The previous fix for #46372 misunderstood a composite glyph referring
same component twice as a recursive reference. See the discussion
http://lists.gnu.org/archive/html/freetype/2016-05/msg00000.html
Thanks to Khaled Hosny for finding this issue.
* src/truetype/ttgload.c (ft_list_get_node_at): A function to get
the i-th node from FT_List. (load_truetype_glyph): In the traversal
scan of the reference tree in the composite glyph, we clear the
nodes filled by previous sibling chain.
* include/freetype/internal/tttypes.h (TT_LoaderRec): New field
`composites'.
* src/truetype/ttgload.c: Include FT_LIST_H.
(load_truetype_glyph): Add composite subglyph index to a list;
abort if index is already in list.
(tt_loader_init): Updated.
(tt_loader_done): New function.
(TT_Load_Glyph): Call `tt_loader_done'.
* src/base/ftrfork.c (FT_Raccess_Get_HeaderInfo): Only accept
positive values from header.
Check overflow.
* src/base/ftoutln.c (SCALED): Correctly handle left-shift of
negative values.
* src/bdf/bdf.h (_bdf_glyph_modified, _bdf_set_glyph_modified,
_bdf_clear_glyph_modified): Use unsigned long constant.
* src/bdf/bdfdrivr.c (BDF_Size_Select, BDF_Glyph_Load): Don't
left-shift values that can be negative.
* src/pcf/pcfdrivr.c (PCF_Size_Select, PCF_Glyph_Load): Don't
left-shift values that can be negative.
* src/raster/ftraster.c (SCALED): Correctly handle left-shift of
negative values.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Don't left-shift
values that can be negative.
* src/truetype/ttgload.c (TT_Load_Composite_Glyph,
compute_glyph_metrics, load_sbit_image): Don't left-shift values
that can be negative.
This is completely missing in Apple's documentation: If a `gvar'
tuple uses private point numbers (this is, deltas are specified for
some points only), the uncovered points must be interpolated for
this tuple similar to the IUP bytecode instruction. Examples that
need this functionality are glyphs `Oslash' and `Q' in Skia.ttf.
* src/truetype/ttgxvar.c (tt_delta_shift, tt_delta_interpolate,
tt_handle_deltas): New functions.
(TT_Vary_Get_Glyph_Deltas): Renamed to...
(TT_Vary_Apply_Glyph_Deltas): ... this; it directly processes the
points and does no longer return an array of deltas.
Add tracing information.
Call `tt_handle_deltas' to interpolate missing deltas.
Also fix a minor memory leak in case of error.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Updated.
* src/truetype/ttgload.c, src/truetype/ttinterp.c: Guard new code
with `TT_CONFIG_OPTION_SUBPIXEL_HINTING'.
Problem reported by Nikolaus Waxweiler <madigens@gmail.com>.
This flag activates `native ClearType hinting', disabling backwards
compatibility mode as described in Greg Hitchcocks whitepaper. In
other words, it enables unrestricted functionality of all TrueType
instructions in ClearType.
* src/truetype/ttgload.c (tt_get_metrics): Call `sph_set_tweaks'
unconditionally.
(tt_loader_init): Unset `ignore_x_mode' flag if bit 2 of
`GS.instruct_control' is active.
* src/truetype/ttinterp.c (Ins_INSTCTRL): Handle selector index 3.
(Ins_GETINFO): Updated.
* docs/CHANGES: Document it.
* src/truetype/ttgload.c (TT_Load_Composite_Glyph): If the
ARGS_ARE_XY_VALUES flag is not set, handle argument values as
unsigned. I trust `ttx' (which has exactly such code) that it does
the right thing here...
The reason that noone has ever noticed this bug is probably the fact
that point-aligned subglyphs are rare, as are subglyphs with a
number of points in the range [128;255], which is quite large (or
even in the range [32768;65535], which is extremely unlikely).
* src/truetype/ttgload.c (load_truetype_glyph): For incremental
fonts, the glyph index may be greater than the number of glyphs
indicated, so guard the check with a preprocessor conditional.
Previously the code had stipulation for using a per-TT_Size exec
context if `size->debug' was true. But there was no way that
`size->debug' could *ever* be true. As such, the code was always
using the singleton `TT_ExecContext' that was stored in `TT_Driver'.
This was, clearly, not threadsafe.
With this patch, loading glyphs from different faces from different
threads doesn't crash in the bytecode loader code.
* src/truetype/ttobjs.h (TT_SizeRec): Remove `debug' member.
(TT_DriverRec): Remove `context' member.
* src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Remove
`TT_ExecContext' code related to a global `TT_Driver' object.
(tt_driver_done): Don't remove `TT_ExecContext' object here but ...
(tt_size_done_bytecode): ... here.
(tt_driver_init): Don't create `TT_ExecContext' object here but ...
(tt_size_init_bytecode): ... here, only on demand.
* src/truetype/ttinterp.c (TT_Run_Context): Remove defunct debug
code.
(TT_New_Context): Remove `TT_ExecContext' code related to a global
`TT_Driver' object.
* src/truetype/ttinterp.h: Updated.
* src/truetype/ttgload.c (TT_Hint_Glyph, tt_loader_init): Updated.
The functions in this patch *do* return non-trivial errors that must
be taken care of.
* src/autofit/afloader.c (af_loader_load_g), src/base/ftobjs.c
(FT_Render_Glyph_Internal), src/base/ftoutln.c (FT_Outline_Render),
src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_endchar>,
src/psaux/psobjs.c (ps_parser_load_field_table), src/psaux/t1decode
(t1_decoder_parse_charstrings) <op_endchar>, src/truetype/ttgload.c
(load_truetype_glyph <subglyph loop>, tt_loader_init,
TT_Load_Glyph), src/truetype/ttgxvar.c (TT_Set_MM_Blend),
src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Do it.
Suggested by Doug Felt <dougfelt@gmail.com>.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_metrics): Set
`vertAdvance' to zero...
* src/truetype/ttgload.c (TT_Load_Glyph): ... and set here a default
value for `vertAdvance' based on `linearVertAdvance' in case
`vertAdvance' is zero. Note that the previous computed ad-hoc value
for `linearVertAdvance' was apparently not tested in a real-life
situation.
In case of an error in the `prep' table, no longer try to execute it
again and again. This makes FreeType handle endless loops in buggy
fonts much faster.
* src/truetype/ttobjs.h (TT_SizeRec): The fields `bytecode_ready'
and `cvt_ready' are now negative if not initialized yet, otherwise
they indicate the error code of the last run.
* src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep,
tt_size_done_bytecode, tt_size_init_bytecode,
tt_size_ready_bytecode, tt_size_init, tt_size_done, tt_size_reset):
Updated.
* src/truetype/ttgload.c (tt_loader_init): Updated.
* src/truetype/ttinterp.c (TT_RunIns): Force reexecution of `fpgm'
and `prep' only if we are in the `glyf' table.
This patch unifies the subpixel and non-subpixel cases.
* src/truetype/ttinterp.h (TT_ExecContextRec): Remove
`grayscale_hinting'; all code should refer to `grayscale' instead.
Remove unused `native_hinting' member.
Rename `subpixel_hinting' member to `subpixel.
* src/truetype/ttgload.c (TT_LOADER_SET_PP): Updated.
(tt_loader_init): Updated.
* src/truetype/ttinterp.c (Ins_GETINFO): Simplify.
Updated.
Problem reported by Nigel Tao <nigeltao@golang.org>.
* src/truetype/ttgload.c (TT_Hint_Glyph): Remove code that shifts
the glyph (component) by a fractional value computed from the LSB
phantom point. This is wrong, since the horizontal phantom points
get rounded horizontally later on.
Greg Hitchcock provided very interesting insights into the
complicated history of the horizontal positions of the TSB and BSB
phantom points.
* src/truetype/ttgload.c (TT_LOADER_SET_PP)
[TT_CONFIG_OPTION_SUBPIXEL_HINTING]: Use `subpixel_hinting' and
`grayscale_hinting' flags as conditionals for the x position of TSB
and BSB.
This is a further improvement to the changes from 2013-11-06.
* src/truetype/ttgload.c (TT_Hint_Glyph): Horizontal phantom points
are rounded horizontally, vertical ones are rounded vertically.
(TT_LOADER_SET_PP): The horizontal position of vertical phantom
points in pre-ClearType mode is zero, as shown in the OpenType
specification.
Problem reported by Akira Kakuto <kakuto@fuk.kindai.ac.jp>.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Protect call to
`Update_Max' with both a TT_USE_BYTECODE_INTERPRETER guard and a
`IS_HINTED' clause.
Also remove redundant check using `maxSizeOfInstructions' – in
simple glyphs, the bytecode data comes before the outline data, and
a validity test for this is already present.
Problem reported by Hin-Tak Leung <htl10@users.sourceforge.net>; see
http://lists.nongnu.org/archive/html/freetype-devel/2013-08/msg00005.html
for details.
* src/base/ftobjs.c (FT_Load_Glyph): Check size of `fpgm' and `prep'
tables also for setting `autohint'.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Use code from
`TT_Process_Composite_Glyph' for handling unreliable values of
`maxSizeOfInstructions'.
Problem reported by Nigel Tao <nigeltao@golang.org>.
This is a follow-up commit to the previous one.
* src/truetype/ttgload.c (load_truetype_glyph): Call
`tt_get_metrics' after loading the glyph header.
This commit also improves the start values of vertical phantom
points. Kudos to Greg Hitchcock for help.
* src/truetype/ttgload.c (TT_Get_VMetrics): Add parameter to pass
`yMax' value. Replace code with fixed Microsoft definition.
(tt_get_metrics): Updated.
(TT_LOADER_SET_PP): Add explanation how to initialize phantom
points, taken from both the OpenType specification and private
communication with Greg (which will eventually be added to the
standard).
Fix horizontal position of `pp3' and `pp4'.
* src/truetype/ttgload.h: Updated.
* src/truetype/ttdriver.c (tt_get_advances): Updated.
* docs/CHANGES: Updated.
Previously, the loading of a glyph was traced at level 4, if at all.
With this change, all font loading routines emit a tracing message
at level 1, making it easier to select tracing output (for example
using F2_DEBUG="any:1 afhints:7 aflatin:7").
* src/bdf/bdfdrivr.c (BDF_Glyph_Load): Add tracing message.
* src/cff/cffdrivr.c (cff_glyph_load): Ditto.
* src/cff/cffgload.c (cff_decoder_prepare): Improve tracing
messages.
* src/cid/cidgload.c (cid_load_glyph): Use level 1 for tracing
message.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Ditto.
* src/pfr/pfrobjs.c (pfr_slot_load): Add tracing message.
* src/truetype/ttgload.c (TT_Load_Glyph): Ditto.
* src/type1/t1gload.c (T1_Load_Glyph): Ditto.
* src/type42/t42objs.c (T42_GlyphSlot_Load): Ditto.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto.
Werner Lemberg