Use this for `base + offset' pointer calculations where `base' can
be NULL (triggering a sanitizer warning even if the resulting
pointer gets never dereferenced since it is undefined behaviour
in C).
Suggested by Ben Wagner.
Also reduce number of SFNT table lookups.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18065
* include/freetype/internal/wofftypes.h (WOFF2_InfoRec): Add fields
`glyf_table', `loca_table', and `head_table'.
* src/sfnt/sfwoff2.c (reconstruct_glyf): Update signature.
Use table pointers in `info' parameter.
(get_x_mins): Check `maxp_table'
Use table pointers in `info' parameter.
(reconstruct_font): Use and set table pointers in `info' parameter.
Fix check for `glyf' and `loca' tables.
Update call to `reconstruct_glyf'.
(woff2_open_font): Updated.
* include/freetype/internal/ftmemory.h (FT_MEM_FREE): Use
`FT_DEBUG_INNER' to set source code file name and line.
* src/base/ftdbgmem.c (ft_mem_table_remove): Better formatting of
tracing message.
Also fix memory deallocation in case of error.
`head' problem reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17820
* src/sfnt/sfwoff2.c (reconstruct_glyf): Don't use `stream_close'.
Abort if `head_table' is NULL.
Don't free `transformed_buf' in case of error.
(woff2_open_font): Don't set `uncompressed_buf' to NULL.
The libs which cmake controls are commented out at
include/freetype/config/ftoption.h
and cmake un-comment each enabled library, but the brotli option was
not commented out, therefore `FT_CONFIG_OPTION_USE_BROTLI' remained
defined even if brotli was missing/disabled/etc.
Comment it such that cmake can control it, which means leaving it
undefined if brotli is missing.
* include/freetype/config/ftoption.h: Fix typo.
Extract `version_info' variable from `builds/unix/configure.raw' and
use the data to correctly set `LIBRARY_VERSION' and
`LIBRARY_SOVERSION'.
Also use the data to set `ft_version' field in `freetype2.pc'.
Also fix the needed minimum version of HarfBuzz in `freetype2.pc'.
* src/sfnt/sfwoff2.c (woff2_open_font): Use `FT_UInt32' for
`file_offset'. This fixes builds on platforms where `FT_LONG64' is
not defined while still being sufficient to store a file offset.
If table tag is not 0x3f, we expect a value between 0 and 62. If
this is not the case, exit with errors.
* src/sfnt/sfwoff2/c: Check whether table tag makes sense.
* src/sfnt/woff2tags.c: Return 0 if tag is out of bounds.
`reconstruct_hmtx' requires `info->x_mins' and `info->num_glyphs' to
reconstruct the hmtx table. In case glyf is not transformed, we
call `get_x_mins' which does the necessary work.
* src/sfnt/sfwoff2.c (get_x_mins): New function.
(reconstruct_font): Call get_x_mins.
Set correct value of `face->num_faces' for WOFF2 fonts. This is
being handled separately because we only load the tables for the
requested font face in `woff2_open_font' and create a single-face
sfnt stream.
The full discussion is at:
https://lists.gnu.org/archive/html/freetype-devel/2019-08/msg00000.html
* src/sfnt/sfobjs.c (sfnt_open_font): Add parameter
`woff2_num_faces'.
(sfnt_init_face): Introduce variable `woff2_num_faces', and change
`face->root.num_faces' if `woff2_num_faces' is set.
* src/sfnt/sfwoff2.c (woff2_open_font): Validate requested face
index and handle negative face indices.
* src/sfnt/sfwoff2.h (woff2_open_font): Add parameter `num_faces' to
declaration.
We do this by using `totalSfntSize' as an initial reference, and
extending the buffer when required. This reduces rendering time
considerably.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add
`totalSfntSize', rename `total_sfnt_size' to `actual_sfnt_size'.
* src/sfnt/sfwoff2.c (write_buf): Add parameter `dst_size' to keep
track of and update total size of stream.
(WRITE_SFNT_BUF, WRITE_SFNT_BUF_AT): Modify macros accordingly.
(pad4, store_loca, reconstruct_glyf, reconstruct_hmtx,
reconstruct_font): Update parameters to accept `sfnt_size'.
(woff2_open_font): Add variable `sfnt_size'. Use WOFF2 header field
`totalSfntSize' as initial reference (if value makes sense) and
allocate `totalSfntSize' bytes for the sfnt stream. `write_buf'
handles reallocation if and when required. Also resize the stream
to `actual_sfnt_size' after reconstruction.
Add necessary functions to reconstruct loca and hmtx tables (the two
remaining tables that can have a transform). `woff2_open_font' is
now capable of loading a woff2 font face. This code may still need
more refining and better memory management.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add total
(final) size of sfnt stream.
(WOFF2_InfoRec): Add header checksum value.
* src/sfnt/sfobjs.c (sfnt_open_font): Change `face_instance_index'
parameter to its pointer so its value can be modified by
`woff2_open_font'.
* src/sfnt/sfwoff2.c: (WRITE_SFNT_BUF_AT): New macro to write into
sfnt buffer at given position.
(write_buf): Add parameter `extend_buf' which allows caller to
specify whether buffer should be reallocated before copying data.
(WRITE_SFNT_BUF): Updated.
(pad4, store_loca, reconstruct_htmx): New functions.
(reconstruct_glyf): Calculate loca values and store them.
(reconstruct_font): Call `reconstruct_hmtx', write table record
entries, and calculate table checksums. Also calculate font
checksum and update `checksumAdjustment' entry in head table.
(woff2_open_font): Open stream for sfnt buffer, swap out input
stream and return.
* src/sfnt/sfwoff2.h (woff2_open_font): Modify parameter to accept
pointer to `face_index'.
Reconstruct `glyf' table if it is transformed in the uncompressed
table stream. Also add necessary structures, macros and functions.
* include/freetype/internal/wofftypes.h (WOFF2_InfoRec,
WOFF2_SubstreamRec, WOFF2_PointRec): New structures.
(WOFF2_TableRec): s/OrigLength/dst_length/.
* src/sfnt/sfwoff2.c (READ_255USHORT, READ_BASE128): Use
`FT_SET_ERROR' to set implicit `error' variable.
(WRITE_SHORT): New macro.
(N_CONTOUR_STREAM, N_POINTS_STREAM, FLAG_STREAM, GLYPH_STREAM,
COMPOSITE_STREAM, BBOX_STREAM, INSTRUCTION_STREAM): New macros to
refer to substreams of the transformed `glyf' tables.
(Read255UShort, ReadBase128): Return errors set by `FT_READ_XXX'
macros.
(with_sign, safe_int_addition): New functions to add sign to values
based on a flag and perform safe addition respectively.
(triplet_decode): Decode variable-length (flag, xCoordinate,
yCoordinate) triplet for a simple glyph. See
https://www.w3.org/TR/WOFF2/#triplet_decoding
(store_points, compute_bbox, composteGlyph_size, reconstruct_glyf):
New functions.
(reconstruct_font): Call `reconstruct_glyf'.
* src/sfnt/sfwoff2.h: Add required constants.
* src/sfnt/woff2tags.h: Move out constants to `sfwoff2.h'.
Copy un-transformed tables to the sfnt stream.
* src/sfnt/sfwoff2.c: (WRITE_SFNT_BUF): New macro.
(write_buf): New function. Extend memory of `dst' buffer and copy
bytes from `src'.
(compute_ULong_sum): New function. Calculate checksum of table.
(reconstruct_font): Change `FT_Byte* sfnt' to `FT_Byte**
sfnt_bytes'. This has been done because we reallocate memory to
`sfnt' multiple times, which may change the pointer value of `sfnt'.
This new pointer must be propogated back to the caller. Same reason
for using a double pointer in `write_buf'.
* src/sfnt/woff2tags.h (WOFF2_DEFAULT_MAX_SIZE): New macro used for
overflow checking.
Uncompressed buffer is now an `FT_Stream'.
Perform basic checks and start iterating over tables.
* src/sfnt/sfwoff2.c (stream_close, find_table, read_num_hmetrics):
New functions.
(reconstruct_font): Modify parameters and iterate over tables.
(woff2_open_font): Updated.
We `handle' TTCs by modifying the `indices' array to point to only
those tables that are part of the requested `face_index'.
Set and use `num_tables' in `WOFF2_TtcFont'.
* src/sfnt/sfwoff2.c (reconstruct_font): New function.
(woff2_open_font): Start reconstruction of font.
Change `KnownTags' to a function (`woff2_known_tags'). This avoids
introducing a global constant array. This function returns the
specified index without *any* checks. The caller must ensure that
`index' is within array limits.
* src/sfnt/sfwoff2.c (woff2_open_font): Change `KnownTags[...]'
notation to `woff2_known_tags( ... )'.
* src/sfnt/woff2tags.c: Perform changes.
* src/sfnt/woff2tags.h: Update definitions.
WOFF2 compressed stream is now uncompressed if Brotli is available.
This data is stored in a separate buffer (uncompressed_buf) because
it does not contain direct table data. Certain tables have
transformations applied to them, and they must be reconstructed
before we can write those tables to the SFNT stream.
`face_index' is now being passed as a parameter to
`woff2_open_font'.
* src/sfnt/sfobjs.c (sfnt_open_font): Add parameter
`face_instance_index'.
* src/sfnt/sfwoff2.c (woff2_uncompress): New function.
(woff2_open_font): Call `woff2_uncompress'.
(compute_first_table_offset): Fix return type.
* src/sfnt/sfwoff2.h (woff2_open_font): Modify declaration.