Commit Graph

7414 Commits

Author SHA1 Message Date
Alexei Podtelezhnikov 99a940f84a * include/freetype/freetype.h: Clarify `FT_Size` life cycle. 2022-01-20 15:06:09 +00:00
Alexei Podtelezhnikov 054782c48e [base] Undefined scale means no scale.
It might be surprising that FreeType does not have default ppem and
the size has to be set explicitly or face undefined behavior with
undefined variables and errors. This offers an alternative to
missing or zero scale by simply setting FT_LOAD_NO_SCALE.  Defined
behavior is bettr than undefined one.

This is alternative to !132 and discussed in
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43708

* src/base/ftobjs.c (FT_Load_Glyph): Deal with zero scale.
* include/freetype/freetype.h: Document it.
2022-01-19 22:14:06 -05:00
Alexei Podtelezhnikov 773e31c783 * src/autofit/afglobal.c (af_face_globals_new): Reduce zeroing.
Everything in AF_FaceGlobals is initialized except metrics.  Those
are zeroed here and initialized on demand later.
2022-01-18 14:05:46 -05:00
Alexei Podtelezhnikov d118bf8e35 [bdf,type1] Avoid unnecessary hash zeroing.
* src/bdf/bdflib.c (_bdf_parse_start): Use `FT_QALLOC`.
* src/type1/t1load.c (parse_subrs): Use `FT_QNEW`.
2022-01-15 23:09:53 -05:00
Ozkan Sezer 3f6497bdc5 Add Watcom C/C++ calling.
In the unlikely case the source is built with OpenWatcom's -ec?
switches to enforce a calling convention, the qsort() compare
function must still be set to __watcall.

* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Updated.
2022-01-15 22:44:28 -05:00
Ben Wagner 5e227133c1 [pshinter] Avoid accessing uninitialized zone.
The `normal_top.count` may be 0, implying no `normal_top.zones` exist.
The code must not access these (non-existent) `normal_top.zones`.

* src/pshinter/pshalgo.c (ps_hints_apply): Do not assume that
`normal_top.zones[0]` is initialized. Test `normal_top.count`
before using `normal_top.zones[0]`. Do not rescale if there are no
`zones`.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43675
2022-01-15 17:21:39 -05:00
Alexei Podtelezhnikov edd4fedc54 [cache] Avoid unnecessary zeroing.
* src/cache/ftccmap.c (ftc_cmap_node_new): Use `FT_QNEW`.
* src/cache/ftcimage.c (FTC_INode_New): Ditto.
* src/cache/ftcsbits.c (FTC_SNode_New): Ditto.
2022-01-14 22:53:57 -05:00
Ozkan Sezer 11ea89b51c Add Watcom C/C++ support.
* include/freetype/config/integer-types.h: Make sure `long long` is
used then available.
* include/freetype/internal/ftcalc.h (FT_MSB): Add Watcom C/C++ pragma.
2022-01-14 22:07:44 -05:00
Alexei Podtelezhnikov ba5d661f34 * src/sdf/ftbsdf.c (ED): s/near/prox/.
This works around the Watcom C definition of `near` as restricted
__near.
2022-01-14 21:54:17 -05:00
Alexei Podtelezhnikov 7f7bf6f0f0 * include/freetype/internal/compiler-macros.h [FT_COMPARE_DEF]: Tighten.
This works around Watcom C library using __watcall.
2022-01-14 20:33:28 -05:00
Alexei Podtelezhnikov 7eb9a9dbbe * src/pshinter/pshglob.c (psh_globals_new): Avoid zeroing.
This large allocation is followed by careful initialization. Whatever
is missed should be initialized manually.
2022-01-14 14:40:11 -05:00
Alexei Podtelezhnikov 81b81feb62 * src/base/fthash.c (hash_insert): Avoid unnecessary zeroing. 2022-01-14 18:22:23 +00:00
Alexei Podtelezhnikov 904ad21266 * src/bdf/bdflib.c (_bdf_parse_glyphs): Remove redundant assignment. 2022-01-13 23:38:56 -05:00
Alexei Podtelezhnikov ee52b57121 * src/lzw/ftlzw.c (FT_Stream_OpenLZW): Avoid unnecessary zeroing. 2022-01-13 09:45:48 -05:00
Ben Wagner 6ee8951956 [bzip2] Reset bzip stream on any error.
According to the bzip documentation it is undefined what will happen if
`BZ2_bzDecompress` is called on a `bz_stream` it has previously returned an
error against.  If `BZ2_bzDecompress` returns anything other than `BZ_OK`
the only valid next action is `BZ2_bzDecompressEnd`.

Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43564

* src/bzip2/ftbzip2.c (FT_BZip2FileRec_): Add `reset` to track the need to
reset the stream.
(ft_bzip2_file_init): Initialize `reset` to 0.
(ft_bzip2_file_reset): Set `reset` to 0 after resetting.
(ft_bzip2_file_fill_output): Set `reset` to 1 when `BZ2_bzDecompress`
returns anything other than `BZ_OK`.
2022-01-13 08:21:36 +01:00
Werner Lemberg b647dbdeb8 .gitlab-ci.yml: Minor comment cleanups. 2022-01-12 06:22:15 +01:00
Azamat H. Hackimov ca44a236a0 .gitlab-ci.yml: Add steps to `before_script` to ensure recent CA.
Fetch current list of valid CAs from Windows Update and manually import them
to trusted datastore.  This action is required to make downloads work from
sites that need recent Let's Encrypt ISRG Root X1 certificate.
2022-01-12 06:22:15 +01:00
Ben Wagner f1d3b9f10a Revert "[bzip2] Avoid use of uninitialized memory."
This reverts commit d276bcb7f0.

The original commit did avoid the use of uninitialized memory. However,
it appears that the original commit is no longer required. The
underlying issue was resolved by a change in freetype2-testing "Build
bzip2 correctly." [0]. Prior to [0] bzip2 was built without msan, so
bzip2 writes were not tracked or considered initialized. Clearing
`buffer` in the original commit allowed msan to see the `buffer` content
initialized once in FreeType code, but msan saw no writes into buffer
from bzip2.  With bzip2 now built with msan, the bzip2 writes are
properly instrumented and msan sees the bzip2 writes into the buffer. As
a result the original commit can be safely reverted to allow for better
detection of other uninitialized data scenarios.

* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Revert to using `FT_QNEW`.

[0] 3c052a837a
2022-01-11 17:15:35 -05:00
Ben Wagner e838c37c2c [type42] Track how much type42 ttf data is available.
Currently `T42_Open_Face` eagerly allocates 12 bytes for the ttf header
data which it expects `t42_parse_sfnts` to fill out from /sfnts data.
However, there is no guarantee that `t42_parse_sfnts` will actually be
called while parsing the type42 data as the /sfnts array may be missing
or very short. This is also confusing behavior as it means
`T42_Open_Face` is tightly coupled to the implementation of the very
distant `t42_parse_sfnts` code which requires at least 12 bytes to
already be reserved in `face->ttf_data`.

`t42_parse_sfnts` itself eagerly updates `face->ttf_size` to track how
much space is reserved for ttf data instead of traking how much data has
actually been written into `face->ttf_data`. It will also act strangely
in the presense of multiple /sfnts arrays.

* src/type42/t42objs.c (T42_Open_Face): ensure `ttf_data` is initialized
to NULL. Free `ttf_data` on error.

* src/type42/t42parse.c (t42_parse_sfnts): delay setting `ttf_size` and
set it to the actual number of bytes read. Ensure `ttf_data` is freed
if there are multiple /sfnts arrays or there are any errors.
2022-01-11 14:58:18 -05:00
Dominik Röttsches 3876846e26 [sfnt] Fix limit checks for `COLR` v1 ClipBoxes
* src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Fix off-by-one in
limit checks.
2022-01-11 13:40:20 +02:00
Werner Lemberg d0cfb4e1b2 Update all copyright notices. 2022-01-11 10:54:10 +01:00
Werner Lemberg 947fddc8da * src/sfnt/ttcolr.c (read_paint): Fix undefined left-shift operation.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43151
2022-01-11 08:27:26 +00:00
Werner Lemberg 639a02154b * src/type42/t42objs.c (T42_Open_Face): Avoid use of uninitialized memory.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43508
2022-01-11 09:14:48 +01:00
Werner Lemberg 33626164e8 .gitlab-ci.yml: Fix typo in previous commit. 2022-01-11 08:01:30 +01:00
Werner Lemberg 4c0db60772 .gitlab-ci.yml: Update Windows image.
The old image produced errors like

```
Downloading zlib patch from
  https://wrapdb.mesonbuild.com/v2/zlib_1.2.11-5/get_patch
A fallback URL could be specified using patch_fallback_url key in the wrap file
WrapDB connection failed to
  https://wrapdb.mesonbuild.com/v2/zlib_1.2.11-5/get_patch
with error
  <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
   failed: certificate has expired (_ssl.c:1122)>
```
2022-01-11 07:52:28 +01:00
Werner Lemberg 2e62b7446b * subprojects/zlib.wrap: Update from upstream. 2022-01-11 05:37:56 +01:00
Werner Lemberg 4a89112b2a * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Add limit checks.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40716
2022-01-10 18:31:17 +00:00
Werner Lemberg 3f9b78fc79 [zlib] Don't typedef `ptrdiff_t`.
While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually
include some standard header files, making the typedef fail on systems where
the native `ptrdiff_t` type differs.

Fixes #1124.

* src/zlib/zutil.h: Comment out definition; it doesn't work on Windows.

* src/zlib/patches/freetype-zlib.diff: Updated.
2022-01-10 18:24:56 +01:00
Werner Lemberg da8a8b8bcf [zlib] Some organizational changes.
We now first apply zlib's `zlib2ansi` script, then FreeType's patch file.

* src/gzip/README.freetype: Updated.

* patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed
to...
* patches/freetype-zlib.diff: This.
Clean up description, then regenerate it as follows:

  - Copy unmodified files from `zlib` repository.
  - Run `zlib2ansi` script.
  - Run `git diff -R > patches/freetype-zlib.diff.new`.
  - Insert patch description of old diff file, then replace old diff with
    new diff file.
2022-01-10 18:13:10 +01:00
David Turner a25e85ed95 [gzip] Update sources to zlib 1.2.11
This can be tested by building with the Unix development build

  make setup devel
  make

or by building the freetype-demos programs with

  meson setup build -Dfreetype2:zlib=internal
  meson compile -C out

and trying to run `ftview` with a `.pcf.gz` font file.

* src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources.  Also
remove the temporary fix introduced in commit 6a431038 to work around the
fact that the internal sources were too old.

* src/gzip/README.freetype: New file describing the origin of the sources
and how they were modified.

* src/gzip/patches/*: Patch files applied to original sources.

* src/gzip/*: Updated zlib sources with the patch file(s) from
`src/gzip/patches/` applied, followed by a conversion with zlib's
`zlib2ansi` script.
2022-01-09 23:16:00 +01:00
David Turner 0d34386366 [meson] Change Zlib configuration option.
* meson_options.txt, meson.build: Change the format of the 'zlib' meson
build configuration option to be a combo with the following choices:

  - none: Do not support gzip-compressed streams at all.

  - internal: Support gzip-compressed streams using the copy of the gzip
    sources under `src/gzip/`; this should only be used during development
    to ensure these work properly.

  - external: Support gzip-compressed streams using the 'zlib' Meson
    subproject, linked as a static library.

  - system: Support gzip-compressed streams using a system-installed version
    of zlib.

  - auto: Support gzip-compressed streams using a system-installed version
    of zlib, if available, or using the 'zlib' subproject otherwise.  This
    is the default.

  - disabled: Backward-compatible alias for 'none'.

  - enabled: Backward-compatible alias for 'auto'.
2022-01-09 21:38:29 +01:00
Werner Lemberg d276bcb7f0 [bzip2] Avoid use of uninitialized memory.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
`FT_NEW` for setting up `zip` to avoid uninitialized memory access while
handling malformed PCF fonts later on.

Fixes

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
2022-01-09 07:48:59 +01:00
Alexei Podtelezhnikov ca01112894 [sfnt] Fix off-by-one error.
The 0-base index is equal to the number of previosly parsed entries.
It is an error to adjust it by one to get the number truncated by
a stream error.  This is probably inconsequential because valid
entries are correctly accounted for.

* src/sfnt/ttload.c (check_table_dir): Do not adjust the truncated
number of tables.
2022-01-08 22:28:44 -05:00
Werner Lemberg 7a493e3a40 [sfnt, type42] Correct previous commit.
Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773.

* src/sfnt/ttload.c (check_table_dir): Revert change.

* src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but
`FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access
while handling malformed TrueType fonts later on.
2022-01-08 10:28:19 +01:00
Werner Lemberg bf9b1ef905 * src/sfnt/ttload.c (check_table_dir): Initialize `table`.
Reported as

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773
2022-01-07 10:25:52 +01:00
Werner Lemberg b5c2172f59 [sfnt] Avoid 'runtime error: applying zero offset to null pointer'.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_byte_aligned): Exit early if
`line` is NULL.
2022-01-07 06:53:44 +01:00
Werner Lemberg 5aa2a5c34a [autofit, pshinter] Use `FT_OFFSET`.
This avoids

```
runtime error: applying zero offset to null pointer
```

warnings of clang's undefined behaviour sanitizer.

* src/autofit/afcjk.c (af_cjk_hints_link_segments,
af_cjk_hints_compute_edges, af_cjk_hints_compute_blue_edges,
af_cjk_hint_edges, af_cjk_align_edge_points): Do it.

* src/autofit/afhints.c (af_glyph_hints_align_edge_points,
af_glyph_hints_align_strong_points): Ditto.

* src/autofit/aflatin.c (af_latin_metrics_init_widths,
af_latin_hints_link_segments, af_latin_hints_compute_edges,
af_latin_hints_compute_blue_edges, af_latin_hint_edges): Ditto.

* src/pshinter/pshalgo.c (psh_hint_table_init): Ditto.
2022-01-07 06:41:36 +01:00
Ben Wagner afb4ca0151 [truetype] Reset localpoints when varying cvt.
When iterating over the cvt tuples and reading in the points it is necessary
to set all of `localpoints`, `points`, and `point_count` in all cases.  The
existing code did not reset `localpoints` to `NULL` when there were no
private point numbers.  If the previous tuple did have private point numbers
and set `localpoints` to `ALL_POINTS` this would not be cleared and the
wrong branch would be taken later, leading to possible heap buffer overflow.

* src/truetype/ttgxvar.c (tt_face_vary_cvt): Reset `localpoints` to `NULL`
when it isn't valid.

Fixes: https://crbug.com/1284742
2022-01-06 19:13:00 +01:00
Werner Lemberg 2b672e7210 * builds/unix/configure.raw: Restore `SYSTEM_ZLIB` variable.
This was accidentally removed with commit 93ebcbd0 almost eight years ago.
2022-01-02 18:33:03 +01:00
Alexander Borsuk 4eb6cb8818 Fix warnings for CMake Unity builds.
* src/cache/ftcbasic.c (FT_COMPONENT): Undefine macro before redefinition.
* src/smooth/ftgrays.c (TRUNC, FRACT): Ditto.
2021-12-27 07:48:04 +01:00
Alexander Borsuk 4f35711844 Clang-Tidy warning fixes.
* src/base/ftobjs.c (FT_Get_Paint): Operator has equivalent nested operands.
* src/bdf/bdflib.c (_bdf_add_property): Value stored to `fp` is never read.
* src/sdf/ftbsdf.c (bsdf_init_distance_map): Value stored to `pixel` is
never read.
* src/sdf/ftsdf.c (split_sdf_shape): Value stored to `error` is never read.
2021-12-18 11:09:15 +01:00
Eli Schwartz d6a5c57727 * meson.build: Optimize lookup for `python3` program.
The python module's `find_installation` method is intended to provide
routines for compiling and installing python modules into the
`site-packages` directory.  It does a couple of slow things, including run
an introspection command to scrape sysconfig info from the detected
interpreter, which are not needed for the sole use case of invoking the
found installation as an executable.

Furthermore, when invoked without the name or path of a python binary, it is
hardcoded to always look for `python3` corresponding to the interpreter
meson itself uses to run.  So using `find_installation` did not even allow
detecting `python2` as a fallback.

Instead, switch to a simple `find_program` lookup that finishes as soon as
the program is found.
2021-12-17 10:47:13 +01:00
Eli Schwartz 57fd61805f * builds/meson/*.py: Fix name of python executable for auxiliary scripts.
The previous change to check the return code of `run_command` invocations
caused the CI to fail.  Although most scripts used `python_exe` as the
program command, the script to determine the project version did not.

But, all scripts used `python` as the shebang, and this is not available on
all systems.  Particularly Debian does not provide a `python` command,
though `python3` does exist.  This meant that formerly the version number
was lacking, and now the build simply fails.

Instead, rely on `python3` since it is guaranteed to exist when running
meson, and `python2` is end of life anyway.
2021-12-17 10:45:29 +01:00
Eli Schwartz e342f83c0b * meson.build: Check the return value of `run_command`.
By default, errors are not checked and a command that is somehow broken will
just capture incorrect output (likely an empty string).  Current development
versions of meson now raise a warning for this implicit behavior, and advise
explicitly setting the `check:` keyword argumend to determine whether a
failing return code should be considered an error.

Since none of the commands in this project are expected to fail, mark them
as required to succeed.
2021-12-17 10:38:57 +01:00
Alexei Podtelezhnikov 0da2a1155e [truetype] Upstream the hdmx binary search.
* src/truetype/ttobjs.h (TT_SizeRec): Add `widthp` for the hdmx
widths.
* src/truetype/ttobjs.c (tt_size_reset): Initialize `widthp` even
though it might never be used by the interpreter.
* src/truetype/ttgload.c (tt_loader_init): Avoid repeated searches
in the hdmx table.
2021-12-13 11:44:24 -05:00
Alexei Podtelezhnikov fd03dcc122 [truetype] Reset the IUP-called flags for each subglyph.
This fixes fall-out from 7809007a5b, where the composite
accents were no longer hinted.

* src/truetype/ttgload.c (ttloader_init): Move the IUP-called flag
initialization from here...
* src/truetype/ttinterp.c (TT_Run_Context): ... to here.
2021-12-12 12:29:04 -05:00
Alexei Podtelezhnikov 7add5b2bcb [truetype] Binary search through the `hdmx` records.
The `hdmx` table is supposed to be sorted by ppem size, which
enables binary search.  We also drop the check for the sufficient
length of the record because it is now enforced when the table
is loaded.

* include/freetype/internal/tttypes.h (TT_FaceRec): Store the `hdmx`
record pointers sorted by ppem instead of ppem's themselves.
* src/truetype/ttpload.c (tt_face_load_hdmx): Prudently sort records.
(tt_face_get_device_metrics): Implement binary search to retrieve
advances.
2021-12-11 22:54:06 -05:00
Alexei Podtelezhnikov a8ef33e3ae [truetype] Honor FT_LOAD_ADVANCE_ONLY if `hdmx` is usable.
This simply shortcuts the glyph loading if FT_LOAD_ADVANCE_ONLY
is specified by FT_Get_Advances and the `hdmx` data are located.
Particularly, the classic v35 interpreter or "verified" ClearType
fonts might see 100x speed up in retrieving the hdmx cache.

* src/truetype/ttgload.c (TT_Load_Glyph): Insert the shortcut.
2021-12-11 22:42:46 -05:00
Alexei Podtelezhnikov 6c831d658f [truetype] Initialize the loader with `hdmx` data.
The `hdmx` matching can be done before the glyph is loaded.

* include/freetype/internal/tttypes.h (TT_LoaderRec): Add a field.
* src/truetype/ttgload.c (compute_glyph_metrics): Relocate the `hdmx`
code from here...
(tt_loader_init): ... to here, before the glyph is loaded.
2021-12-11 22:34:27 -05:00
Alexei Podtelezhnikov 7809007a5b [truetype] Relocate subpixel flag setting.
`TT_RunIns` is too busy to deal with subpixel flags. It is better
to set them in `tt_loader_init`, which is executed before each
glyph program.

* src/truetype/ttinterp.c (TT_RunIns): Move the flag setting from
here...
* src/truetype/ttgload.c (tt_loader_init): ... to here.
2021-12-11 22:22:57 -05:00