642bc7590c introduced dynamically
allocated memory when parsing CFF files with the "old" engine. Bounds
checks have never been updated, however, leading to pointless
comparisons of pointers in some cases. This commit presents a
solution for bounds checks in the CFF module with an extended logic
for the "old" engine while staying as concise as possible for the
"new" one.
* src/cff/cffparse.h: Introduce the struct `CFF_T2_StringRec' and
the additional field `t2_strings' within `CFF_ParserRec'.
* src/cff/cffparse.c (cff_parser_within_limits): Move all boundary
checks into this new function and update the rest of `cffparse.c' to
use it.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12137
* src/autofit/afblue.dat: Use U+200D (ZERO-WIDTH JOINER) characters
to get medial forms for some Mongolian characters.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
As a de-facto standard, layouts using this script are constructed
horizontally line by line, then the lines are rotated clockwise for
vertical display.
* src/autofit/afblue.dat: Add blue zone data for Mongolian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Mongolian standard characters.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Mongolian
data.
==========================
Tag sources with `VER-2-10-0'.
* docs/VERSION.TXT: Add entry for version 2.10.0.
* docs/CHANGES: Updated.
* README, Jamfile (RefDoc), src/base/ftver.rc,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.9.1/2.10.0/, s/291/2100/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 10.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 23:0:17.
* CMakeLists.txt (VERSION_MINOR): Set to 10.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (version, winversion): Since the minor version
number has two digits now, never omit the patch number. We would
get ambiguous zip file names otherwise.
(dist): Remove remnants of `docmaker' tool.
(do-dist): Remove unused intermediate files.
* src/cff/cffparse.c (destrict_c2s_item): Guard function with
CFF_CONFIG_OPTION_OLD_ENGINE macro.
This change should allow Freetype to work on WASM/Emscripten without
needing `-s EMULATE_FUNCTION_POINTER_CASTS=1'.
* src/autofit/afdummy.c (af_dummy_hints_apply): Fix signature.
* src/cid/cidload.c (cid_parse_font_matrix, parse_fd_array,
parse_expansion_factor, parse_font_name): Return `void', not
`FT_Error'.
* include/freetype/internal/ftobjs.h (FT_CMap_CharVarIsDefaultFunc):
Fix signature.
* src/psaux/psintrp.c (cf2_interpT2CharString): The call to
`cf2_arrstack_setCount' may fail because the allocator ran out of
memory. When this happens the stack is still written to before the
error condition is checked. This means that FreeType writes outside
of allocated memory. This commit moves the error check prior to the
stack assignment, hence the function now properly returns with an
error condition.
Instead of setting typo or win metrics as the new FT_Face metrics
indiscriminately, apply only typo deltas to the currently active FT_Face
metrics. This prevents line height differences when e.g. the default
outlines were used as the regular face and instances for everything else.
* src/truetype/ttgxvar.c (tt_apply_mvar): Implement.
If the OS/2 table exists and fsSelection bit 7 (USE_TYPO_METRICS) is set,
use the sTypo* set of values to compute the FT_Face's ascender, descender
and height. Otherwise, fall back to old behavior.
* src/sfnt/sfobjs.c (sfnt_load_face): Implement.
All of the Type 1 path building is done with code common to the
revised CFF engine, with the exception of closepath, which was still
calling ps_builder_close_contour(), thus previously cached segments
were not always written to the path, and glyph corruption, or even
invalid outlines were possible.
* src/psauc/psinterp.c (cf2_interpT2CharString) <cf2_cmdCLOSEPATH>:
Switch to calling `cf2_glyphpath_closeOpenPath'.
For multiple master fonts, common usage (in Postscript) is to modify
the WeightVector of an existing font instance, this addition
supports that use.
* include/freetype/ftmm.h, src/base/ftmm.c (FT_Set_MM_WeightVector,
FT_Get_MM_WeightVector): New API functions.
* include/freetype/internalservices/svmm.h
(FT_Set_MM_WeightVector_Func, FT_Get_MM_WeightVector_Func): New
function types.
(MultiMasters): Add `set_mm_weightvector' and `get_mm_weightvector'
members.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
* src/cffcffdrivr.c (cff_set_mm_weightvector,
cff_get_mm_weightvector): New functions.
(cff_service_multi_masters): Register them.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
This driver doesn't use the new interface.
* src/type1/t1load.c (T1_Set_MM_WeightVector,
T1_Get_MM_WeightVector): New functions.
* src/type1/t1driver.c (t1_service_multi_masters): Register them.
* src/type1/t1load.h: Updated.
It's been more than 2^31 seconds since 1904.
* include/freetype/tttables.h (TT_Header): Change field types.
* src/sfnt/ttload.c (tt_face_load_generic_header): Updated.
This is a follow-up to the previous commit.
* src/cff/cffobjs.c (cff_face_init), src/sfnt/sfobjs.c
(sfnt_load_face), src/type1/t1objs.c (T1_Face_Init),
src/type42/t42objs.c (T42_Face_Init): Implement it.
* include/freetype/ftsystem.h: Include FT_TYPES_H.
(*FT_Alloc_Func, *FT_Realloc_Func): Use size_t for the size arguments.
* src/raster/ftmisc.h: Ditto.
* builds/amiga/src/base/ftsystem.c, builds/unix/ftsystem.c,
* builds/vms/ftsystem.c, src/base/ftsystem.c (ft_alloc, ft_realloc):
Use size_t for the size arguments.
* src/base/ftdbgmem.c (ft_mem_debug_alloc, ft_mem_debug_realloc): Use
FT_Offset, aka size_t, for the size arguments.
Before this commit we had code like
(FT_Bool)( globals->glyph_styles[gindex] & 0x8000)
Since `FT_Bool' is defined to be an `unsigned char', the code
evaluated to something like
(unsigned char)( 0x8532 & 0x8000)
which in turn expanded to
(unsigned char)( 0x8000)
and finally yielded 0x00 – i.e., false – not as expected.
Problem reported and analyzed by Tony Smith <tony.smith@macro4.com>.
* include/freetype/fttypes.h (FT_BOOL): Add a comparison against
zero so that we always have a Boolean expression.
*/*: Replace castings to `FT_Bool' with calls to `FT_BOOL' where
possible.
This makes FT_Get_Char_Index and FT_Get_Next_Char 4-5 times faster.
* src/bdf/bdfdrivr.c (bdf_cmap_char_{index,next}): Help binary search
with continuous prediction.
For bitmap fonts, `FT_Load_Glyph' should either return an error or
not set the format to `FT_GLYPH_FORMAT_OUTLINE'. However, in this
case `FT_Load_Glyph' calls into the auto-hinter which calls back
into `FT_Load_Glyph' with `FT_LOAD_NO_SCALE' in the flags, which
marks the glyph as `FT_GLYPH_FORMAT_OUTLINE' with an empty path
(even though it doesn't have any path). It appears that the
auto-hinter should not be called when the face doesn't have
outlines. The current test for using the auto-hinter in
`FT_Load_Glyph' checks if the driver supports scalable outlines, but
not if the face supports scalable outlines.
* src/base/ftobjs.c (FT_Load_Glyph): Directly check whether we have
scalable outlines.
PCF comes with charmap lookup table, aka PCF encodings. Using it
directly makes FT_Get_Char_Index and FT_Get_Next_Char 4-5 times
faster than the original BDF-like binary searches.
* src/pcf/pcf.h (PCF_EncodingRec): Removed.
(PCF_FaceRec): Remove `nencodings' and `encodings'.
* src/pcf/pcfdrivr.c (pcf_cmap_char_{index,next}): Replaced.
* src/pcf/pcfread.c (pcf_get_encodings): Store data differently.
* src/pcf/pcf.h (PCF_Face): Updated to include...
(PCF_EncRec): ... this new structure to store charmap geometry.
* src/pcf/pcfread.c (pcf_get_encodings): Store charmap geometry.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10317
* src/truetype/ttgxvar.c (ft_var_load_gvar): Properly exit memory
frame if we have invalid glyph variation data offsets.
(tt_face_vary_cvt): Protect against missing `tuplecoords' array.
Fix typo.
* src/sfnt/sfdriver (IS_WIN, IS_APPLE): Omit language ID checks.
(get_win_string, get_apple_string): Return NULL when the PostScript
font name characters is not according to specification.
(get_win_string): Make trace output work if the high byte if
non-zero.
(sfnt_get_var_ps_name, sfnt_get_ps_name): Previously we preferred
Win PS name (when there is also an Apple PS name); change this into
a fallback to Apple PS name in case the Win PS name is invalid.
These public API functions(!) were always undocumented and have
escaped all clean-up efforts until now.
* include/freetype/ftoutln.h (FT_Outline_New_Internal,
FT_Outline_Done_Internal): Removed.
* src/base/ftoutln.h (FT_Outline_New_Internal,
FT_Outline_Done_Internal): Merge into...
(FT_Outline_New, FT_Outline_Done): ... these functions.
* docs/README: Updated.
* include/freetype/internal/ftobjs.h (ft_glyphslot_preset_bitmap):
Change return type.
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Return the bitmap
size assessment.
* src/raster/ftrend1.c (ft_raster1_render): Use it to refuse the
rendering of enourmous or far-fetched outlines.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto.
* src/autofit/afhints.h (AF_PointRec) [FT_DEBUG_AUTOFIT]: New arrays
`before' and `after'.
* src/autofit/afhints.c (af_get_strong_edge_index): New auxiliary
function.
(af_glyph_hints_dump_points): Trace `before' and `after' edges.
(af_glyph_hints_align_strong_points) [FT_DEBUG_AUTOFIT]: Set
`before' and `after' information.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10080
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use modulo for loop count, as
documented in the specification.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10054
* src/truetype/ttgload.c (load_truetype_glyph): Don't use variable
`opened_frame' to trace whether a frame must be closed at the end of
function: This fails because `TT_Vary_Apply_Glyph_Deltas' (which
gets called for space glyphs) uses a frame by itself. Instead,
close the frame after loading the header, then use another frame for
the remaining part of the glyph later on.
Also avoid calling `tt_get_metrics' twice under some circumstances.
* include/freetype/internal/ftcalc.h (ADD_INT64, SUB_INT64,
MUL_INT64, DIV_INT64) [FT_LONG64]: New macros.
* src/base/ftcalc.c (ft_corner_orientation) [FT_LONG64]: Use
`SUB_INT64' and `MUL_INT64'.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10028
* src/truetype/ttgload.c (ON_CURVE_POINT, X_SHORT_VECTOR,
Y_SHORT_VECTOR, REPEAT_FLAG, X_POSITIVE, SAME_X, Y_POSITIVE, SAME_Y,
OVERLAP_SIMPLE): New macros.
(TT_Load_Simple_Glyph): Use new macros to make code more readable.
Remove useless adjustment of `outline->tags' elements.
There is no harm except some umbiguity in broken fonts with duplicate
encodings.
* src/bdf/bdflib.c (_bdf_parse_glyphs): Remove duplicate tracking.
(_bdf_parse_t): Remove large `have' bitfield.
* src/bdf/bdf.h (bdf_font_t): Remove `nmod', `umod', and `modified',
which were set but never used.
* src/bdf/bdflib.c (_bdf_parse_{glyphs,properties}, bdf_load_font):
Updated accordingly.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9864
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_random> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use top dict's
`random' field directly if parsing dictionaries.
It sometimes makes sense to suppress tracing informations, for
example, if it outputs identical messages again and again.
* include/freetype/internal/ftdebug.h: Make `ft_trace_levels' a
pointer.
(FT_Trace_Disable, FT_Trace_Enable): New declarations.
* src/base/ftdebug.c (ft_trace_levels): Rename to...
(ft_trace_levels_enabled): ... this.
(ft_trace_levels_disabled): New array.
(ft_trace_levels): New pointer.
(FT_Trace_Disable, FT_Trace_Enable): Implement.
(ft_debug_init): Updated.
* src/base/ftobjs.c (pixel_modes): Move this array to top level
from ...
(FT_Load_Glyph): ... here.
(FT_Render_Glyph_Internal): Use `width' x `height' in trace message.
Use `pixel_modes'.
Treat all size related properties as unsigned values.
* src/pcf/pcf.h (PCF_ParsePropertyRec): Use unsigned `name' and
`value'.
* src/pcf/pcfread.c (pcf_get_propeerties, pcf_load_font): Updated
parsing code and handling of AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE,
RESOLUTION_X and RESOLUTION_Y.
Unofficial specifications hesitate to use unsigned 32-bit integers.
Negative values caused a lot of trouble in the past and it is safer
and easier to treat some properties as unsigned.
* src/pcf/pcf.h (PCF_AccelRec): Use unsigned values for `fontAscent',
`fontDescent', and `maxOverlap'.
* src/pcf/pcfread.c (pcf_load_font, pcf_get_accel): Updated.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load, PCF_Size_Select,
PCF_Size_Request): Updated.
Armin Hasitzka