kmx git

Commit	Date	Message
311b78fa	2023-04-02T09:24:16	* src/sfnt/ttpost.c: Formatting and comments.
8f7b1455	2023-04-01T23:37:51	[sfnt] Consolidate POST version 2.0 and 2.5 (pt 2). * src/sfnt/ttpost.c (load_format_20, load_format_25): Update arguments and move shared calls and checks upstream to... (load_post_names): ... this function. (tt_face_free_ps_names, tt_face_get_ps_name): Updated.
9597a62b	2023-04-01T22:34:30	[sfnt] Consolidate POST version 2.0 and 2.5 (pt 1). The deprecated POST version 2.5 can be handled using the data structures of version 2.0. The goal is to reduce the footprint. * include/freetype/internal/tttypes.h (TT_Post_Names): Absorb and... (TT_Post_20, TT_Post_25): ... remove these structures. src/sfnt/ttpost.c (load_post_names, tt_face_get_ps_name, tt_face_free_ps_names, load_format_20): Updated accordingly. (load_format_25): ditto and convert offsets to glyph indices.
6d7b8b22	2023-03-31T23:17:46	[sfnt] Miscellaneous POST clean-ups. * src/sfnt/ttpost.c (load_format_20): Decrease casts. (load_format_25): Check the table length and impose a theoretical glyph number limit usable with 8-bit offset. Decrease casts. (load_post_names): Pass the mapping data length without 2 bytes.
0db69970	2023-03-30T09:06:35	* src/sfnt/ttpost.c (load_format_20): Simplify comutations.
4679fcb6	2023-03-29T00:21:00	[sfnt] Streamline POST format 2.0 handing (cont'd). * src/sfnt/ttpost.c (load_format_20): Co-allocate the string data and their pointers, which makes it easier to handle and free them. (tt_face_free_ps_names): Updated. * include/freetype/internal/tttypes.h (TT_Post_20): Update type.
4d8db130	2023-03-20T16:53:51	[cff] Simplify `t2_strings` management in the old engine. * src/cff/cffparse.c (cff_parser_run): Allocate the charstring buffers and the list nodes together so that they can be freed at once. (finalize_t2_strings): Removed as no longer needed. (cff_parser_done): Updated.
4f0a55d1	2023-03-19T10:13:52	[cff] Rework the stream limit checks. The old stream limit checks, before 6986ddac1ece, were good but pointless for the crafted t2_strings. Checking limits there is not necessary as they are created to hold all data. By using two conditions, we can detect the actual crossing of the stream boundary as appropriate for the stream pointer only. The t2_strings parsing will not be triggering these checks. * src/cff/cffparse.c (cff_parser_within_limits): Removed. (cff_parse_real, cff_parse_integer): Redesign the stream limit check. (cff_parse_num, do fixed, cff_parse_fixed_dynamic): Update callers.
8fc6df10	2023-03-17T23:35:10	* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Use for-loop. Even though we never call `TT_Load_Simple_Glyph` with zero contours, out of abundance of precaution, let's handle this case properly.
ef636696	2023-03-17T23:25:45	[truetype] Clean up zeroing and local variables. * src/truetype/ttgload.c (TT_Process_Simple_Glyph): Avoid zeroing. (load_truetype_glyph): Avoid zeroing and clean local variables.
dd78d4a7	2023-03-16T03:28:59	* src/base/ftsynth.c (FT_GlyphSlot_AdjustWeight): New API.
764bc8e4	2023-03-15T23:18:18	[truetype] Clean up glyph loading. * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Clean space checking. (TT_Hint_Glyph): Don't copy the outline structure. (TT_Process_Simple_Glyph): Cosmetic update.
e7164762	2023-03-15T18:48:27	* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Clean up.
b9376065	2023-03-10T23:41:39	[truetype] Fix recent fallout in memory management. * src/truetype/ttgload.c (TT_Process_Composite_Glyph, TT_Load_Simple_Glyph): Clean up old instructions regardless of new ones, postpone setting `control_len` and `control_data` until... (TT_Load_Glyph): ... the exit from this function.
49c74ac0	2023-03-09T22:37:03	* src/truetype/ttgload.c (TT_Hint_Glyph): Mostly cosmetic update. The number of instructions is now taken from the executed context. Technically, this means that `control_len` and `control_data` values are no longer _used_ internally but only expose them.
bd6208b7	2023-03-08T10:49:42	apinames.c: Add comment.
d5c6b948	2023-03-07T08:55:58	[gzip] File `infback.c` is not needed. * src/gzip/infback.c: Remove. * src/gzip/rules.mk (GZIP_DRV_SRCS): Updated.
092f9d98	2023-03-07T07:28:32	[apinames] Fix VMS handling of overly long function names. Based on ideas from Jouk Jansen <joukj@hrem.nano.tudelft.nl>. * src/tools/vms_shorten_symbol.c: New file, taken from https://sourceforge.net/p/vms-ports/vmsshortsym/ci/default/tree/vms_shorten_symbol.c with some minor edits to allow compilation with C++ and being included in another source code file. * src/tools/apinames.c: Include `vms_shorten_symbol.c`. (PROGRAM_VERSION): Set to '0.5'. (names_dump) [OUTPUT_VMS_OPT]: Call `vms_shorten_symbol` to get unique function identifiers not longer than 31 characters.
72a8d652	2023-03-07T07:14:36	* src/tools/apinames.c (panic): Accept variable number of arguments.
b3250f36	2023-03-06T23:53:42	* src/truetype/ttgload.c (TT_Process_Composite_Glyph): Fix leak too.
b36193d0	2023-03-06T22:41:17	* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Triage memory leak. This leak has been introduced in the previous commit and immediately detected: https://chromium-review.googlesource.com/c/chromium/src/+/4313202
de94e2cb	2023-02-26T08:07:08	[truetype] Simplify memory management. Instead of using `Update_Max`, switch to regular FreeType memory allocation macros, stop pre-allocating the glyph instruction arrays. * src/truetype/ttgload.c (TT_Load_Simple_Glyph, TT_Process_Composite_Glyph): Switch to regular memory allocation. * src/truetype/ttinterp.c (Update_Max): Removed. (TT_Load_Context): Reallocate stack and free old instructions. (Modify_CVT_Check, Ins_WS): Switch to regular memory allocation. * src/truetype/ttinterp.h (Update_Max): Removed.
fc01e7dd	2023-03-05T22:05:24	Fix a couple of MSVC warnings. * src/base/ftcalc.c (FT_MulAddFix): Add cast. * src/sfnt/ttcolr.c (tt_face_get_colorline_stops, read_paint): Ditto.
c4b5127b	2023-03-05T00:31:58	* src/cff/cffparse.c (cff_parser_run): Thinko.
de600220	2023-03-04T23:49:49	[cff] Clean up CharString number encoding. * src/cff/cffparser.c (cff_parser_run): Work with signed numbers.
51c17054	2023-03-04T23:32:50	* src/cff/cffparse.c (cff_parser_run): Fix variable type.
a2b8937d	2023-03-04T14:00:52	[cff] Clean up memory management in the old engine. * src/cff/cffparse.c (finalize_t2_strings): Fix NULL-dereferencing in the out-of-memory situation, use `FT_FREE`. (cff_parser_run): Use FreeType memory allocation macros and avoid uninitialized pointers.
29578f75	2023-03-04T13:39:27	* src/cff/cffobjs.c (cff_size_init): Synonymous change.
7ae20e55	2023-03-03T22:41:09	* src/sfnt/sfobjs.c (sfnt_load_face): Shorten de-referencing.
49eac0da	2023-03-03T22:10:50	[pfr] Shorten de-referencing. * src/pfr/pfrobjs.c (pfr_face_done, pfr_face_init): Use closer `memory`. * src/pfr/pfrgload.c (pfr_glyph_load_compound): Remove `loader`.
2adef94f	2023-03-03T18:40:48	* src/cff/cffobjs.c (cff_size_get_globals_funcs): Shorten de-referencing.
5ac6276a	2023-03-03T17:21:10	[cff,cid,type1] Shorten de-referencing. * src/cff/cffobjs.c (cff_clot_init): Use immediate library reference. * src/cid/cidobjs.c (cid_slot_init): Ditto. * src/type1/t1objs.c (T1_GlyphSlot_Init): Ditto.
09b326fa	2023-03-01T12:19:17	Avoid strtol on non-null-terminated data. Technically, `strtol` can only be used with C strings terminated with `\0`. CID data is not generally null-terminated and often does not contain a `\0` if it is hex-encoded. AddressSanitizer with `ASAN_OPTIONS` containing `strict_string_checks=1` verifies this by using an adversarial `strtol` that always reads to the terminating `\0`. To avoid undefined behavior from `strtol` in `cid_parser_new`, use the parser to parse the tokens instead of attempting to parse them ad-hoc. This will internally use `PS_Conv_Strtol` to parse the integer, which respects the parser's limits and directly implements the PostScript parsing rules for integers. * src/cid/cidparse.c (cid_parser_new): Use the parser to parse the tokens. Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329
e95e6234	2023-03-02T17:58:03	* src/cff/cffload.c (cff_subfont_load): Synonymous update.
e8931f8c	2023-03-01T18:20:46	* src/gzip/README.freetype: Update version.
79c8bd91	2023-03-01T10:16:59	[gzip] Fix static linking. Without this patch, static linking with MS Visual Studio causes linking errors. * src/gzip/ftgzip.c: Set `ZEXPORT` to nothing and `ZEXTERN` to static for all compilers.
638df2fe	2023-02-27T21:54:23	[truetype] Treat 38 as 40 without Infinality. * include/freetype/ftdriver.h (TT_INTERPRETER_VERSION_38): Reinstate. * src/truetype/ttdriver.c (tt_property_set): Fallback from 38 to 40.
d399657f	2023-02-26T20:18:54	* src/*: Replace leading underscores with trailing ones in dummy variables. This is to avoid clang warnings.
6423ddb8	2023-02-25T21:54:21	* src/cff/cffload.c (cff_encoding_load): Optimize array zeroing. This is unnecessary for predefined standard and expert encodings. Even for custom encodings the arrays might be already zeroed when CFF_FontRec is created but we keep it just in case.
74c498a3	2023-02-25T11:02:21	* src/type1/t1load.c (T1_Get_MM_Var): Optimize array zeroing.
3f2ac7d8	2023-02-24T11:48:48	* src/base/ftsystem.c (ft_ansi_stream_io): Avoid undefined behaviour. Also short-circuit on `offset` to avoid checking `count` a second time when `ft_ansi_stream_io` is used for reading. Per ISO/IEC 9899: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or apointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined. If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid. Per IEEE Std 1003.1: size_t fread(void restrict ptr, size_t size, size_t nitems, FILE restrict stream); The `fread` function shall read into the array pointed to by `ptr` up to `nitems` elements whose size is specified by `size` in bytes, from the stream pointed to by `stream`. Since the first argument to `fread` is described as being an array, its behavior is undefined when that argument is a null pointer. Per the documentation on `ft_ansi_stream_io`: If `count' is zero (this is, the function is used for seeking), a non-zero return value indicates an error. Thus the intent is clear, and the call to `fread` can be skipped, avoiding undefined behaviour.
3f01161f	2023-02-21T16:17:07	[raster] Clean up contour indexing. * src/raster/ftraster.c (Decompose_Curve, Convert_Glyph): Use consistent index types (Int) and compact iterations.
7f949904	2023-02-20T23:29:58	[autofit] Clean up contour indexing. * src/autofit/aflatin.c (af_latin_metrics_init_blues): Refactor. * src/autofit/afcjk.c (af_cjk_metrics_init_blues): Ditto.
78464d1b	2023-02-20T22:31:21	* src/base/ftoutln.c (FT_Outline_Check): Fix C4701 warning.
f5f969a8	2023-02-20T22:29:18	* src/sdf/ftsdf.c (get_min_distance_cubic): Fix C4701, typos.
fecd19b4	2023-02-20T17:13:40	* src/base/ftstroke.c (FT_Stroker_ParseOutline): Clean up contour indexing.
34ed28d0	2023-02-20T16:33:45	[base] Clean up contour indexing. * src/base/ftoutln.c (FT_Outline_Reverse, FT_Outline_EmboldenXY, FT_Outline_Get_Orientation): Set the first and last indexes together. (FT_Outline_Decompose): Ditto and check them more stringently. * src/smooth/ftgrays.c (FT_Outline_Decompose)[STANDALONE_]: Ditto.
713580f4	2023-02-20T15:58:04	* src/base/ftoutln.c (FT_Outline_Check): Update error code, clean up.
74ea5454	2023-02-16T22:38:35	* src/base/ftoutln.c (FT_Outline_Reverse): Anchor first contour points. A cubic contour has to always start from an on-point. Therefore, we should not swap the first with the last point, which might be off, and obtain an invalid contour. This does not matter for conic contours. If anything, it also saves one swap there. Fixes #1207.
dacbb554	2023-02-10T08:24:33	[type1/MM] Round design coordinates. The design coordinates for MM fonts were not rounded. For example, `FT_Get_Var_Design_Coordinates` returned values with fractional part. * src/type1/t1load.c (mm_axis_unmap): Refactor with rounding. * include/freetype/ftmm.h (FT_Var_Axis, FT_Set_Var_Design_Coordinates, FT_Get_Var_Design_Coordinates): Reword documentation.
de8b92dd	2023-02-09T07:01:12	* Version 2.13 released. ========================== Tag sources with `VER-2-13-0'. * docs/VERSION.TXT: Add entry for version 2.13. * docs/CHANGES: Updated. * README, src/base/ftver.rc, builds/windows/vc2010/index.html, builds/windows/visualc/index.html, builds/windows/visualce/index.html, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html, docs/freetype-config.1: s/2.12.1/2.13/, s/2121/2130/. * include/freetype/freetype.h (FREETYPE_MINOR): Set to 13. (FREETYPE_PATCH): Set to 0. * builds/unix/configure.raw (version_info): Set to 25:0:19. * CMakeLists.txt (VERSION_MINOR): Set to 13. (VERSION_PATCH): Set to 0.
995ccfac	2023-02-08T21:49:56	[autofit] Fix 'multi' compilation. * src/autofit/ft-hb.c: Decorate with `FT_LOCAL_DEF`. Add ANSI boilerplate code for otherwise empty file. * src/autofit/ft-hb.h: Include `compiler-macros.h` and `freetype.h`. Use `FT_BEGIN_HEADER` and `FT_END_HEADER`. Decorate with `FT_LOCAL`. * src/autofit/rules.mk (AUTOF_DRV_SRC): Add `ft-hb.c`.
663486a7	2023-02-08T20:56:19	Fix `FT_LOCAL` and `FT_LOCAL_DEF` tags.
ac5babe8	2023-02-08T19:36:10	Fix 'fall-through' warning messages. Modern compilers get more insistent on that... * include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define. * src/: Use it instead of `/ fall through */` comments.
be724c81	2023-02-07T22:24:53	For debugging, avoid implicit conversion from integer to double. Otherwise we get zillions of clang 15 warnings. * src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c, src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c, src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c, src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use `double` cast in debugging and tracing macros.
37bc7c26	2023-02-07T07:37:07	Avoid reserved identifiers that are globally defined. This is mandated by the C99 standard, and clang 15 produces zillions of warnings otherwise. * devel/ftoption.h, include/freetype/config/ftoption.h, include/freetype/internal/ftmemory.h, src/autofit/afhints.h, src/autofit/afmodule.c, src/autofit/aftypes.h, src/base/ftadvanc.c, src/base/ftdbgmem.c, src/base/ftstream.c, src/bdf/bdflib.c, src/truetype/ttinterp.c: Replace identifiers of the form `_foo` with `foo_`.
da9eb9c7	2023-02-07T07:01:36	Fix minor clang and clang++ warnings.
4c3916e9	2023-02-08T14:58:46	[truetype, type1] Additional variation tags. Sync with https://learn.microsoft.com/en-us/typography/opentype/spec/dvaraxisreg#registered-axis-tags * src/truetype/ttgxvar.h (TTAG_ital): New tag. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Use it. * src/type1/t1load.c (T1_Get_MM_Var): Handle 'slnt' and 'ital'.
27b2cd41	2023-02-07T23:03:18	* src/base/ftsynth.c (FT_GlyphSlot_Slant): Add vertical slant. * include/freetype/ftsynth.h (FT_GlyphSlot_Slant): Update it.
515bdfef	2023-01-04T19:15:38	[sdf] Use 32-bit integers internally. * src/sdf/ftsdfcommon.h (FT_16D16, FT_26D6): Use 32-bit integers instead of `FT_Fixed` for internal data types. `FT_Fixed` i.e. `signed long` is 64-bit on some architectures.
1bbec9e9	2023-02-04T08:34:58	* src/type1/t1afm.c (T1_Read_Metrics): Reaffirm ascender and descender.
82c131ac	2023-02-04T03:20:25	* src/type1/t1afm.c (T1_Read_Metrics): Validate ascender and descender. The ascender and descender are optional in the AFM specifications. They could be omitted or even set to zero, e.g., in the current release of URW++ base 35 fonts.
646cc8ef	2023-02-02T10:38:18	* src/cff/cffgload.c (cff_slot_load): Avoid memory leak. Fixes issue #1204.
9508811a	2023-02-01T12:01:58	* src/truetype/ttgxvar.c (tt_var_get_item_delta): Check `face->blend`. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55581
e97544a7	2023-01-28T17:04:38	Minor changes. Comment fixes, typos, removing of unnecessary parentheses.
bacc48e6	2023-01-28T17:04:11	Whitespace.
bea675cd	2023-01-26T14:07:25	[ttgxvar] Fix crash in COLRv1. This is a stopgap until issue #1202 is properly fixed. * src/truetype/ttxgvar.c (tt_var_get_item_delta): Check `normalizedcoords`.
d680908a	2023-01-17T16:18:28	[base] Fix typo. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Request module 't1cid', not 'cid'.
188019eb	2023-01-17T16:04:30	[base] Return error if requested driver is not found. In `open_face_from_buffer` it is possible that a driver is requested but FreeType was built without the requested module. Return an error in this case to indicate that the request could not be satisfied, rather than trying all existing driver modules. * src/base/ftobjs.c (open_face_from_buffer): Return `FT_Err_Missing_Module` if a driver is specified but not found.
a297feab	2023-01-17T14:30:48	[sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044. * src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is too small, don't deallocate delta set index map structures.
f80be4e9	2023-01-17T18:48:54	* src/tools/update-copyright: Allow execution from other repositories. We use this for `freetype-demos`.
65f85237	2023-01-17T09:18:25	Update all copyright notices.
6c1bd0f2	2023-01-17T09:15:36	* src/tools/no-copyright: Updated.
29f83d1d	2023-01-12T23:45:12	[base] 'close' callback may not use `stream->memory`. The documentation for `FT_StreamRec::memory` states that it 'shouldn't be touched by stream implementations'. This is true even for internal implementations of the 'close' callback, since it is not guaranteed that `memory` will even be set when the 'close' callback occurs. * src/base/ftobjs.c (new_memory_stream): stash current `memory` in `stream->descriptor`. (memory_stream_close): Use it.
0d4f887c	2023-01-12T22:43:08	[base] Always close user-provided stream. The `FT_Open_Face` documentation states > If `FT_OPEN_STREAM` is set in `args->flags`, the stream in `args->stream` > is automatically closed before this function returns any error (including > `FT_Err_Invalid_Argument`). However, if the user provides a stream in `args.stream` with `FT_OPEN_STREAM` set and a `close` function, but then for some reason passes NULL for `aface` and a non-negative `face_index`, the error `Invalid_Argument` is returned but the `close` callback will not be called on the user-provided stream. This may cause resource leaks if the caller is depending on the `close` callback to free resources. The difficulty is that a user may fill out a `FT_StreamRec` and pass its address as `args.stream`, but the stream isn't really 'live' until `FT_Stream_New` is called on it (and `memory` is set). In particular, it cannot really be cleaned up properly in `ft_open_face_internal` until the stream pointer has been copied into the `stream` local variable. * src/base/ftobj.c (ft_open_face_internal): Ensure that user-provided `args.stream.close` is called even with early errors.
13983b05	2023-01-11T14:47:26	[base] Fix leak of internal stream marked external. `open_face_from_buffer` allocates a new `FT_Stream` to pass to `ft_open_face_internal`. Because this is an `FT_OPEN_STREAM`, `ft_open_face_internal` will mark this as an 'external stream', which the caller must free. However, `open_face_from_buffer` cannot directly free it because the stream must last as long as the face. There is currently an attempt at this by clearing the 'external stream' bit after `open_face_from_buffer` returns successfully. However, this is too late as the original stream may have already been closed and the stream on the face may not be the same stream as originally passed. It is tempting to use `FT_OPEN_MEMORY` and let `ft_open_face_internal` create the stream internally. However, with this method there is no means to pass through a 'close' function to the created stream to free the underlying data, which must be owned by the stream. A possibility is to check on success if the stream of the face is the same as the original stream. If it is then unset the external flag. If not, then free the original stream. Unfortunately, while no current implementation does so, it is possible that the face still has the original stream somewhere other than as the `FT_FaceRec::stream`. The stream needs to remain available for the life of the face or until it is closed, whichever comes earlier. The approach taken here is to let the stream own itself. When the stream is closed it will free itself. * src/base/ftobjs.c (memory_stream_close): Free `stream`. (open_face_from_buffer): Simplify error handling, since `ft_open_face_internal` always closes `args.stream` on any error. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54930
6a179ff7	2023-01-16T16:38:56	sr/.c: Various minor fixes. src/autofit/ft-hb.c (_hb_ft_reference_table): Call `FT_UNUSED` after variable declarations. * src/gxvalid/gxvjust.c (gxv_just_widthDeltaClusters_validate): Eliminate unused variable. * src/gzip/ftgzip.c: Don't call GCC '-Wstrict-prototypes' pragma for C++ compiler. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): Remove final semicolon to avoid compiler warning. * src/sfnt/ttsvg.c (tt_face_load_svg_doc): Fix signedness warning.
2692b321	2023-01-03T17:19:02	[sfnt] Remove temporary runtime flag for variable 'COLR' v1. Fixes #1187. * src/sfnt/ttcolr.c (top level, read_paint, tt_face_load_colr, tt_face_free_colr, get_deltas_for_var_index_base, tt_face_get_color_glyph_clipbox, tt_face_get_colorline_stops): Remove macro definition `VARIABLE_COLRV1_ENABLED` and its usage. * src/truetype/ttdriver.c (tt_property_set): Remove parsing of 'TEMPORARY-enable-variable-colrv1' property name. * src/truetype/ttobjs.h (TT_DriverRec): Remove `enable_variable_colrv1` flag.
b1c90733	2023-01-07T07:40:12	* src/autofit/ft-hb.c (_hb_ft_reference_table): Minor integration fixes.
3481b154	2023-01-05T21:07:26	[truetype] Reset cvt and storage in context load. Currently the cvt and storage are saved and restored in `TT_RunIns`. However, this is too granular as the cvt and storage area should be set to the original cvt and storage area only when setting up the hinting context. This allows for the cvt and storage area to be modified while parsing multiple glyphs, as is the case with composite glyphs. * src/truetype/ttinterp.h (TT_ExecContextRec): Remove `origCvt` and `origStorage`. * src/truetype/ttinterp.c (TT_RunIns): Don't save and restore the cvt and storage area. (Modify_CVT_Check, Ins_WS): Switch from "if in glyph and using original data do copy on write" to "if in glyph and not using glyph specific data do copy on write".
ebe7e912	2023-01-02T20:13:22	[autofit] Don't depend on 'hb-ft'. The circular dependency is still there, but at least we no longer depend on the HarfBuzz API that is only present if HarfBuzz has been built with FreeType support, making the bootstrapping a bit easier. * src/autofit/ft-hb.c, src/autofit/ft-hb.h: New files, providing `_hb_ft_font_create`, which is more or less a verbatim copy of the corresponding HarfBuzz code from file `hb-ft.cc`. * src/autofit/afglobal.c (af_face_globals_new): Use it. * src/autofit/afshaper.h: Don't include `hb-ft.h` but `ft-hb.h`. * src/autofit/autofit.c: Include `ft-hb.c`. * LICENSE.TXT: Updated.
262b47ac	2023-01-05T15:24:25	[truetype] Keep variation store consistent. `tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`. While it may return an error, the item store must be left in a consistent state so that any use or destruction of the item store can properly use or free the data in it. Before this change the counts from the font data were read directly into the item store before the actual allocation of the arrays to which they referred. There exist many opportunities between the time the counts are read and the arrays are allocated to return early due to invalid data. When this happened the item store claimed to have entires it actually did not, leading to crashes later when it was used. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449 * src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts into local variables and store them in the item store only after the related arrays are actually created on the item store.
15afb554	2023-01-05T12:42:55	[base] Report used stream's external status. In `open_face` the initial stream is set on the face, along with the information about if FreeType is the owner of the stream object itself. The loaders may in the course of their work replace this stream with a new stream (as is the case for 'woff' and 'woff2'), which may have a different ownership than the initial stream object (likely the original stream object is owned by the user and is external, while the new stream object is created internally to FreeType and is internal). When the stream is replaced, the face's flags are updated with the new ownership status. However, `open_face` cannot itself free this stream as its caller `ft_open_face_internal` is responsible for this. In addition, in the case of an error `open_face` cannot return an actual face with the new stream and its ownership status to the caller. As a result, it must pass this information back to the caller as a sort of "failed face" so that the caller can clean up. `open_face` was already passing back the new stream but was not passing back the stream ownership information. As a result the stream may not have been free'd when needed. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700 * src/base/ftobjs.c (open_face): Pass back the ownership information as well. (ft_open_face_internal): Updated.
63f37136	2023-01-04T15:52:41	[sfnt] Fix color stop bounds check calculation at table end. Fixes https://bugs.chromium.org/p/skia/issues/detail?id=14021 * src/sfnt/ttcolr.c (VAR_IDX_BASE_SIZE): New macro. (tt_face_get_colorline_stops): Fix off-by-one bounds check calculation, take `VarColorStop` into account, and hopefully make it easier to read.
81a456b2	2023-01-04T22:41:34	* src/base/ftobjs.c (FT_Request_Metrics): Avoid division by zero. The division-by-zero might happen in broken fonts (see #1194). Instead of returning a huge number from FT_DivFix and failing to scale later, we now bail immediately.
0bcb664d	2022-12-20T16:38:39	[psaux] Delay the upem validity assertion. Fixes #1194. * src/psaux/psft.c (cf2_getUnitsPerEm): Remove the upem assert. (cf2_checkTransform): Assert the upem validity after checking the scale.
ace97a02	2022-12-14T09:58:44	[gzip] Make static compilation not leak global symbols. * src/gzip/ftgzip.c (HAVE_HIDDEN): Do not define; it is no longer needed because everything is static. (HAVE_MEMCPY): Define. (zcalloc, zcfree): Remove no longer needed definitions (because `Z_SOLO` is active). * src/gzip/patches/freetype-zlib.diff: Regenerated. Fixes #1146. Co-authored-by: Werner Lemberg <wl@gnu.org>
bc3aa767	2022-12-14T10:27:13	* src/gzip/ftzconf.h: Updated to zlib 1.2.13. I forgot to copy that file.
26e9028f	2022-12-13T09:53:26	[sdf, sfnt] Handle minor compiler warnings. * src/sdf/ftsdf.c (get_min_distance_conic): Initialize `nearest_point`. * src/sfnt/ttsvg.c (find_doc): Initialize `mid_doc`. Fixes #1195.
aca4ec59	2022-11-22T22:34:41	* src/base/ftdbgmem.c (ft_mem_source_compare): Add FT_COMPARE_DEF. Closes !230.
1c44de20	2022-11-20T22:37:08	* src/autofit/afloader.c (af_loader_load_glyph): Remove `size` check. This is done by `FT_Load_Glyph`.
4e6906cc	2022-11-18T14:03:19	Comments added.
0f43a0e7	2022-11-16T07:50:52	* src/autofit/afloader.c (af_loader_load_glyph): Fix dereference. This must happen after the NULL check. Taken from https://github.com/freetype/freetype/pull/2
47e61d02	2022-11-14T22:53:14	* src/pcf/pcfutil.c ({Two,Four}ByteSwap): Use builtins or shifts. We trust glibc which uses shifts or builtins to swap bytes. This must be more efficient.
e6fda039	2022-11-14T19:18:19	* src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
ba4bd5b9	2022-11-07T10:52:33	Add `TT_CONFIG_OPTION_NO_BORING_EXPANSION` configuration macro. This gives users a possibility to deactivate new features not (yet) in the OpenType standard. * include/freetype/config/ftoption.h, devel/ftoption.h (TT_CONFIG_OPTION_NO_BORING_EXPANSION): New macro. * src/truetype/ttgxvar.c (ft_var_load_avar): Use it to disable 'avar' version 2.0 support.
e97cb9e8	2022-11-09T15:42:25	[truetype] Improve bounds checks for `ItemVariationStore`. * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Move bounds check ... (tt_var_get_item_delta): ... to this function, because it is safer. For example, the 'avar' table 2.0 codepath was not performing a bounds check at all.
9be958ca	2022-11-09T15:41:34	[truetype] In `ItemVariationStore`, value 0xFFFF for `dataCount` is valid. It corresponds to outer indices of 0 to 0xFFFE. * src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Remove invalid code.
109179c7	2022-11-10T23:25:48	[pcf] Improve CMap efficiency and readability. * src/pcf/pcfdrivr.c (pcf_cmap_char_{index,next}): Check and walk the encoding array indexes.
9154707f	2022-11-07T16:58:56	[truetype] Check avar_segment before access * src/truetype/ttgxvar.c (tt_done_blend): check `avar_segment` before accessing to free its `correspondence`. Reported as: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53062

311b78fa

2023-04-02T09:24:16

* src/sfnt/ttpost.c: Formatting and comments.

8f7b1455

2023-04-01T23:37:51

[sfnt] Consolidate POST version 2.0 and 2.5 (pt 2). * src/sfnt/ttpost.c (load_format_20, load_format_25): Update arguments and move shared calls and checks upstream to... (load_post_names): ... this function. (tt_face_free_ps_names, tt_face_get_ps_name): Updated.

9597a62b

2023-04-01T22:34:30

[sfnt] Consolidate POST version 2.0 and 2.5 (pt 1). The deprecated POST version 2.5 can be handled using the data structures of version 2.0. The goal is to reduce the footprint. * include/freetype/internal/tttypes.h (TT_Post_Names): Absorb and... (TT_Post_20, TT_Post_25): ... remove these structures. src/sfnt/ttpost.c (load_post_names, tt_face_get_ps_name, tt_face_free_ps_names, load_format_20): Updated accordingly. (load_format_25): ditto and convert offsets to glyph indices.

6d7b8b22

2023-03-31T23:17:46

[sfnt] Miscellaneous POST clean-ups. * src/sfnt/ttpost.c (load_format_20): Decrease casts. (load_format_25): Check the table length and impose a theoretical glyph number limit usable with 8-bit offset. Decrease casts. (load_post_names): Pass the mapping data length without 2 bytes.

0db69970

2023-03-30T09:06:35

* src/sfnt/ttpost.c (load_format_20): Simplify comutations.

4679fcb6

2023-03-29T00:21:00

[sfnt] Streamline POST format 2.0 handing (cont'd). * src/sfnt/ttpost.c (load_format_20): Co-allocate the string data and their pointers, which makes it easier to handle and free them. (tt_face_free_ps_names): Updated. * include/freetype/internal/tttypes.h (TT_Post_20): Update type.

4d8db130

2023-03-20T16:53:51

[cff] Simplify `t2_strings` management in the old engine. * src/cff/cffparse.c (cff_parser_run): Allocate the charstring buffers and the list nodes together so that they can be freed at once. (finalize_t2_strings): Removed as no longer needed. (cff_parser_done): Updated.

4f0a55d1

2023-03-19T10:13:52

[cff] Rework the stream limit checks. The old stream limit checks, before 6986ddac1ece, were good but pointless for the crafted t2_strings. Checking limits there is not necessary as they are created to hold all data. By using two conditions, we can detect the actual crossing of the stream boundary as appropriate for the stream pointer only. The t2_strings parsing will not be triggering these checks. * src/cff/cffparse.c (cff_parser_within_limits): Removed. (cff_parse_real, cff_parse_integer): Redesign the stream limit check. (cff_parse_num, do fixed, cff_parse_fixed_dynamic): Update callers.

8fc6df10

2023-03-17T23:35:10

* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Use for-loop. Even though we never call `TT_Load_Simple_Glyph` with zero contours, out of abundance of precaution, let's handle this case properly.

ef636696

2023-03-17T23:25:45

[truetype] Clean up zeroing and local variables. * src/truetype/ttgload.c (TT_Process_Simple_Glyph): Avoid zeroing. (load_truetype_glyph): Avoid zeroing and clean local variables.

dd78d4a7

2023-03-16T03:28:59

* src/base/ftsynth.c (FT_GlyphSlot_AdjustWeight): New API.

764bc8e4

2023-03-15T23:18:18

[truetype] Clean up glyph loading. * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Clean space checking. (TT_Hint_Glyph): Don't copy the outline structure. (TT_Process_Simple_Glyph): Cosmetic update.

e7164762

2023-03-15T18:48:27

* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Clean up.

b9376065

2023-03-10T23:41:39

[truetype] Fix recent fallout in memory management. * src/truetype/ttgload.c (TT_Process_Composite_Glyph, TT_Load_Simple_Glyph): Clean up old instructions regardless of new ones, postpone setting `control_len` and `control_data` until... (TT_Load_Glyph): ... the exit from this function.

49c74ac0

2023-03-09T22:37:03

* src/truetype/ttgload.c (TT_Hint_Glyph): Mostly cosmetic update. The number of instructions is now taken from the executed context. Technically, this means that `control_len` and `control_data` values are no longer _used_ internally but only expose them.

bd6208b7

2023-03-08T10:49:42

apinames.c: Add comment.

d5c6b948

2023-03-07T08:55:58

[gzip] File `infback.c` is not needed. * src/gzip/infback.c: Remove. * src/gzip/rules.mk (GZIP_DRV_SRCS): Updated.

092f9d98

2023-03-07T07:28:32

[apinames] Fix VMS handling of overly long function names. Based on ideas from Jouk Jansen <joukj@hrem.nano.tudelft.nl>. * src/tools/vms_shorten_symbol.c: New file, taken from https://sourceforge.net/p/vms-ports/vmsshortsym/ci/default/tree/vms_shorten_symbol.c with some minor edits to allow compilation with C++ and being included in another source code file. * src/tools/apinames.c: Include `vms_shorten_symbol.c`. (PROGRAM_VERSION): Set to '0.5'. (names_dump) [OUTPUT_VMS_OPT]: Call `vms_shorten_symbol` to get unique function identifiers not longer than 31 characters.

72a8d652

2023-03-07T07:14:36

* src/tools/apinames.c (panic): Accept variable number of arguments.

b3250f36

2023-03-06T23:53:42

* src/truetype/ttgload.c (TT_Process_Composite_Glyph): Fix leak too.

b36193d0

2023-03-06T22:41:17

* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Triage memory leak. This leak has been introduced in the previous commit and immediately detected: https://chromium-review.googlesource.com/c/chromium/src/+/4313202

de94e2cb

2023-02-26T08:07:08

[truetype] Simplify memory management. Instead of using `Update_Max`, switch to regular FreeType memory allocation macros, stop pre-allocating the glyph instruction arrays. * src/truetype/ttgload.c (TT_Load_Simple_Glyph, TT_Process_Composite_Glyph): Switch to regular memory allocation. * src/truetype/ttinterp.c (Update_Max): Removed. (TT_Load_Context): Reallocate stack and free old instructions. (Modify_CVT_Check, Ins_WS): Switch to regular memory allocation. * src/truetype/ttinterp.h (Update_Max): Removed.

fc01e7dd

2023-03-05T22:05:24

Fix a couple of MSVC warnings. * src/base/ftcalc.c (FT_MulAddFix): Add cast. * src/sfnt/ttcolr.c (tt_face_get_colorline_stops, read_paint): Ditto.

c4b5127b

2023-03-05T00:31:58

* src/cff/cffparse.c (cff_parser_run): Thinko.

de600220

2023-03-04T23:49:49

[cff] Clean up CharString number encoding. * src/cff/cffparser.c (cff_parser_run): Work with signed numbers.

51c17054

2023-03-04T23:32:50

* src/cff/cffparse.c (cff_parser_run): Fix variable type.

a2b8937d

2023-03-04T14:00:52

[cff] Clean up memory management in the old engine. * src/cff/cffparse.c (finalize_t2_strings): Fix NULL-dereferencing in the out-of-memory situation, use `FT_FREE`. (cff_parser_run): Use FreeType memory allocation macros and avoid uninitialized pointers.

29578f75

2023-03-04T13:39:27

* src/cff/cffobjs.c (cff_size_init): Synonymous change.

7ae20e55

2023-03-03T22:41:09

* src/sfnt/sfobjs.c (sfnt_load_face): Shorten de-referencing.

49eac0da

2023-03-03T22:10:50

[pfr] Shorten de-referencing. * src/pfr/pfrobjs.c (pfr_face_done, pfr_face_init): Use closer `memory`. * src/pfr/pfrgload.c (pfr_glyph_load_compound): Remove `loader`.

2adef94f

2023-03-03T18:40:48

* src/cff/cffobjs.c (cff_size_get_globals_funcs): Shorten de-referencing.

5ac6276a

2023-03-03T17:21:10

[cff,cid,type1] Shorten de-referencing. * src/cff/cffobjs.c (cff_clot_init): Use immediate library reference. * src/cid/cidobjs.c (cid_slot_init): Ditto. * src/type1/t1objs.c (T1_GlyphSlot_Init): Ditto.

09b326fa

2023-03-01T12:19:17

Avoid strtol on non-null-terminated data. Technically, `strtol` can only be used with C strings terminated with `\0`. CID data is not generally null-terminated and often does not contain a `\0` if it is hex-encoded. AddressSanitizer with `ASAN_OPTIONS` containing `strict_string_checks=1` verifies this by using an adversarial `strtol` that always reads to the terminating `\0`. To avoid undefined behavior from `strtol` in `cid_parser_new`, use the parser to parse the tokens instead of attempting to parse them ad-hoc. This will internally use `PS_Conv_Strtol` to parse the integer, which respects the parser's limits and directly implements the PostScript parsing rules for integers. * src/cid/cidparse.c (cid_parser_new): Use the parser to parse the tokens. Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329

e95e6234

2023-03-02T17:58:03

* src/cff/cffload.c (cff_subfont_load): Synonymous update.

e8931f8c

2023-03-01T18:20:46

* src/gzip/README.freetype: Update version.

79c8bd91

2023-03-01T10:16:59

[gzip] Fix static linking. Without this patch, static linking with MS Visual Studio causes linking errors. * src/gzip/ftgzip.c: Set `ZEXPORT` to nothing and `ZEXTERN` to static for all compilers.

638df2fe

2023-02-27T21:54:23

[truetype] Treat 38 as 40 without Infinality. * include/freetype/ftdriver.h (TT_INTERPRETER_VERSION_38): Reinstate. * src/truetype/ttdriver.c (tt_property_set): Fallback from 38 to 40.

d399657f

2023-02-26T20:18:54

* src/*: Replace leading underscores with trailing ones in dummy variables. This is to avoid clang warnings.

6423ddb8

2023-02-25T21:54:21

* src/cff/cffload.c (cff_encoding_load): Optimize array zeroing. This is unnecessary for predefined standard and expert encodings. Even for custom encodings the arrays might be already zeroed when CFF_FontRec is created but we keep it just in case.

74c498a3

2023-02-25T11:02:21

* src/type1/t1load.c (T1_Get_MM_Var): Optimize array zeroing.

3f2ac7d8

2023-02-24T11:48:48

* src/base/ftsystem.c (ft_ansi_stream_io): Avoid undefined behaviour. Also short-circuit on `offset` to avoid checking `count` a second time when `ft_ansi_stream_io` is used for reading. Per ISO/IEC 9899: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or apointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined. If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid. Per IEEE Std 1003.1: size_t fread(void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream); The `fread` function shall read into the array pointed to by `ptr` up to `nitems` elements whose size is specified by `size` in bytes, from the stream pointed to by `stream`. Since the first argument to `fread` is described as being an array, its behavior is undefined when that argument is a null pointer. Per the documentation on `ft_ansi_stream_io`: If `count' is zero (this is, the function is used for seeking), a non-zero return value indicates an error. Thus the intent is clear, and the call to `fread` can be skipped, avoiding undefined behaviour.

3f01161f

2023-02-21T16:17:07

[raster] Clean up contour indexing. * src/raster/ftraster.c (Decompose_Curve, Convert_Glyph): Use consistent index types (Int) and compact iterations.

7f949904

2023-02-20T23:29:58

[autofit] Clean up contour indexing. * src/autofit/aflatin.c (af_latin_metrics_init_blues): Refactor. * src/autofit/afcjk.c (af_cjk_metrics_init_blues): Ditto.

78464d1b

2023-02-20T22:31:21

* src/base/ftoutln.c (FT_Outline_Check): Fix C4701 warning.

f5f969a8

2023-02-20T22:29:18

* src/sdf/ftsdf.c (get_min_distance_cubic): Fix C4701, typos.

fecd19b4

2023-02-20T17:13:40

* src/base/ftstroke.c (FT_Stroker_ParseOutline): Clean up contour indexing.

34ed28d0

2023-02-20T16:33:45

[base] Clean up contour indexing. * src/base/ftoutln.c (FT_Outline_Reverse, FT_Outline_EmboldenXY, FT_Outline_Get_Orientation): Set the first and last indexes together. (FT_Outline_Decompose): Ditto and check them more stringently. * src/smooth/ftgrays.c (FT_Outline_Decompose)[STANDALONE_]: Ditto.

713580f4

2023-02-20T15:58:04

* src/base/ftoutln.c (FT_Outline_Check): Update error code, clean up.

74ea5454

2023-02-16T22:38:35

* src/base/ftoutln.c (FT_Outline_Reverse): Anchor first contour points. A cubic contour has to always start from an on-point. Therefore, we should not swap the first with the last point, which might be off, and obtain an invalid contour. This does not matter for conic contours. If anything, it also saves one swap there. Fixes #1207.

dacbb554

2023-02-10T08:24:33

[type1/MM] Round design coordinates. The design coordinates for MM fonts were not rounded. For example, `FT_Get_Var_Design_Coordinates` returned values with fractional part. * src/type1/t1load.c (mm_axis_unmap): Refactor with rounding. * include/freetype/ftmm.h (FT_Var_Axis, FT_Set_Var_Design_Coordinates, FT_Get_Var_Design_Coordinates): Reword documentation.

de8b92dd

2023-02-09T07:01:12

* Version 2.13 released. ========================== Tag sources with `VER-2-13-0'. * docs/VERSION.TXT: Add entry for version 2.13. * docs/CHANGES: Updated. * README, src/base/ftver.rc, builds/windows/vc2010/index.html, builds/windows/visualc/index.html, builds/windows/visualce/index.html, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html, docs/freetype-config.1: s/2.12.1/2.13/, s/2121/2130/. * include/freetype/freetype.h (FREETYPE_MINOR): Set to 13. (FREETYPE_PATCH): Set to 0. * builds/unix/configure.raw (version_info): Set to 25:0:19. * CMakeLists.txt (VERSION_MINOR): Set to 13. (VERSION_PATCH): Set to 0.

995ccfac

2023-02-08T21:49:56

[autofit] Fix 'multi' compilation. * src/autofit/ft-hb.c: Decorate with `FT_LOCAL_DEF`. Add ANSI boilerplate code for otherwise empty file. * src/autofit/ft-hb.h: Include `compiler-macros.h` and `freetype.h`. Use `FT_BEGIN_HEADER` and `FT_END_HEADER`. Decorate with `FT_LOCAL`. * src/autofit/rules.mk (AUTOF_DRV_SRC): Add `ft-hb.c`.

663486a7

2023-02-08T20:56:19

Fix `FT_LOCAL` and `FT_LOCAL_DEF` tags.

ac5babe8

2023-02-08T19:36:10

Fix 'fall-through' warning messages. Modern compilers get more insistent on that... * include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define. * src/*: Use it instead of `/* fall through */` comments.

be724c81

2023-02-07T22:24:53

For debugging, avoid implicit conversion from integer to double. Otherwise we get zillions of clang 15 warnings. * src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c, src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c, src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c, src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use `double` cast in debugging and tracing macros.

37bc7c26

2023-02-07T07:37:07

Avoid reserved identifiers that are globally defined. This is mandated by the C99 standard, and clang 15 produces zillions of warnings otherwise. * devel/ftoption.h, include/freetype/config/ftoption.h, include/freetype/internal/ftmemory.h, src/autofit/afhints.h, src/autofit/afmodule.c, src/autofit/aftypes.h, src/base/ftadvanc.c, src/base/ftdbgmem.c, src/base/ftstream.c, src/bdf/bdflib.c, src/truetype/ttinterp.c: Replace identifiers of the form `_foo` with `foo_`.

da9eb9c7

2023-02-07T07:01:36

Fix minor clang and clang++ warnings.

4c3916e9

2023-02-08T14:58:46

[truetype, type1] Additional variation tags. Sync with https://learn.microsoft.com/en-us/typography/opentype/spec/dvaraxisreg#registered-axis-tags * src/truetype/ttgxvar.h (TTAG_ital): New tag. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Use it. * src/type1/t1load.c (T1_Get_MM_Var): Handle 'slnt' and 'ital'.

27b2cd41

2023-02-07T23:03:18

* src/base/ftsynth.c (FT_GlyphSlot_Slant): Add vertical slant. * include/freetype/ftsynth.h (FT_GlyphSlot_Slant): Update it.

515bdfef

2023-01-04T19:15:38

[sdf] Use 32-bit integers internally. * src/sdf/ftsdfcommon.h (FT_16D16, FT_26D6): Use 32-bit integers instead of `FT_Fixed` for internal data types. `FT_Fixed` i.e. `signed long` is 64-bit on some architectures.

1bbec9e9

2023-02-04T08:34:58

* src/type1/t1afm.c (T1_Read_Metrics): Reaffirm ascender and descender.

82c131ac

2023-02-04T03:20:25

* src/type1/t1afm.c (T1_Read_Metrics): Validate ascender and descender. The ascender and descender are optional in the AFM specifications. They could be omitted or even set to zero, e.g., in the current release of URW++ base 35 fonts.

646cc8ef

2023-02-02T10:38:18

* src/cff/cffgload.c (cff_slot_load): Avoid memory leak. Fixes issue #1204.

9508811a

2023-02-01T12:01:58

* src/truetype/ttgxvar.c (tt_var_get_item_delta): Check `face->blend`. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55581

e97544a7

2023-01-28T17:04:38

Minor changes. Comment fixes, typos, removing of unnecessary parentheses.

bacc48e6

2023-01-28T17:04:11

Whitespace.

bea675cd

2023-01-26T14:07:25

[ttgxvar] Fix crash in COLRv1. This is a stopgap until issue #1202 is properly fixed. * src/truetype/ttxgvar.c (tt_var_get_item_delta): Check `normalizedcoords`.

d680908a

2023-01-17T16:18:28

[base] Fix typo. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Request module 't1cid', not 'cid'.

188019eb

2023-01-17T16:04:30

[base] Return error if requested driver is not found. In `open_face_from_buffer` it is possible that a driver is requested but FreeType was built without the requested module. Return an error in this case to indicate that the request could not be satisfied, rather than trying all existing driver modules. * src/base/ftobjs.c (open_face_from_buffer): Return `FT_Err_Missing_Module` if a driver is specified but not found.

a297feab

2023-01-17T14:30:48

[sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044. * src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is too small, don't deallocate delta set index map structures.

f80be4e9

2023-01-17T18:48:54

* src/tools/update-copyright: Allow execution from other repositories. We use this for `freetype-demos`.

65f85237

2023-01-17T09:18:25

Update all copyright notices.

6c1bd0f2

2023-01-17T09:15:36

* src/tools/no-copyright: Updated.

29f83d1d

2023-01-12T23:45:12

[base] 'close' callback may not use `stream->memory`. The documentation for `FT_StreamRec::memory` states that it 'shouldn't be touched by stream implementations'. This is true even for internal implementations of the 'close' callback, since it is not guaranteed that `memory` will even be set when the 'close' callback occurs. * src/base/ftobjs.c (new_memory_stream): stash current `memory` in `stream->descriptor`. (memory_stream_close): Use it.

0d4f887c

2023-01-12T22:43:08

[base] Always close user-provided stream. The `FT_Open_Face` documentation states > If `FT_OPEN_STREAM` is set in `args->flags`, the stream in `args->stream` > is automatically closed before this function returns any error (including > `FT_Err_Invalid_Argument`). However, if the user provides a stream in `args.stream` with `FT_OPEN_STREAM` set and a `close` function, but then for some reason passes NULL for `aface` and a non-negative `face_index`, the error `Invalid_Argument` is returned but the `close` callback will not be called on the user-provided stream. This may cause resource leaks if the caller is depending on the `close` callback to free resources. The difficulty is that a user may fill out a `FT_StreamRec` and pass its address as `args.stream`, but the stream isn't really 'live' until `FT_Stream_New` is called on it (and `memory` is set). In particular, it cannot really be cleaned up properly in `ft_open_face_internal` until the stream pointer has been copied into the `stream` local variable. * src/base/ftobj.c (ft_open_face_internal): Ensure that user-provided `args.stream.close` is called even with early errors.

13983b05

2023-01-11T14:47:26

[base] Fix leak of internal stream marked external. `open_face_from_buffer` allocates a new `FT_Stream` to pass to `ft_open_face_internal`. Because this is an `FT_OPEN_STREAM`, `ft_open_face_internal` will mark this as an 'external stream', which the caller must free. However, `open_face_from_buffer` cannot directly free it because the stream must last as long as the face. There is currently an attempt at this by clearing the 'external stream' bit after `open_face_from_buffer` returns successfully. However, this is too late as the original stream may have already been closed and the stream on the face may not be the same stream as originally passed. It is tempting to use `FT_OPEN_MEMORY` and let `ft_open_face_internal` create the stream internally. However, with this method there is no means to pass through a 'close' function to the created stream to free the underlying data, which must be owned by the stream. A possibility is to check on success if the stream of the face is the same as the original stream. If it is then unset the external flag. If not, then free the original stream. Unfortunately, while no current implementation does so, it is possible that the face still has the original stream somewhere other than as the `FT_FaceRec::stream`. The stream needs to remain available for the life of the face or until it is closed, whichever comes earlier. The approach taken here is to let the stream own itself. When the stream is closed it will free itself. * src/base/ftobjs.c (memory_stream_close): Free `stream`. (open_face_from_buffer): Simplify error handling, since `ft_open_face_internal` always closes `args.stream` on any error. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54930

6a179ff7

2023-01-16T16:38:56

sr/*.c: Various minor fixes. * src/autofit/ft-hb.c (_hb_ft_reference_table): Call `FT_UNUSED` after variable declarations. * src/gxvalid/gxvjust.c (gxv_just_widthDeltaClusters_validate): Eliminate unused variable. * src/gzip/ftgzip.c: Don't call GCC '-Wstrict-prototypes' pragma for C++ compiler. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): Remove final semicolon to avoid compiler warning. * src/sfnt/ttsvg.c (tt_face_load_svg_doc): Fix signedness warning.

2692b321

2023-01-03T17:19:02

[sfnt] Remove temporary runtime flag for variable 'COLR' v1. Fixes #1187. * src/sfnt/ttcolr.c (top level, read_paint, tt_face_load_colr, tt_face_free_colr, get_deltas_for_var_index_base, tt_face_get_color_glyph_clipbox, tt_face_get_colorline_stops): Remove macro definition `VARIABLE_COLRV1_ENABLED` and its usage. * src/truetype/ttdriver.c (tt_property_set): Remove parsing of 'TEMPORARY-enable-variable-colrv1' property name. * src/truetype/ttobjs.h (TT_DriverRec): Remove `enable_variable_colrv1` flag.

b1c90733

2023-01-07T07:40:12

* src/autofit/ft-hb.c (_hb_ft_reference_table): Minor integration fixes.

3481b154

2023-01-05T21:07:26

[truetype] Reset cvt and storage in context load. Currently the cvt and storage are saved and restored in `TT_RunIns`. However, this is too granular as the cvt and storage area should be set to the original cvt and storage area only when setting up the hinting context. This allows for the cvt and storage area to be modified while parsing multiple glyphs, as is the case with composite glyphs. * src/truetype/ttinterp.h (TT_ExecContextRec): Remove `origCvt` and `origStorage`. * src/truetype/ttinterp.c (TT_RunIns): Don't save and restore the cvt and storage area. (Modify_CVT_Check, Ins_WS): Switch from "if in glyph and using original data do copy on write" to "if in glyph and not using glyph specific data do copy on write".

ebe7e912

2023-01-02T20:13:22

[autofit] Don't depend on 'hb-ft'. The circular dependency is still there, but at least we no longer depend on the HarfBuzz API that is only present if HarfBuzz has been built with FreeType support, making the bootstrapping a bit easier. * src/autofit/ft-hb.c, src/autofit/ft-hb.h: New files, providing `_hb_ft_font_create`, which is more or less a verbatim copy of the corresponding HarfBuzz code from file `hb-ft.cc`. * src/autofit/afglobal.c (af_face_globals_new): Use it. * src/autofit/afshaper.h: Don't include `hb-ft.h` but `ft-hb.h`. * src/autofit/autofit.c: Include `ft-hb.c`. * LICENSE.TXT: Updated.

262b47ac

2023-01-05T15:24:25

[truetype] Keep variation store consistent. `tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`. While it may return an error, the item store must be left in a consistent state so that any use or destruction of the item store can properly use or free the data in it. Before this change the counts from the font data were read directly into the item store before the actual allocation of the arrays to which they referred. There exist many opportunities between the time the counts are read and the arrays are allocated to return early due to invalid data. When this happened the item store claimed to have entires it actually did not, leading to crashes later when it was used. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449 * src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts into local variables and store them in the item store only after the related arrays are actually created on the item store.

15afb554

2023-01-05T12:42:55

[base] Report used stream's external status. In `open_face` the initial stream is set on the face, along with the information about if FreeType is the owner of the stream object itself. The loaders may in the course of their work replace this stream with a new stream (as is the case for 'woff' and 'woff2'), which may have a different ownership than the initial stream object (likely the original stream object is owned by the user and is external, while the new stream object is created internally to FreeType and is internal). When the stream is replaced, the face's flags are updated with the new ownership status. However, `open_face` cannot itself free this stream as its caller `ft_open_face_internal` is responsible for this. In addition, in the case of an error `open_face` cannot return an actual face with the new stream and its ownership status to the caller. As a result, it must pass this information back to the caller as a sort of "failed face" so that the caller can clean up. `open_face` was already passing back the new stream but was not passing back the stream ownership information. As a result the stream may not have been free'd when needed. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700 * src/base/ftobjs.c (open_face): Pass back the ownership information as well. (ft_open_face_internal): Updated.

63f37136

2023-01-04T15:52:41

[sfnt] Fix color stop bounds check calculation at table end. Fixes https://bugs.chromium.org/p/skia/issues/detail?id=14021 * src/sfnt/ttcolr.c (VAR_IDX_BASE_SIZE): New macro. (tt_face_get_colorline_stops): Fix off-by-one bounds check calculation, take `VarColorStop` into account, and hopefully make it easier to read.

81a456b2

2023-01-04T22:41:34

* src/base/ftobjs.c (FT_Request_Metrics): Avoid division by zero. The division-by-zero might happen in broken fonts (see #1194). Instead of returning a huge number from FT_DivFix and failing to scale later, we now bail immediately.

0bcb664d

2022-12-20T16:38:39

[psaux] Delay the upem validity assertion. Fixes #1194. * src/psaux/psft.c (cf2_getUnitsPerEm): Remove the upem assert. (cf2_checkTransform): Assert the upem validity after checking the scale.

ace97a02

2022-12-14T09:58:44

[gzip] Make static compilation not leak global symbols. * src/gzip/ftgzip.c (HAVE_HIDDEN): Do not define; it is no longer needed because everything is static. (HAVE_MEMCPY): Define. (zcalloc, zcfree): Remove no longer needed definitions (because `Z_SOLO` is active). * src/gzip/patches/freetype-zlib.diff: Regenerated. Fixes #1146. Co-authored-by: Werner Lemberg <wl@gnu.org>

bc3aa767

2022-12-14T10:27:13

* src/gzip/ftzconf.h: Updated to zlib 1.2.13. I forgot to copy that file.

26e9028f

2022-12-13T09:53:26

[sdf, sfnt] Handle minor compiler warnings. * src/sdf/ftsdf.c (get_min_distance_conic): Initialize `nearest_point`. * src/sfnt/ttsvg.c (find_doc): Initialize `mid_doc`. Fixes #1195.

aca4ec59

2022-11-22T22:34:41

* src/base/ftdbgmem.c (ft_mem_source_compare): Add FT_COMPARE_DEF. Closes !230.

1c44de20

2022-11-20T22:37:08

* src/autofit/afloader.c (af_loader_load_glyph): Remove `size` check. This is done by `FT_Load_Glyph`.

4e6906cc

2022-11-18T14:03:19

Comments added.

0f43a0e7

2022-11-16T07:50:52

* src/autofit/afloader.c (af_loader_load_glyph): Fix dereference. This must happen after the NULL check. Taken from https://github.com/freetype/freetype/pull/2

47e61d02

2022-11-14T22:53:14

* src/pcf/pcfutil.c ({Two,Four}ByteSwap): Use builtins or shifts. We trust glibc which uses shifts or builtins to swap bytes. This must be more efficient.

e6fda039

2022-11-14T19:18:19

* src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462

ba4bd5b9

2022-11-07T10:52:33

Add `TT_CONFIG_OPTION_NO_BORING_EXPANSION` configuration macro. This gives users a possibility to deactivate new features not (yet) in the OpenType standard. * include/freetype/config/ftoption.h, devel/ftoption.h (TT_CONFIG_OPTION_NO_BORING_EXPANSION): New macro. * src/truetype/ttgxvar.c (ft_var_load_avar): Use it to disable 'avar' version 2.0 support.

e97cb9e8

2022-11-09T15:42:25

[truetype] Improve bounds checks for `ItemVariationStore`. * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Move bounds check ... (tt_var_get_item_delta): ... to this function, because it is safer. For example, the 'avar' table 2.0 codepath was not performing a bounds check at all.

9be958ca

2022-11-09T15:41:34

[truetype] In `ItemVariationStore`, value 0xFFFF for `dataCount` is valid. It corresponds to outer indices of 0 to 0xFFFE. * src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Remove invalid code.

109179c7

2022-11-10T23:25:48

[pcf] Improve CMap efficiency and readability. * src/pcf/pcfdrivr.c (pcf_cmap_char_{index,next}): Check and walk the encoding array indexes.

9154707f

2022-11-07T16:58:56

[truetype] Check avar_segment before access * src/truetype/ttgxvar.c (tt_done_blend): check `avar_segment` before accessing to free its `correspondence`. Reported as: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53062

kc3-lang/freetype/src

src

Log