642bc7590c introduced dynamically
allocated memory when parsing CFF files with the "old" engine. Bounds
checks have never been updated, however, leading to pointless
comparisons of pointers in some cases. This commit presents a
solution for bounds checks in the CFF module with an extended logic
for the "old" engine while staying as concise as possible for the
"new" one.
* src/cff/cffparse.h: Introduce the struct `CFF_T2_StringRec' and
the additional field `t2_strings' within `CFF_ParserRec'.
* src/cff/cffparse.c (cff_parser_within_limits): Move all boundary
checks into this new function and update the rest of `cffparse.c' to
use it.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12137
* src/autofit/afblue.dat: Use U+200D (ZERO-WIDTH JOINER) characters
to get medial forms for some Mongolian characters.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
As a de-facto standard, layouts using this script are constructed
horizontally line by line, then the lines are rotated clockwise for
vertical display.
* src/autofit/afblue.dat: Add blue zone data for Mongolian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Mongolian standard characters.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Mongolian
data.
==========================
Tag sources with `VER-2-10-0'.
* docs/VERSION.TXT: Add entry for version 2.10.0.
* docs/CHANGES: Updated.
* README, Jamfile (RefDoc), src/base/ftver.rc,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.9.1/2.10.0/, s/291/2100/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 10.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 23:0:17.
* CMakeLists.txt (VERSION_MINOR): Set to 10.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (version, winversion): Since the minor version
number has two digits now, never omit the patch number. We would
get ambiguous zip file names otherwise.
(dist): Remove remnants of `docmaker' tool.
(do-dist): Remove unused intermediate files.
* src/cff/cffparse.c (destrict_c2s_item): Guard function with
CFF_CONFIG_OPTION_OLD_ENGINE macro.
This change should allow Freetype to work on WASM/Emscripten without
needing `-s EMULATE_FUNCTION_POINTER_CASTS=1'.
* src/autofit/afdummy.c (af_dummy_hints_apply): Fix signature.
* src/cid/cidload.c (cid_parse_font_matrix, parse_fd_array,
parse_expansion_factor, parse_font_name): Return `void', not
`FT_Error'.
* include/freetype/internal/ftobjs.h (FT_CMap_CharVarIsDefaultFunc):
Fix signature.
* src/psaux/psintrp.c (cf2_interpT2CharString): The call to
`cf2_arrstack_setCount' may fail because the allocator ran out of
memory. When this happens the stack is still written to before the
error condition is checked. This means that FreeType writes outside
of allocated memory. This commit moves the error check prior to the
stack assignment, hence the function now properly returns with an
error condition.
Instead of setting typo or win metrics as the new FT_Face metrics
indiscriminately, apply only typo deltas to the currently active FT_Face
metrics. This prevents line height differences when e.g. the default
outlines were used as the regular face and instances for everything else.
* src/truetype/ttgxvar.c (tt_apply_mvar): Implement.
If the OS/2 table exists and fsSelection bit 7 (USE_TYPO_METRICS) is set,
use the sTypo* set of values to compute the FT_Face's ascender, descender
and height. Otherwise, fall back to old behavior.
* src/sfnt/sfobjs.c (sfnt_load_face): Implement.
All of the Type 1 path building is done with code common to the
revised CFF engine, with the exception of closepath, which was still
calling ps_builder_close_contour(), thus previously cached segments
were not always written to the path, and glyph corruption, or even
invalid outlines were possible.
* src/psauc/psinterp.c (cf2_interpT2CharString) <cf2_cmdCLOSEPATH>:
Switch to calling `cf2_glyphpath_closeOpenPath'.
For multiple master fonts, common usage (in Postscript) is to modify
the WeightVector of an existing font instance, this addition
supports that use.
* include/freetype/ftmm.h, src/base/ftmm.c (FT_Set_MM_WeightVector,
FT_Get_MM_WeightVector): New API functions.
* include/freetype/internalservices/svmm.h
(FT_Set_MM_WeightVector_Func, FT_Get_MM_WeightVector_Func): New
function types.
(MultiMasters): Add `set_mm_weightvector' and `get_mm_weightvector'
members.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
* src/cffcffdrivr.c (cff_set_mm_weightvector,
cff_get_mm_weightvector): New functions.
(cff_service_multi_masters): Register them.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
This driver doesn't use the new interface.
* src/type1/t1load.c (T1_Set_MM_WeightVector,
T1_Get_MM_WeightVector): New functions.
* src/type1/t1driver.c (t1_service_multi_masters): Register them.
* src/type1/t1load.h: Updated.
The solution and project files should be automatically upgraded for
the approriate Visual C++ version.
* builds/windows/visualc/freetype.{sln,vcproj}: Major upgrades.
* builds/windows/visualc/index.html: Document the change.
* builds/windows/vc2005, builds/windows/vc2008: Removed as redundant.
It's been more than 2^31 seconds since 1904.
* include/freetype/tttables.h (TT_Header): Change field types.
* src/sfnt/ttload.c (tt_face_load_generic_header): Updated.
This is a follow-up to the previous commit.
* src/cff/cffobjs.c (cff_face_init), src/sfnt/sfobjs.c
(sfnt_load_face), src/type1/t1objs.c (T1_Face_Init),
src/type42/t42objs.c (T42_Face_Init): Implement it.
* include/freetype/ftsystem.h: Include FT_TYPES_H.
(*FT_Alloc_Func, *FT_Realloc_Func): Use size_t for the size arguments.
* src/raster/ftmisc.h: Ditto.
* builds/amiga/src/base/ftsystem.c, builds/unix/ftsystem.c,
* builds/vms/ftsystem.c, src/base/ftsystem.c (ft_alloc, ft_realloc):
Use size_t for the size arguments.
* src/base/ftdbgmem.c (ft_mem_debug_alloc, ft_mem_debug_realloc): Use
FT_Offset, aka size_t, for the size arguments.
Before this commit we had code like
(FT_Bool)( globals->glyph_styles[gindex] & 0x8000)
Since `FT_Bool' is defined to be an `unsigned char', the code
evaluated to something like
(unsigned char)( 0x8532 & 0x8000)
which in turn expanded to
(unsigned char)( 0x8000)
and finally yielded 0x00 – i.e., false – not as expected.
Problem reported and analyzed by Tony Smith <tony.smith@macro4.com>.
* include/freetype/fttypes.h (FT_BOOL): Add a comparison against
zero so that we always have a Boolean expression.
*/*: Replace castings to `FT_Bool' with calls to `FT_BOOL' where
possible.
This makes FT_Get_Char_Index and FT_Get_Next_Char 4-5 times faster.
* src/bdf/bdfdrivr.c (bdf_cmap_char_{index,next}): Help binary search
with continuous prediction.
For bitmap fonts, `FT_Load_Glyph' should either return an error or
not set the format to `FT_GLYPH_FORMAT_OUTLINE'. However, in this
case `FT_Load_Glyph' calls into the auto-hinter which calls back
into `FT_Load_Glyph' with `FT_LOAD_NO_SCALE' in the flags, which
marks the glyph as `FT_GLYPH_FORMAT_OUTLINE' with an empty path
(even though it doesn't have any path). It appears that the
auto-hinter should not be called when the face doesn't have
outlines. The current test for using the auto-hinter in
`FT_Load_Glyph' checks if the driver supports scalable outlines, but
not if the face supports scalable outlines.
* src/base/ftobjs.c (FT_Load_Glyph): Directly check whether we have
scalable outlines.
PCF comes with charmap lookup table, aka PCF encodings. Using it
directly makes FT_Get_Char_Index and FT_Get_Next_Char 4-5 times
faster than the original BDF-like binary searches.
* src/pcf/pcf.h (PCF_EncodingRec): Removed.
(PCF_FaceRec): Remove `nencodings' and `encodings'.
* src/pcf/pcfdrivr.c (pcf_cmap_char_{index,next}): Replaced.
* src/pcf/pcfread.c (pcf_get_encodings): Store data differently.
* src/pcf/pcf.h (PCF_Face): Updated to include...
(PCF_EncRec): ... this new structure to store charmap geometry.
* src/pcf/pcfread.c (pcf_get_encodings): Store charmap geometry.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10317
* src/truetype/ttgxvar.c (ft_var_load_gvar): Properly exit memory
frame if we have invalid glyph variation data offsets.
(tt_face_vary_cvt): Protect against missing `tuplecoords' array.
Fix typo.
* src/sfnt/sfdriver (IS_WIN, IS_APPLE): Omit language ID checks.
(get_win_string, get_apple_string): Return NULL when the PostScript
font name characters is not according to specification.
(get_win_string): Make trace output work if the high byte if
non-zero.
(sfnt_get_var_ps_name, sfnt_get_ps_name): Previously we preferred
Win PS name (when there is also an Apple PS name); change this into
a fallback to Apple PS name in case the Win PS name is invalid.
These public API functions(!) were always undocumented and have
escaped all clean-up efforts until now.
* include/freetype/ftoutln.h (FT_Outline_New_Internal,
FT_Outline_Done_Internal): Removed.
* src/base/ftoutln.h (FT_Outline_New_Internal,
FT_Outline_Done_Internal): Merge into...
(FT_Outline_New, FT_Outline_Done): ... these functions.
* docs/README: Updated.
* include/freetype/fterrors.h (FT_INCLUDE_ERR_PROTOS,
FT_ERR_PROTOS_DEFINED): Undefine `FT_INCLUDE_ERR_PROTOS' after
checking it and introduce a new macro that takes proper care of
multiple-inclusion protection.
* include/freetype/internal/ftobjs.h (ft_glyphslot_preset_bitmap):
Change return type.
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Return the bitmap
size assessment.
* src/raster/ftrend1.c (ft_raster1_render): Use it to refuse the
rendering of enourmous or far-fetched outlines.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Ditto.
* src/autofit/afhints.h (AF_PointRec) [FT_DEBUG_AUTOFIT]: New arrays
`before' and `after'.
* src/autofit/afhints.c (af_get_strong_edge_index): New auxiliary
function.
(af_glyph_hints_dump_points): Trace `before' and `after' edges.
(af_glyph_hints_align_strong_points) [FT_DEBUG_AUTOFIT]: Set
`before' and `after' information.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10080
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use modulo for loop count, as
documented in the specification.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10054
* src/truetype/ttgload.c (load_truetype_glyph): Don't use variable
`opened_frame' to trace whether a frame must be closed at the end of
function: This fails because `TT_Vary_Apply_Glyph_Deltas' (which
gets called for space glyphs) uses a frame by itself. Instead,
close the frame after loading the header, then use another frame for
the remaining part of the glyph later on.
Also avoid calling `tt_get_metrics' twice under some circumstances.
* include/freetype/internal/ftcalc.h (ADD_INT64, SUB_INT64,
MUL_INT64, DIV_INT64) [FT_LONG64]: New macros.
* src/base/ftcalc.c (ft_corner_orientation) [FT_LONG64]: Use
`SUB_INT64' and `MUL_INT64'.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10028
* src/truetype/ttgload.c (ON_CURVE_POINT, X_SHORT_VECTOR,
Y_SHORT_VECTOR, REPEAT_FLAG, X_POSITIVE, SAME_X, Y_POSITIVE, SAME_Y,
OVERLAP_SIMPLE): New macros.
(TT_Load_Simple_Glyph): Use new macros to make code more readable.
Remove useless adjustment of `outline->tags' elements.
There is no harm except some umbiguity in broken fonts with duplicate
encodings.
* src/bdf/bdflib.c (_bdf_parse_glyphs): Remove duplicate tracking.
(_bdf_parse_t): Remove large `have' bitfield.
* src/bdf/bdf.h (bdf_font_t): Remove `nmod', `umod', and `modified',
which were set but never used.
* src/bdf/bdflib.c (_bdf_parse_{glyphs,properties}, bdf_load_font):
Updated accordingly.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9864
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_random> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use top dict's
`random' field directly if parsing dictionaries.
It sometimes makes sense to suppress tracing informations, for
example, if it outputs identical messages again and again.
* include/freetype/internal/ftdebug.h: Make `ft_trace_levels' a
pointer.
(FT_Trace_Disable, FT_Trace_Enable): New declarations.
* src/base/ftdebug.c (ft_trace_levels): Rename to...
(ft_trace_levels_enabled): ... this.
(ft_trace_levels_disabled): New array.
(ft_trace_levels): New pointer.
(FT_Trace_Disable, FT_Trace_Enable): Implement.
(ft_debug_init): Updated.
* src/base/ftobjs.c (pixel_modes): Move this array to top level
from ...
(FT_Load_Glyph): ... here.
(FT_Render_Glyph_Internal): Use `width' x `height' in trace message.
Use `pixel_modes'.
Treat all size related properties as unsigned values.
* src/pcf/pcf.h (PCF_ParsePropertyRec): Use unsigned `name' and
`value'.
* src/pcf/pcfread.c (pcf_get_propeerties, pcf_load_font): Updated
parsing code and handling of AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE,
RESOLUTION_X and RESOLUTION_Y.
Unofficial specifications hesitate to use unsigned 32-bit integers.
Negative values caused a lot of trouble in the past and it is safer
and easier to treat some properties as unsigned.
* src/pcf/pcf.h (PCF_AccelRec): Use unsigned values for `fontAscent',
`fontDescent', and `maxOverlap'.
* src/pcf/pcfread.c (pcf_load_font, pcf_get_accel): Updated.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load, PCF_Size_Select,
PCF_Size_Request): Updated.
* src/cid/cidload.c: Include FT_INTERNAL_POSTSCRIPT_AUX_H
(cid_load_keyword, cid_parse_font_matrix, parse_fd_array,
parse_expansion_factor, cid_parse_dict): Add tracing calls.
(parse_font_name): New function to trace `/FontName' keywords in
/FDArray dict.
(cid_field_records): Register `parse_font_name'.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Correctly set
`face->doblend' if the current call to the function yields the same
blend coordinates as the previous call.
* src/base/ftutil.c (ft_mem_alloc, ft_mem_realloc): Only call
`FT_MEM_ZERO' if we actually have a buffer.
(ft_mem_dup): Only call `ft_memcpy' if we actually have a buffer.
We no longer use predefined _DLL, which can be defined for static
builds too with /MD. We use DLL_EXPORT and DLL_IMPORT instead,
following libtool convention.
* CMakeLists.txt [WIN32], builds/windows/vc2010/freetype.vcxproj:
Define DLL_EXPORT manually.
* include/freetype/config/ftconfig.h, builds/unix/ftconfig.in,
builds/vms/ftconfig.h, builds/windows/vc2010/index.html,
src/base/ftver.rc: /_DLL/d, s/FT2_DLLIMPORT/DLL_IMPORT/.
For Multiple Masters fonts We don't support intermediate designs;
this implies that
number_of_designs == 2 ^^ number_of_axes
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9557
* src/type1/t1load.c (T1_Open_Face): Ensure above constraint.
(T1_Get_MM_Var): Remove now redundant test.
This code is taken from the type1 module.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9510
* src/cid/cidload.c (parse_fd_array): Set some private dict default
values.
(cid_face_open): Do the sanitizing.
Fix some tracing messages.
This change makes the driver use the `defaultChar' property of PCF
files.
* src/pcf/pcf.h (PCF_FaceRec): Change type of `defaultChar' to
unsigned.
* src/pcf/pcfread.c (pcf_get_encodings): Read `defaultChar' as
unsigned.
Validate `defaultChar'.
If `defaultChar' doesn't point to glyph index zero, swap glyphs with
index zero and index `defaultChar' and adjust the encodings
accordingly.
* src/pcf/pcfdrivr.c (pcf_cmap_char_index, pcf_cmap_char_next,
PCF_Glyph_Load): Undo change from 2002-06-16 which always enforced
the first character in the font to be the default character.
This is a valid encoding tag for BDF, PCF, and Windows FNT, and
there is no reason to disallow it for these formats.
* src/base/ftobjs.c (FT_Select_Charmap): Implement it.
Taken from patch #9667, written by Steve Langasek
<vorlon@debian.org>.
This fixes a build failure (most probably a bug in gcc) on ppc64el
when building with -O3.
It turned out that we incorrectly round CVT and glyph point deltas
before accumulation, leading to severe positioning errors if there
are many delta values to sum up.
Problem reported by Akiem Helmling <akiem@underware.nl> and analyzed
by Behdad.
* src/truetype/ttgxvar.c (ft_var_readpackeddelta): Return deltas in
16.16 format.
(tt_face_var_cvt): Collect deltas in `cvt_deltas', which is a 16.16
format array, and add the accumulated values to the CVT at the end
of the function.
(TT_Vary_Apply_Glyph_Deltas): Store data in `points_org' and
`points_out' in 16.16 format.
Collect deltas in `point_deltas_x' and `point_deltas_y', which are
16.16 format arrays, and add the accumulated values to the glyph
coordinates at the end of the function.
* src/base/ftcalc.c (FT_Matrix_Check): New base function to properly
reject degenerate font matrices.
* include/freetype/internal/ftcalc.h: Updated.
* src/cff/cffparse.c (cff_parse_font_matrix), src/cid/cidload.c
(cid_parse_font_matrix), src/type1/t1load.c (t1_parse_font_matrix),
src/type42/t42parse.c (t42_parse_font_matrix): Use
`FT_Matrix_Check'.
Reported by Alexei.
* src/sfnt/ttcolr.c (tt_face_get_colr_layer): Return immediately if
`colr' is NULL.
* src/sfnt/ttcpal.c (tt_face_palette_set): Return immediately, if
`cpal' is NULL.
This function facilitates access to full capabilities of FreeType
rendering engine for custom glyphs. This can be quite useful for
consistent rendering of mathematical and chemical formulas, e.g.
https://bugs.chromium.org/p/chromium/issues/detail?id=757078
* include/freetype/ftglyph.h, src/base/ftglyph.c (FT_New_Glyph): New
function.
bdflib.c:1562 could be reached with `font->glyphs_used == 0'. That
caused an underflow of the unsigned value which results in undefined
behaviour.
* src/bdf/bdflib.c (src/bdf/bdflib.c): Bail out earlier than before
if the `ENCODING' keyword cannot be found.