets". Thanks to Justyna Wawrzynska
for pointing out the issue caused by the randomization tag.
Thanks to Ting717 for providing sample PDF. Fixes#1087.
* src/truetype/ttobjs.c (tt_check_trickyness_sfnt_ids): Add
checksums for 2 tricky fonts `DFHei-Bd-WIN-HK-BF' and
`DFMing-Md-WIN-HK-BF'.
Put the null cell at the end of the pool and store it explicitly so that
we can use it as both the limit and the dumpster.
* src/smooth/ftgrays.c (gray_TWorker): Store the last `cell_null` and
remove unnecesary fields.
(NULL_CELL_PTR, CELL_IS_NULL): Remove in favor of explicit `cell_null`.
(gray_dump_cells, gray_set_cell, gray_sweep{,_direct}): Update callers.
(gray_convert_glyph_inner): Trace remaining cells (oh well).
(gray_convert_glyph): Set up `cell_null` and slightly improve the pool
management.
The optional 'COLR' v1 glyph-specific clip box helps upstream graphics
libraries allocate a sufficiently large bitmap for a glyph without having to
traverse the glyph graph for that. See
https://github.com/googlefonts/colr-gradients-spec/issues/251
for background on the introduction of this specification change.
* include/freetype/ftcolor.h (FT_ClipBox): New structure.
(FT_Get_Color_Glyph_ClipBox): New function declaration.
* include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_ClipBox_Func):
New function type.
(SFNT_Interface, FT_DEFINE_SFNT_INTERFACE): Use it.
* src/base/ftobjs.c (FT_Get_Color_Glyph_ClipBox): New function to link API
with SFNT implementation.
* src/sfnt/sfdriver.c (sfnt_interface): Updated.
* src/sfnt/ttcolr.c (Colr): New field `clip_list`.
(tt_face_load_colr): Parse global clip list offset.
(tt_face_get_color_glyph_clipbox): New function to find the clip box for a
glyph id from the clip list array.
* src/sfnt/ttcolr.h: Updated.
* src/sdf/ftbsdf.c (first_pass, second_pass): Fix range during forward pass.
Otherwise the index goes out of range for the last column.
Fixes issue #1077.
Do not generate SDF from bitmap if the `FT_GLYPH_OWN_BITMAP` flag is not
set. In some cases the bitmap buffer is freed but still points to a valid
address; to handle those cases check the flag before accessing the memory.
* src/sdf/ftsdfrend.c (ft_bsdf_render): Handle the above case.
Also, return an error message if the bitmap's rows/pitch is invalid,
otherwise `slot->buffer` might be assigned to some invalid memory location.
(ft_sdf_render): Same as above.
Plus, move the outline back to original state after rasterization and not if
any error occurs.
Signed-off-by: Anuj Verma <anujv@iitbhilai.ac.in>
* src/sfnt/ttcolr.c (read_paint): PaintSweepGradient follows other
spec changes and now has the angles specified as F2DOT14, reflect
that in the implementation.
* include/freetype/ftcolor.h (FT_PaintSweepGradient): Update
documentation.
* src/sfnt/ttcolr.c (read_paint): Implement spec change where
affine transform matrix is now referenced by offset instead of
being placed inline in the PaintTransform table.
* src/sfnt/ttcolr.c (read_paint): Implement spec changes around
PaintSkew, PaintSkewAroundCenter. Update parsing to read shorter
values as changed in the spec.
* include/freetype/ftcolor.h (FT_PaintSkew): Update documentation.
* src/sfnt/ttcolr.c (read_paint): Implement spec change where
PaintRotate and PaintRotateAroundCenter were split for a more
compact format definition. Update parsing to read shorter values
as changed in the spec.
* include/freetype/ftcolor.h (FT_PaintRotate): Update documentation.
The header file `afwrtsys.h` has two distinct functions: to include the
required writing system headers and also to generate code for each writing
system. At each current use site only one or the other is used, with
various macro trickery selecting one or the other. Split this header into
`afws-decl.h` for the required writing system declarations and `afws-iter.h`
for iterating over the writing systems to generate code.
The motivation for this change is that the Visual C++ compiler treats the
standard include guard idiom like `#pragma once` 'if no non-comment code or
preprocessor directive comes before or after the standard form of the
idiom'. It appears to check this after macro expansion, so if
`WRITING_SYSTEM` expands to empty the bottom of `afwrtsys.h` is empty and
looks like the standard include guard idiom which is treated like `#pragma
once`, so subsequent inclusion of `afwrtsys.h` is elided.
Fixes#1075.
* src/autofit/afglobal.c (af_writing_system_classes), src/autofit/aftypes.h
(AF_WritingSystem), src/autofit/rules.mk (AUTOF_DRV_H): Updated.
* src/autofit/afwrtsys.h: Split into...
* src/autofit/afws-decl.h, src/autofit/afws-iter.h: New files.
==========================
Tag sources with `VER-2-11-0'.
* docs/VERSION.TXT: Add entry for version 2.11.0.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/index.html, docs/freetype-config.1:
s/2.10.4/2.11.0/, s/2104/2110/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 11.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:0:18.
* CMakeLists.txt (VERSION_MINOR): Set to 11.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (dist): Ignore more git-related files.
The code assumed that if `__SSE2__` is defined, then 64-bit integer
types are available. This is not the case apparently for certain
multilib compiler targets like 'x86_32.x86' used by Gentoo.
This patch fixes the issue by disabling the special code path when
64-bit integer types are not available.
Fixes#1071.
* src/smooth/ftgrays.c (gray_render_conic): Move variable and
structure declarations to beginning of function. Inspite of C99
compliance we still do this for the sake of backward compatibility.
This also avoids a shadowing declaration of `count`.
(gray_convert_glyph_inner): Fix typo.
Guard inclusion of emmintrin.h with "#ifdef __SSE2__". The gcc version
of this header, xmmintrin.h, and mmintrin.h check that the appropriate
defines are set before defining anything (are internally guarded).
However the clang versions of these includes are not internally guarded.
As a result of this, externally guard the inclusion of these headers.
Benchmarking shows that this provides a very slighty performance
boost when rendering fonts with lots of quadratic bezier arcs,
compared to the recursive arc splitting, but only when SSE2 is
available, or on 64-bit CPUs.
On a 2017 Core i5-7300U CPU on Linux/x86_64:
./ftbench -p -s10 -t5 -cb .../DroidSansFallbackFull.ttf
Before: 4.033 us/op (best of 5 runs for all numbers)
After: 3.876 us/op
./ftbench -p -s60 -t5 -cb .../DroidSansFallbackFull.ttf
Before: 13.467 us/op
After: 13.385 us/op
This speeds up the smooth rasterizer by avoiding a
conditional branches in the hot path. Namely:
- Define a fixed "null cell" which will be pointed
to whenever the current cell is outside of the current
target region. This avoids a "ras.cell != NULL"
check in the FT_INTEGRATE() macro.
- Also use the null cell as a sentinel at the end of
all ycells[] linked-lists, by setting its x coordinate
to INT_MAX. This avoids a 'if (!cell)' check in
gray_set_cell() as well.
- Slightly change the worker struct fields to perform
a little less operations during rendering.
Example results (on a 2013 Corei5-3337U CPU)
out/ftbench -p -s10 -t5 -bc /usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf
Before: 5.472 us/op
After: 5.275 us/op
out/ftbench -p -s60 -t5 -bc /usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf
Before: 17.988 us/op
After: 17.389 us/op
This was already true (though undocumented) most of the time, but
not if `FT_NEW` inside `FT_Stream_New` failed or if the
`FT_OPEN_XXX` flags were bad.
Normally, `FT_Open_Face` calls `FT_Stream_New`, which returns the
user-supplied stream unchanged, and in case of any subsequent error
in `FT_Open_Face`, the stream is closed via `FT_Stream_Free`.
Up to now, however, `FT_Stream_New` allocates a new stream even if
it is already given one by the user. If this allocation fails, the
user-supplied stream is not returned to `FT_Open_Face` and never
closed. Moreover, the user cannot detect this situation: all they
see is that `FT_Open_Face` returns `FT_Err_Out_Of_Memory`, but that
can also happen after a different allocation fails within the main
body of `FT_Open_Face`, when the user's stream has already been
closed by `FT_Open_Face`. It is plausible that the user stream's
`close` method frees memory allocated for the stream object itself,
so the user cannot defensively free it upon `FT_Open_Face` failure
lest it ends up doubly freed. All in all, this ends up leaking the
memory/resources used by user's stream.
Furthermore, `FT_Stream_New` simply returns an error if the
`FT_OPEN_XXX` flags are unsupported, which can mean either an
invalid combination of flags or a perfectly innocent
`FT_OPEN_STREAM` on a FreeType build that lacks stream support.
With this patch, the user-supplied stream is closed even in these
cases, so the user can be sure that if `FT_Open_Face` failed, the
stream is definitely closed.
* src/base/ftobjs.c (FT_Stream_New): Don't allocate a buffer
unnecessarily.
Move error-handling code to make the control flow more obvious.
Close user-supplied stream if the flags are unsupported.
`FT_Stream_Open` always sets `pathname.pointer`, so remove the
redundant (re)assignment. None of the `FT_Stream_Open...` functions
uses `stream->memory`, so keep just one assignment at the end,
shared among all possible control flow paths.
('Unsupported flags' that may need a stream closure can be either an
invalid combination of multiple `FT_OPEN_XXX` mode flags or a clean
`FT_OPEN_STREAM` flag on a FreeType build that lacks stream
support.)
The three modes are mutually exclusive, and the documentation of the
`FT_OPEN_XXX` constants notes this. However, there was no check to
validate this in the code, and the documentation on `FT_Open_Args`
claimed that the corresponding bits were checked in a well-defined
order, implying it was valid (if useless) to specify more than one.
Ironically, this documented order did not agree with the actual
code, so it could not be relied upon; hopefully, nobody did this and
nobody will be hurt by the new validation.
Even if multiple mode bits were allowed, they could cause memory
leaks: if both `FT_OPEN_STREAM` and `stream` are set along with
either `FT_OPEN_MEMORY` or `FT_OPEN_PATHNAME`, then `FT_Stream_New`
allocated a new stream but `FT_Open_Face` marked it as an 'external'
stream, so the stream object was never released.
* src/base/ftobjs.c (FT_Stream_New): Reject incompatible
`FT_OPEN_XXX` flags.
Move the af_sort_xxx() functions from afangles.c to afhints.c
in order to get rid of the obsolete angle-related types,
macros and function definitions.
This feature was always experimental, and probably nevery worked
properly. This patch completely removes it from the source code,
except for a documentation block describing it for historical
purpose.
This code has always been experimental and was never compiled
anyway (FT_OPTION_AUTOFIT2 does not appear in ftoption.h or even
any of our build files).
It is undefined behavior to pass `NULL` to `memcpy`. `coords' is
passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design`
explictly call `tt_set_mm_blend` with `coords` as `NULL`. In
addition, `TT_Set_MM_Blend` has a similar possible issue.
'COLR' v1 fonts do not necessarily need to have a layer list; for
this reason, 'fontTools' recently started generating fonts in a way
that drops the layer list if there are no layers in it. This
results in the layer list offset becoming zero, which FreeType
treated as an invalid table. Fix that and handle the case for layer
list offset being 0. This slightly changes how we need to calculate
the starting offset for paints.
* src/sfnt/ttcolr.c (tt_face_load_colr): Handle case of layer list
offset being zero without outright rejecting table.
The second pass also fixes horizontal lines through the pixel centers.
* src/raster/ftraster.c (black_TWorker): Do not use `second_pass'.
(Render_Glyph): Skip the second pass only with the appropriate flag.
* src/raster/ftraster.c (black_TWorker): Move `band_stack' from here..
(Render_Single_Pass): ... to here and accept limit arguments.
(Render_Glyph): Updated.
* src/raster/ftraster.c (black_TWorker): Move `arcs' from here...
(Conic_To, Cubic_To): ... to here to tighten their scope.
(Bezier_Up, Bezier_Down): ... Take the current `arc' argument.
Paint tables can appear before the `base_glyphs_v1` offset if the
font is produced with the layer list before the base glyph list. In
this case paint tables can occur after the layer list but before the
base glyph list. Checks in the 'COLR' v1 code were rejecting fonts
with this layout. Improve these checks by calculating a minimum
offset after which paint tables can occur and use that in safety
checks.
* src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare
`paint_start_v1` and calculate that as the minimum of the end of
layer list and base glyph list.
(get_child_table_pointer, read_paint, tt_face_get_paint_layers):
Use that in safety checks.
* src/raster/ftraster.c (black_TWorker): Replace the current line
offset with the pointer and drop the increment.
(Function_Sweep_Init): Take values as arguments instead of pointers.
(Vertical_Sweep_*, Horizontal_Sweep_Init, Draw_Sweep): Updated.
We can bisect a band until it is just a single scan line. This might
be slow and cause time-outs but if we need to impose limits it should
be elsewhere.
* src/raster/ftraster.c (Render_Single_Pass): Tweak sub-banding.
FT_Render_Glyph picked up FAILURE or 1 returned from the raster
function, which became a confusing error code. Instead, return
Raster_Overflow in the unlikely event that banding does not help or
another meaningful error.
* src/smooth/ftgrays.c (gray_convert_glyph_inner, gray_convert_glyph):
Use Raster_Overflow when the rendering pool is exhausted and return it
if banding does not help.
(gray_raster_render): Use Smooth_Err_Ok.
* src/raster/ftraster.c (Render_Single_Pass): Return Raster_Overflow
if banding does not help or another error code.
* include/freetype/ftcolor.h (FT_PaintTransformed, FT_PaintFormat,
FT_COLR_Paint): Do it to make it harmonize with other names such as
'PaintTranslate'.
* src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Ditto.
We need to inverse inheritance of FT_GlyphSlot_Internal so that we
have a chance to free the rendered bitmap from the parent slot.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of the child `ttslot' and replace it with the parent structure.
(T42_GlyphSlot_Done): Updated accordingly.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
in the `freetype2-testing` repository.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the
existing sanity checks, ensure that the pointer to the layer to be
read is within the 'COLR' v1 table.
* src/sdf/ftsdf.c: Include `ftbitmap.h`.
* src/sdf/ftsdfcommon.h: Move function bodies to `ftsdfcommon.c`.
Include `ftobjs.h` to get definitions of `FT_LOCAL` and friends.
* src/sdf/ftsdfcommon.c: New file.
* src/sdf/rules.mk, src/sdf/sdf.c: Updated.
Since 8-bits is enough to represent SDF data we no longer require
16-bits for this purpose. Also, we now normalize the output data
to use the entire 8-bit range efficiently. For example: if we use
3.5 format with a spread of 1 we basically only use the starting
5-bits. By normalizing we can use the entire 8-bit range.
* include/freetype/freetype.h (FT_Render_Mode): Updated description
for `FT_RENDER_MODE_SDF` regarding this change.
* include/freetype/ftimage.h (FT_Pixel_Mode): Removed
`FT_PIXEL_MODE_GRAY16` since no longer required.
* include/freetype/fttypes.h (FT_F6Dot10): Removed since no longer
required.
* src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Allocate 8-bit
bitmap instead of 16-bit buffer.
* src/sdf/ftsdfcommon.h (map_fixed_to_sdf): Added function to convert
16.16 distance value to our desired format.
* src/sdf/ftsdf.c (sdf_generate_with_overlaps,
sdf_generate_bounding_box): Use the new `map_fixed_to_sdf` function
and also use 8-bit output buffer.
* src/sdf/ftbsdf.c (finalize_sdf): Output to a 8-bit buffer instead
of 16-bit buffer.
The autohinter could not access the base (unscaled) outline in the
child TrueType glyph slot. We now share the internal parts between
the parent and child glyph slots. Fixes#1057.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of `T42_GlyphSlot' and replace it with the child TrueType structure.
(T42_GlyphSlot_Done): Updated accordingly.
While a function pointer may be cast to another function pointer
type, it is required to cast the function pointer back to the
original function pointer type before calling it. If a parameter is
a pointer the exact pointer type is required. Using a pointer to a
different underlying type is technically undefined behavior. The
wrapper functions `ft_gzip_alloc` and `ft_gzip_free` took
`FT_Memory` (a `FT_MemoryRec_*`) instead of `voidpf` (`void*`), so
when gzip calls these callbacks through `alloc_func` or `free_func`
it invokes undefined behavior. On most platforms this works out as
expected, but newer undefined behavior detectors and targets like
wasm can detect this and will produce an error.
* src/gzip/ftgzip.c (ft_gzip_alloc, ft_gzip_free): Update signatures
to exactly match `alloc_func` and `free_func`, respectively.
Internally, cast the `void*` opaque pointer to `FT_Memory`.
Fixes timeout (#1055) analyzed by Ben Wagner, reported as
https://crbug.com/1194092
* src/sfnt/ttload.c (tt_face_load_post): Check POST format.
* src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode
charmap only if the glyph names exist.
* src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and
".null".
Fixes timeout reported as
https://crbug.com/1206181
* src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it.
* src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.
Selecting the fill rule or checking the direct mode each time we call
`gray_hline' is sub-optimal. This effectively splits the direct mode
into a separate code path while inlining `gray_hline' and saving 5-7%
of rendering time.
* src/smooth/ftgrays.c (gray_hline): Eliminated in favor of...
(FT_FILL_RULE, FT_GRAY_SET): ... these new macros...
(gray_sweep): ... inlined here.
(gray_sweep_direct): New function that handles the direct span buffer.
(gray_TWorker): Remove the span buffer.
(gray_raster_render, gray_convert_glyph): Updated.
Add argument to return the actual number of bytes that were decoded.
The actual number of bytes decoded can be quite variable depending
on the number of ignored 'whitespace' bytes or early termination
with `>`.
(cid_face_open): Updated to use this calculated value. This avoids
trusting `parser->binary_length` is always be correct and reading
uninitialized bits if fewer are actually decoded.
First reported as
https://crbug.com/1203240
To reduce memory allocations, we read an entire Pascal-string buffer
and convert it to a C-string buffer. We also reject tables with
Postscript glyph names exceeding 63 bytes.
* src/sfnt/ttpost.c (load_format20): Implement it.
(load_post_names): Check the minimal POST table size.
(load_format25, tt_face_free_ps_names): Updated accordingly.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string,
sfnt_get_var_ps_name): Do not zero out the buffer.
* src/sfnt/sfobjs.c (sfnt_init_face): Ditto.
* src/sfnt/sfwoff.c (woff_open_font): Ditto.
* src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
* src/pcf/pcfread.c (pcf_interpret_style): Do not zero out the buffer.
* src/bdf/bdfdrivr.c (bdf_interpret_style): Ditto.
* src/winfonts/winfnt.c (FNT_Face_Init, FNT_Load_Glyph): Ditto.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream,
Mac_Read_sfnt_Resource): Do not zero out the buffer.
* src/base/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.
* src/base/ftrfork.c (raccess_make_file_name,
raccess_guess_darwin_hfsplus, raccess_guess_darwin_newvfs): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): Do not output
layer pointer to iterator if it is outside the 'COLR' table.
(read_paint): Do not attempt to read layers that are outside the
table.
* src/base/ftobjs.c (ft_glyphslot_clear): This function is intended
to reset all the values of a glyph slot. However, it was not
resetting the values of the advances and `glyph_index`. Reset the
advances and `glyph_index` to zero.
In commit 531d463aed
[truetype] Allocate TT_ExecContext in TT_Size instead of TT_Driver.
the `TT_ExecContext` was moved from being on the driver to being on the size
to make it easier to use FreeType in a multi-threaded environment. However,
the documentation for `TT_New_Context` was not updated and still reflects
the old behavior and parameter list.
This change updates `TT_New_Context` documentation to reflect the current
parameters and usage.
`FDEF` instructions are specified as allowed only in 'prep' or
'fpgm'. FreeType has attempted to prevent their use in the glyph
program, but they were still allowed in glyph programs if defined in
a function defined in 'prep' or 'fpgm' and called from the glyph
program.
Similarly, `IDEF` instructions are specified not to be able to
modify any existing instruction. FreeType has attempted to prevent
their use in the glyph program, but they can still be used like
`FDEF`.
This change stores the initial bytecode range type and disallows the
use of `FDEF` and `IDEF` while running the glyph program.
Most other state is copied from the `TT_Size` into the execution
context. However, it is possible for a glyph program to use `WS` to
write to the storage area or `WCVTP`, `WCVTF`, and `DELTAC[123]` to
write to the control value table.
Allowing any change to the global state from the glyph program is
problematic as the outlines of any given glyph may change based on
the order the glyphs are loaded or even how many times they are
loaded. There exist fonts that write to the storage area or the
control value table in the glyph program, so their use should not be
an error.
Possible solutions to using these in the glyph program are
* ignore the writes;
* value-level copy on write, discard modified values when finished;
* array-level copy on write, discard the copy when finished;
* array-level copy up-front.
Ignoring the writes may break otherwise good uses. A full copy
up-front was implemented, but was quite heavy as even well behaved
fonts required a full copy and the memory management that goes along
with it. Value-level copy on write could use less memory but
requires a great deal more record keeping and complexity. This
change implements array-level copy on write. If any attempt is made
to write to the control value table or the storage area when the
initial bytecode range was in a glyph program, the relevant array
will be copied to a designated storage area and the copy used for
the rest of the glyph program's execution.
* src/truetype/ttinterp.h (TT_ExecContextRec): New fields
`iniRange`, `glyfCvtSize`, `glyfCvt`, `origCvt`, `glyfStoreSize`,
`glyfStorage`, and `origStorage`.
* src/truetype/ttinterp.c (Modify_CVT_Check): New function to handle
`exc->glyfCvt`.
(Write_CVT, Write_CVT_Stretched, Move_CVT, Move_CVT_Stretched): Use
it.
(Ins_WS): Handle `exc->glyfStorage`.
(Ins_FDEF, Ins_IDEF): Updated.
(TT_RunIns): Updated.
(TT_Done_Context): Free 'glyf' CVT working and storage area.
(TT_Load_Context): Fix/add casts.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Fix cast.
* src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch
child table pointer early for all paint formats that compute a child
table pointer.
(read_color_line, read_paint): Updated.
(tt_face_get_colorline_stops): Check `colr->table`.
Alexei Podtelezhnikov