* src/base/ftcalc.c (FT_Matrix_Check): New base function to properly
reject degenerate font matrices.
* include/freetype/internal/ftcalc.h: Updated.
* src/cff/cffparse.c (cff_parse_font_matrix), src/cid/cidload.c
(cid_parse_font_matrix), src/type1/t1load.c (t1_parse_font_matrix),
src/type42/t42parse.c (t42_parse_font_matrix): Use
`FT_Matrix_Check'.
This monster commit was created by applying Nikhil's scripts
`docconverter.py' and `markify.py' to all C header and source files,
followed up by minor manual clean-up.
No change in functionality, of course.
I used commit f7419907bc6044b9b7057f9789866426c804ba82 from
https://github.com/nikramakrishnan/freetype-docs.git.
While clang's sanitizer recommends a cast to unsigned for safe
negation (to handle -INT_MIN), both MSVC and Visualc emit warning
C4146 if an unsigned value gets negated.
* include/freetype/internal/ftcalc.h (NEG_LONG, NEG_INT32),
src/base/ftcalc.c (FT_MOVE_SIGN): Replace negation with a
subtraction.
This commit (mainly for 32bit CPUs) is the first of a series of
similar commits to handle known integer overflows. Basically, all
of them are harmless, since they affect rendering of glyphs only,
not posing security threats. It is expected that fuzzying will show
up more overflows, to be fixed in due course.
The idea is to mark places where overflows can occur, using macros
that simply cast to unsigned integers, because overflow arithmetic
is well defined in this case. Doing so suppresses run-time errors
of sanitizers without adding computational overhead.
* include/freetype/internal/ftcalc.h (OVERFLOW_ADD_INT,
OVERFLOW_SUB_INT, OVERFLOW_MUL_INT, OVERFLOW_ADD_LONG,
OVERFLOW_SUB_LONG, OVERFLOW_MUL_LONG): New macros.
* src/base/ftcalc.c (FT_RoundFix, FT_CeilFix, FT_Matrix_Multiply,
FT_Matrix_Multiply_Scaled, FT_Vector_Transform_Scaled,
ft_corner_orientation): Use new macros.
* src/base/ftoutln.c (FT_Outline_Get_Orientation): Use new macros.
* src/base/ftcalc.c (FT_MOVE_SIGN): Add argument to pass unsigned
value, to be used as the result.
(FT_MulDiv, FT_MulDiv_No_Round, FT_DivFix, FT_MulFix,
FT_Vector_NormLen): Updated.
Remove casting from `FT_Long' to `FT_Int' that might change the sign
of the return value and make it faster too.
* src/base/ftcalc.c (ft_corner_orientation): On 32-bit systems, stay
with 32-bit arithmetic when safe. Use plain math on 64-bit systems.
* src/pshinter/pshalgo.c: Remove old unused code.
The function uses Newton's iterations instead of dividing vector
components by its length, which needs a square root. This is,
literally, a bit less accurate but a lot faster.
* src/base/ftcalc.c (FT_Vector_NormLen): New function.
This makes the code more readable and reduces compiler warnings.
* src/base/ftcalc.c (FT_MulDiv, FT_MulDiv_No_Round, FT_MulFix,
FT_DivFix): Convert input parameters to unsigned, do the
computation, then convert the result back to signed.
(ft_corner_orientation): Fix casts.
* include/internal/ftcalc.h (FT_HYPOT): Macro to approximate Euclidean
distance with the alpha max plus beta min algorithm.
* src/base/ftcalc.c (ft_corner_is_flat): Use it instead of Taxicab metric.
We shift as many bits as we can into the high register, perform
32-bit division with modulo there, then work through the remaining
bits with long division. This optimization is especially noticeable
for smaller dividends that barely use the high register.
* src/base/ftcalc.c (ft_div64by32): Updated.
This applies to `FT_MulDiv' but not to `FT_DivFix', where overflows or
lack thereof are predicted accurately.
* src/base/ftcalc.c (ft_div64by32): Improve readability.
(FT_MulDiv, FT_MulDiv_No_Round) [!FT_LONG64]: Use straight division
when multiplication stayed within 32 bits.
This fixes a 13-year old bug. The original overflow check should have
been updated when rounding was introduced into this function
(c2cd00443b).
* src/base/ftcalc.c (FT_DivFix) [!FT_LONG64]: Updated.
* include/freetype.h (FT_DivFix): Updated documentation.
* include/freetype.h (FT_MulFix): Unconditionally defined.
* src/base/ftcalc.c [FT_MULFIX_ASSEMBLER]: Move code from here...
* include/internal/ftcalc.h [FT_MULFIX_ASSEMBLER]: ... to here,
which conditionally replaces the function with an inline version
through the macro.