src


Log

Author Commit Date CI Message
Alexei Podtelezhnikov 51c17054 2023-03-04T23:32:50 * src/cff/cffparse.c (cff_parser_run): Fix variable type.
Alexei Podtelezhnikov a2b8937d 2023-03-04T14:00:52 [cff] Clean up memory management in the old engine. * src/cff/cffparse.c (finalize_t2_strings): Fix NULL-dereferencing in the out-of-memory situation, use `FT_FREE`. (cff_parser_run): Use FreeType memory allocation macros and avoid uninitialized pointers.
Alexei Podtelezhnikov 29578f75 2023-03-04T13:39:27 * src/cff/cffobjs.c (cff_size_init): Synonymous change.
Alexei Podtelezhnikov 7ae20e55 2023-03-03T22:41:09 * src/sfnt/sfobjs.c (sfnt_load_face): Shorten de-referencing.
Alexei Podtelezhnikov 49eac0da 2023-03-03T22:10:50 [pfr] Shorten de-referencing. * src/pfr/pfrobjs.c (pfr_face_done, pfr_face_init): Use closer `memory`. * src/pfr/pfrgload.c (pfr_glyph_load_compound): Remove `loader`.
Alexei Podtelezhnikov 2adef94f 2023-03-03T18:40:48 * src/cff/cffobjs.c (cff_size_get_globals_funcs): Shorten de-referencing.
Alexei Podtelezhnikov 5ac6276a 2023-03-03T17:21:10 [cff,cid,type1] Shorten de-referencing. * src/cff/cffobjs.c (cff_clot_init): Use immediate library reference. * src/cid/cidobjs.c (cid_slot_init): Ditto. * src/type1/t1objs.c (T1_GlyphSlot_Init): Ditto.
Ben Wagner 09b326fa 2023-03-01T12:19:17 Avoid strtol on non-null-terminated data. Technically, `strtol` can only be used with C strings terminated with `\0`. CID data is not generally null-terminated and often does not contain a `\0` if it is hex-encoded. AddressSanitizer with `ASAN_OPTIONS` containing `strict_string_checks=1` verifies this by using an adversarial `strtol` that always reads to the terminating `\0`. To avoid undefined behavior from `strtol` in `cid_parser_new`, use the parser to parse the tokens instead of attempting to parse them ad-hoc. This will internally use `PS_Conv_Strtol` to parse the integer, which respects the parser's limits and directly implements the PostScript parsing rules for integers. * src/cid/cidparse.c (cid_parser_new): Use the parser to parse the tokens. Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329
Alexei Podtelezhnikov e95e6234 2023-03-02T17:58:03 * src/cff/cffload.c (cff_subfont_load): Synonymous update.
ubawurinna e8931f8c 2023-03-01T18:20:46 * src/gzip/README.freetype: Update version.
ubawurinna 79c8bd91 2023-03-01T10:16:59 [gzip] Fix static linking. Without this patch, static linking with MS Visual Studio causes linking errors. * src/gzip/ftgzip.c: Set `ZEXPORT` to nothing and `ZEXTERN` to static for all compilers.
Alexei Podtelezhnikov 638df2fe 2023-02-27T21:54:23 [truetype] Treat 38 as 40 without Infinality. * include/freetype/ftdriver.h (TT_INTERPRETER_VERSION_38): Reinstate. * src/truetype/ttdriver.c (tt_property_set): Fallback from 38 to 40.
Werner Lemberg d399657f 2023-02-26T20:18:54 * src/*: Replace leading underscores with trailing ones in dummy variables. This is to avoid clang warnings.
Alexei Podtelezhnikov 6423ddb8 2023-02-25T21:54:21 * src/cff/cffload.c (cff_encoding_load): Optimize array zeroing. This is unnecessary for predefined standard and expert encodings. Even for custom encodings the arrays might be already zeroed when CFF_FontRec is created but we keep it just in case.
Alexei Podtelezhnikov 74c498a3 2023-02-25T11:02:21 * src/type1/t1load.c (T1_Get_MM_Var): Optimize array zeroing.
Tamir Duberstein 3f2ac7d8 2023-02-24T11:48:48 * src/base/ftsystem.c (ft_ansi_stream_io): Avoid undefined behaviour. Also short-circuit on `offset` to avoid checking `count` a second time when `ft_ansi_stream_io` is used for reading. Per ISO/IEC 9899: If an argument to a function has an invalid value (such as a value outside the domain of the function, or a pointer outside the address space of the program, or a null pointer, or apointer to non-modifiable storage when the corresponding parameter is not const-qualified) or a type (after promotion) not expected by a function with variable number of arguments, the behavior is undefined. If a function argument is described as being an array, the pointer actually passed to the function shall have a value such that all address computations and accesses to objects (that would be valid if the pointer did point to the first element of such an array) are in fact valid. Per IEEE Std 1003.1: size_t fread(void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream); The `fread` function shall read into the array pointed to by `ptr` up to `nitems` elements whose size is specified by `size` in bytes, from the stream pointed to by `stream`. Since the first argument to `fread` is described as being an array, its behavior is undefined when that argument is a null pointer. Per the documentation on `ft_ansi_stream_io`: If `count' is zero (this is, the function is used for seeking), a non-zero return value indicates an error. Thus the intent is clear, and the call to `fread` can be skipped, avoiding undefined behaviour.
Alexei Podtelezhnikov 3f01161f 2023-02-21T16:17:07 [raster] Clean up contour indexing. * src/raster/ftraster.c (Decompose_Curve, Convert_Glyph): Use consistent index types (Int) and compact iterations.
Alexei Podtelezhnikov 7f949904 2023-02-20T23:29:58 [autofit] Clean up contour indexing. * src/autofit/aflatin.c (af_latin_metrics_init_blues): Refactor. * src/autofit/afcjk.c (af_cjk_metrics_init_blues): Ditto.
Alexei Podtelezhnikov 78464d1b 2023-02-20T22:31:21 * src/base/ftoutln.c (FT_Outline_Check): Fix C4701 warning.
Alexei Podtelezhnikov f5f969a8 2023-02-20T22:29:18 * src/sdf/ftsdf.c (get_min_distance_cubic): Fix C4701, typos.
Alexei Podtelezhnikov fecd19b4 2023-02-20T17:13:40 * src/base/ftstroke.c (FT_Stroker_ParseOutline): Clean up contour indexing.
Alexei Podtelezhnikov 34ed28d0 2023-02-20T16:33:45 [base] Clean up contour indexing. * src/base/ftoutln.c (FT_Outline_Reverse, FT_Outline_EmboldenXY, FT_Outline_Get_Orientation): Set the first and last indexes together. (FT_Outline_Decompose): Ditto and check them more stringently. * src/smooth/ftgrays.c (FT_Outline_Decompose)[STANDALONE_]: Ditto.
Alexei Podtelezhnikov 713580f4 2023-02-20T15:58:04 * src/base/ftoutln.c (FT_Outline_Check): Update error code, clean up.
Alex Ringlein 74ea5454 2023-02-16T22:38:35 * src/base/ftoutln.c (FT_Outline_Reverse): Anchor first contour points. A cubic contour has to always start from an on-point. Therefore, we should not swap the first with the last point, which might be off, and obtain an invalid contour. This does not matter for conic contours. If anything, it also saves one swap there. Fixes #1207.
Alexei Podtelezhnikov dacbb554 2023-02-10T08:24:33 [type1/MM] Round design coordinates. The design coordinates for MM fonts were not rounded. For example, `FT_Get_Var_Design_Coordinates` returned values with fractional part. * src/type1/t1load.c (mm_axis_unmap): Refactor with rounding. * include/freetype/ftmm.h (FT_Var_Axis, FT_Set_Var_Design_Coordinates, FT_Get_Var_Design_Coordinates): Reword documentation.
Werner Lemberg de8b92dd 2023-02-09T07:01:12 * Version 2.13 released. ========================== Tag sources with `VER-2-13-0'. * docs/VERSION.TXT: Add entry for version 2.13. * docs/CHANGES: Updated. * README, src/base/ftver.rc, builds/windows/vc2010/index.html, builds/windows/visualc/index.html, builds/windows/visualce/index.html, builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html, docs/freetype-config.1: s/2.12.1/2.13/, s/2121/2130/. * include/freetype/freetype.h (FREETYPE_MINOR): Set to 13. (FREETYPE_PATCH): Set to 0. * builds/unix/configure.raw (version_info): Set to 25:0:19. * CMakeLists.txt (VERSION_MINOR): Set to 13. (VERSION_PATCH): Set to 0.
Werner Lemberg 995ccfac 2023-02-08T21:49:56 [autofit] Fix 'multi' compilation. * src/autofit/ft-hb.c: Decorate with `FT_LOCAL_DEF`. Add ANSI boilerplate code for otherwise empty file. * src/autofit/ft-hb.h: Include `compiler-macros.h` and `freetype.h`. Use `FT_BEGIN_HEADER` and `FT_END_HEADER`. Decorate with `FT_LOCAL`. * src/autofit/rules.mk (AUTOF_DRV_SRC): Add `ft-hb.c`.
Werner Lemberg 663486a7 2023-02-08T20:56:19 Fix `FT_LOCAL` and `FT_LOCAL_DEF` tags.
Werner Lemberg ac5babe8 2023-02-08T19:36:10 Fix 'fall-through' warning messages. Modern compilers get more insistent on that... * include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define. * src/*: Use it instead of `/* fall through */` comments.
Werner Lemberg be724c81 2023-02-07T22:24:53 For debugging, avoid implicit conversion from integer to double. Otherwise we get zillions of clang 15 warnings. * src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c, src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c, src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c, src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use `double` cast in debugging and tracing macros.
Werner Lemberg 37bc7c26 2023-02-07T07:37:07 Avoid reserved identifiers that are globally defined. This is mandated by the C99 standard, and clang 15 produces zillions of warnings otherwise. * devel/ftoption.h, include/freetype/config/ftoption.h, include/freetype/internal/ftmemory.h, src/autofit/afhints.h, src/autofit/afmodule.c, src/autofit/aftypes.h, src/base/ftadvanc.c, src/base/ftdbgmem.c, src/base/ftstream.c, src/bdf/bdflib.c, src/truetype/ttinterp.c: Replace identifiers of the form `_foo` with `foo_`.
Werner Lemberg da9eb9c7 2023-02-07T07:01:36 Fix minor clang and clang++ warnings.
Alexei Podtelezhnikov 4c3916e9 2023-02-08T14:58:46 [truetype, type1] Additional variation tags. Sync with https://learn.microsoft.com/en-us/typography/opentype/spec/dvaraxisreg#registered-axis-tags * src/truetype/ttgxvar.h (TTAG_ital): New tag. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Use it. * src/type1/t1load.c (T1_Get_MM_Var): Handle 'slnt' and 'ital'.
Alexei Podtelezhnikov 27b2cd41 2023-02-07T23:03:18 * src/base/ftsynth.c (FT_GlyphSlot_Slant): Add vertical slant. * include/freetype/ftsynth.h (FT_GlyphSlot_Slant): Update it.
anuj 515bdfef 2023-01-04T19:15:38 [sdf] Use 32-bit integers internally. * src/sdf/ftsdfcommon.h (FT_16D16, FT_26D6): Use 32-bit integers instead of `FT_Fixed` for internal data types. `FT_Fixed` i.e. `signed long` is 64-bit on some architectures.
Alexei Podtelezhnikov 1bbec9e9 2023-02-04T08:34:58 * src/type1/t1afm.c (T1_Read_Metrics): Reaffirm ascender and descender.
Alexei Podtelezhnikov 82c131ac 2023-02-04T03:20:25 * src/type1/t1afm.c (T1_Read_Metrics): Validate ascender and descender. The ascender and descender are optional in the AFM specifications. They could be omitted or even set to zero, e.g., in the current release of URW++ base 35 fonts.
Werner Lemberg 646cc8ef 2023-02-02T10:38:18 * src/cff/cffgload.c (cff_slot_load): Avoid memory leak. Fixes issue #1204.
Werner Lemberg 9508811a 2023-02-01T12:01:58 * src/truetype/ttgxvar.c (tt_var_get_item_delta): Check `face->blend`. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55581
Werner Lemberg e97544a7 2023-01-28T17:04:38 Minor changes. Comment fixes, typos, removing of unnecessary parentheses.
Werner Lemberg bacc48e6 2023-01-28T17:04:11 Whitespace.
Behdad Esfahbod bea675cd 2023-01-26T14:07:25 [ttgxvar] Fix crash in COLRv1. This is a stopgap until issue #1202 is properly fixed. * src/truetype/ttxgvar.c (tt_var_get_item_delta): Check `normalizedcoords`.
Ben Wagner d680908a 2023-01-17T16:18:28 [base] Fix typo. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Request module 't1cid', not 'cid'.
Ben Wagner 188019eb 2023-01-17T16:04:30 [base] Return error if requested driver is not found. In `open_face_from_buffer` it is possible that a driver is requested but FreeType was built without the requested module. Return an error in this case to indicate that the request could not be satisfied, rather than trying all existing driver modules. * src/base/ftobjs.c (open_face_from_buffer): Return `FT_Err_Missing_Module` if a driver is specified but not found.
Dominik Röttsches a297feab 2023-01-17T14:30:48 [sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044. * src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is too small, don't deallocate delta set index map structures.
Werner Lemberg f80be4e9 2023-01-17T18:48:54 * src/tools/update-copyright: Allow execution from other repositories. We use this for `freetype-demos`.
Werner Lemberg 65f85237 2023-01-17T09:18:25 Update all copyright notices.
Werner Lemberg 6c1bd0f2 2023-01-17T09:15:36 * src/tools/no-copyright: Updated.
Ben Wagner 29f83d1d 2023-01-12T23:45:12 [base] 'close' callback may not use `stream->memory`. The documentation for `FT_StreamRec::memory` states that it 'shouldn't be touched by stream implementations'. This is true even for internal implementations of the 'close' callback, since it is not guaranteed that `memory` will even be set when the 'close' callback occurs. * src/base/ftobjs.c (new_memory_stream): stash current `memory` in `stream->descriptor`. (memory_stream_close): Use it.
Ben Wagner 0d4f887c 2023-01-12T22:43:08 [base] Always close user-provided stream. The `FT_Open_Face` documentation states > If `FT_OPEN_STREAM` is set in `args->flags`, the stream in `args->stream` > is automatically closed before this function returns any error (including > `FT_Err_Invalid_Argument`). However, if the user provides a stream in `args.stream` with `FT_OPEN_STREAM` set and a `close` function, but then for some reason passes NULL for `aface` and a non-negative `face_index`, the error `Invalid_Argument` is returned but the `close` callback will not be called on the user-provided stream. This may cause resource leaks if the caller is depending on the `close` callback to free resources. The difficulty is that a user may fill out a `FT_StreamRec` and pass its address as `args.stream`, but the stream isn't really 'live' until `FT_Stream_New` is called on it (and `memory` is set). In particular, it cannot really be cleaned up properly in `ft_open_face_internal` until the stream pointer has been copied into the `stream` local variable. * src/base/ftobj.c (ft_open_face_internal): Ensure that user-provided `args.stream.close` is called even with early errors.
Ben Wagner 13983b05 2023-01-11T14:47:26 [base] Fix leak of internal stream marked external. `open_face_from_buffer` allocates a new `FT_Stream` to pass to `ft_open_face_internal`. Because this is an `FT_OPEN_STREAM`, `ft_open_face_internal` will mark this as an 'external stream', which the caller must free. However, `open_face_from_buffer` cannot directly free it because the stream must last as long as the face. There is currently an attempt at this by clearing the 'external stream' bit after `open_face_from_buffer` returns successfully. However, this is too late as the original stream may have already been closed and the stream on the face may not be the same stream as originally passed. It is tempting to use `FT_OPEN_MEMORY` and let `ft_open_face_internal` create the stream internally. However, with this method there is no means to pass through a 'close' function to the created stream to free the underlying data, which must be owned by the stream. A possibility is to check on success if the stream of the face is the same as the original stream. If it is then unset the external flag. If not, then free the original stream. Unfortunately, while no current implementation does so, it is possible that the face still has the original stream somewhere other than as the `FT_FaceRec::stream`. The stream needs to remain available for the life of the face or until it is closed, whichever comes earlier. The approach taken here is to let the stream own itself. When the stream is closed it will free itself. * src/base/ftobjs.c (memory_stream_close): Free `stream`. (open_face_from_buffer): Simplify error handling, since `ft_open_face_internal` always closes `args.stream` on any error. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54930
Werner Lemberg 6a179ff7 2023-01-16T16:38:56 sr/*.c: Various minor fixes. * src/autofit/ft-hb.c (_hb_ft_reference_table): Call `FT_UNUSED` after variable declarations. * src/gxvalid/gxvjust.c (gxv_just_widthDeltaClusters_validate): Eliminate unused variable. * src/gzip/ftgzip.c: Don't call GCC '-Wstrict-prototypes' pragma for C++ compiler. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): Remove final semicolon to avoid compiler warning. * src/sfnt/ttsvg.c (tt_face_load_svg_doc): Fix signedness warning.
Dominik Röttsches 2692b321 2023-01-03T17:19:02 [sfnt] Remove temporary runtime flag for variable 'COLR' v1. Fixes #1187. * src/sfnt/ttcolr.c (top level, read_paint, tt_face_load_colr, tt_face_free_colr, get_deltas_for_var_index_base, tt_face_get_color_glyph_clipbox, tt_face_get_colorline_stops): Remove macro definition `VARIABLE_COLRV1_ENABLED` and its usage. * src/truetype/ttdriver.c (tt_property_set): Remove parsing of 'TEMPORARY-enable-variable-colrv1' property name. * src/truetype/ttobjs.h (TT_DriverRec): Remove `enable_variable_colrv1` flag.
Werner Lemberg b1c90733 2023-01-07T07:40:12 * src/autofit/ft-hb.c (_hb_ft_reference_table): Minor integration fixes.
Ben Wagner 3481b154 2023-01-05T21:07:26 [truetype] Reset cvt and storage in context load. Currently the cvt and storage are saved and restored in `TT_RunIns`. However, this is too granular as the cvt and storage area should be set to the original cvt and storage area only when setting up the hinting context. This allows for the cvt and storage area to be modified while parsing multiple glyphs, as is the case with composite glyphs. * src/truetype/ttinterp.h (TT_ExecContextRec): Remove `origCvt` and `origStorage`. * src/truetype/ttinterp.c (TT_RunIns): Don't save and restore the cvt and storage area. (Modify_CVT_Check, Ins_WS): Switch from "if in glyph and using original data do copy on write" to "if in glyph and not using glyph specific data do copy on write".
Matthias Clasen ebe7e912 2023-01-02T20:13:22 [autofit] Don't depend on 'hb-ft'. The circular dependency is still there, but at least we no longer depend on the HarfBuzz API that is only present if HarfBuzz has been built with FreeType support, making the bootstrapping a bit easier. * src/autofit/ft-hb.c, src/autofit/ft-hb.h: New files, providing `_hb_ft_font_create`, which is more or less a verbatim copy of the corresponding HarfBuzz code from file `hb-ft.cc`. * src/autofit/afglobal.c (af_face_globals_new): Use it. * src/autofit/afshaper.h: Don't include `hb-ft.h` but `ft-hb.h`. * src/autofit/autofit.c: Include `ft-hb.c`. * LICENSE.TXT: Updated.
Ben Wagner 262b47ac 2023-01-05T15:24:25 [truetype] Keep variation store consistent. `tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`. While it may return an error, the item store must be left in a consistent state so that any use or destruction of the item store can properly use or free the data in it. Before this change the counts from the font data were read directly into the item store before the actual allocation of the arrays to which they referred. There exist many opportunities between the time the counts are read and the arrays are allocated to return early due to invalid data. When this happened the item store claimed to have entires it actually did not, leading to crashes later when it was used. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449 * src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts into local variables and store them in the item store only after the related arrays are actually created on the item store.
Ben Wagner 15afb554 2023-01-05T12:42:55 [base] Report used stream's external status. In `open_face` the initial stream is set on the face, along with the information about if FreeType is the owner of the stream object itself. The loaders may in the course of their work replace this stream with a new stream (as is the case for 'woff' and 'woff2'), which may have a different ownership than the initial stream object (likely the original stream object is owned by the user and is external, while the new stream object is created internally to FreeType and is internal). When the stream is replaced, the face's flags are updated with the new ownership status. However, `open_face` cannot itself free this stream as its caller `ft_open_face_internal` is responsible for this. In addition, in the case of an error `open_face` cannot return an actual face with the new stream and its ownership status to the caller. As a result, it must pass this information back to the caller as a sort of "failed face" so that the caller can clean up. `open_face` was already passing back the new stream but was not passing back the stream ownership information. As a result the stream may not have been free'd when needed. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700 * src/base/ftobjs.c (open_face): Pass back the ownership information as well. (ft_open_face_internal): Updated.
Dominik Röttsches 63f37136 2023-01-04T15:52:41 [sfnt] Fix color stop bounds check calculation at table end. Fixes https://bugs.chromium.org/p/skia/issues/detail?id=14021 * src/sfnt/ttcolr.c (VAR_IDX_BASE_SIZE): New macro. (tt_face_get_colorline_stops): Fix off-by-one bounds check calculation, take `VarColorStop` into account, and hopefully make it easier to read.
Alexei Podtelezhnikov 81a456b2 2023-01-04T22:41:34 * src/base/ftobjs.c (FT_Request_Metrics): Avoid division by zero. The division-by-zero might happen in broken fonts (see #1194). Instead of returning a huge number from FT_DivFix and failing to scale later, we now bail immediately.
Alexei Podtelezhnikov 0bcb664d 2022-12-20T16:38:39 [psaux] Delay the upem validity assertion. Fixes #1194. * src/psaux/psft.c (cf2_getUnitsPerEm): Remove the upem assert. (cf2_checkTransform): Assert the upem validity after checking the scale.
David Vanderson ace97a02 2022-12-14T09:58:44 [gzip] Make static compilation not leak global symbols. * src/gzip/ftgzip.c (HAVE_HIDDEN): Do not define; it is no longer needed because everything is static. (HAVE_MEMCPY): Define. (zcalloc, zcfree): Remove no longer needed definitions (because `Z_SOLO` is active). * src/gzip/patches/freetype-zlib.diff: Regenerated. Fixes #1146. Co-authored-by: Werner Lemberg <wl@gnu.org>
Werner Lemberg bc3aa767 2022-12-14T10:27:13 * src/gzip/ftzconf.h: Updated to zlib 1.2.13. I forgot to copy that file.
Werner Lemberg 26e9028f 2022-12-13T09:53:26 [sdf, sfnt] Handle minor compiler warnings. * src/sdf/ftsdf.c (get_min_distance_conic): Initialize `nearest_point`. * src/sfnt/ttsvg.c (find_doc): Initialize `mid_doc`. Fixes #1195.
Luca Bacci aca4ec59 2022-11-22T22:34:41 * src/base/ftdbgmem.c (ft_mem_source_compare): Add FT_COMPARE_DEF. Closes !230.
Alexei Podtelezhnikov 1c44de20 2022-11-20T22:37:08 * src/autofit/afloader.c (af_loader_load_glyph): Remove `size` check. This is done by `FT_Load_Glyph`.
Alexei Podtelezhnikov 4e6906cc 2022-11-18T14:03:19 Comments added.
Johan Matsson 0f43a0e7 2022-11-16T07:50:52 * src/autofit/afloader.c (af_loader_load_glyph): Fix dereference. This must happen after the NULL check. Taken from https://github.com/freetype/freetype/pull/2
Alexei Podtelezhnikov 47e61d02 2022-11-14T22:53:14 * src/pcf/pcfutil.c ({Two,Four}ByteSwap): Use builtins or shifts. We trust glibc which uses shifts or builtins to swap bytes. This must be more efficient.
Werner Lemberg e6fda039 2022-11-14T19:18:19 * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
Dominik Röttsches ba4bd5b9 2022-11-07T10:52:33 Add `TT_CONFIG_OPTION_NO_BORING_EXPANSION` configuration macro. This gives users a possibility to deactivate new features not (yet) in the OpenType standard. * include/freetype/config/ftoption.h, devel/ftoption.h (TT_CONFIG_OPTION_NO_BORING_EXPANSION): New macro. * src/truetype/ttgxvar.c (ft_var_load_avar): Use it to disable 'avar' version 2.0 support.
Behdad Esfahbod e97cb9e8 2022-11-09T15:42:25 [truetype] Improve bounds checks for `ItemVariationStore`. * src/truetype/ttgxvar.c (tt_hvadvance_adjust): Move bounds check ... (tt_var_get_item_delta): ... to this function, because it is safer. For example, the 'avar' table 2.0 codepath was not performing a bounds check at all.
Behdad Esfahbod 9be958ca 2022-11-09T15:41:34 [truetype] In `ItemVariationStore`, value 0xFFFF for `dataCount` is valid. It corresponds to outer indices of 0 to 0xFFFE. * src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Remove invalid code.
Alexei Podtelezhnikov 109179c7 2022-11-10T23:25:48 [pcf] Improve CMap efficiency and readability. * src/pcf/pcfdrivr.c (pcf_cmap_char_{index,next}): Check and walk the encoding array indexes.
Ben Wagner 9154707f 2022-11-07T16:58:56 [truetype] Check avar_segment before access * src/truetype/ttgxvar.c (tt_done_blend): check `avar_segment` before accessing to free its `correspondence`. Reported as: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53062
Ben Wagner d38407f7 2022-11-07T15:11:37 [truetype] Restore behavior of ft_var_load_hvvar * src/truetype/ttgcvar.c (ft_var_load_hvvar): restore previous behavior In a previous change [0] the behavior of `ft_var_load_hvvar` was changed to not load the item variation store if it was at offset 0, but not return an error when this happened. This broke any users, like `tt_hvadvance_adjust`, that rely on successful completion of `ft_var_load_hvvar` to imply that returned table's `itemStore` had been initialized. This lead such users to dereference NULL. This change appears to have been unintentional and unrelated to the actual avar2 changes. As a result, fix these NULL dereferences by restoring the code to always attempt to initialize the `itemStore`. [0] ae4eb996 "[truetype] Add support for `avar` table 2.0 format." Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53061
suzuki toshiya 32cfab4b 2022-10-10T14:22:12 [build] fix for make multi Fix "make multi" by MR !223 * include/freetype/internal/services/svmm.h: include ftmm.h to define FT_Get_MM_Func. * src/truetype/ttgxvar.h: include ftmmtypes.h to use GX_AVarTable properly. * src/base/ftmac.c: include ftdebug.h to use FT_THROW() properly.
Alexei Podtelezhnikov e00afdb3 2022-11-07T21:36:32 * src/pfr/pfrsbit.c (pfr_lookup_bitmap_data): Accelerate the search. This is mostly for consistency because PFR fonts with bitmap strikes do not seem to exist.
Alexei Podtelezhnikov 6139f2b6 2022-11-06T13:12:47 [bdf, pfr, psnames] Accelarate charmap searches. The binary searches within charmaps can be accelerated because they often contain dense continuous blocks of character codes. Within such blocks, you can predict matches based on misses. This method has been deployed in `bdf` since 0f122fef34; we only refactor it there. We now use it in `pfr` and `psnames`, which speeds up the unicode charmap access by about 50% in PFR and Type 1 fonts. * src/bdf/bdfdrivr.c (bdf_cmap_char_{index,next}): Refactor. * src/pfr/pfrcmap.c (pfr_cmap_char_{index,next}): Predict `mid` based on the mismatch distance. * src/psnames/psmodule.c (ps_unicodes_char_{index,next}): Ditto.
Behdad Esfahbod ae4eb996 2022-07-23T13:49:27 [truetype] Add support for `avar` table 2.0 format. See https://github.com/harfbuzz/boring-expansion-spec/blob/main/avar2.md for the specification. Currently, this is implemented only in most recent OS versions on Apple platforms and in the HarfBuzz library, but it is expected to be added to the OpenType standard soon. * src/truetype/ttgxvar.h (GX_AVarTableRec): New structure. (GX_BlendRec): Use it to replace `avar_segment` with `avar_table`. * src/truetype/ttgxvar.c (ft_var_load_avar): Load new table version. (ft_var_to_normalized, tt_done_blend): Extend for new format. (ft_var_load_hvvar, ft_var_to_design): Updated.
Werner Lemberg dea2e635 2022-10-24T06:59:45 Replace '1/64th' (and similar entries) with '1/64' in docs and comments.
Alexei Podtelezhnikov ffbbf3df 2022-10-21T15:55:30 * src/truetype/ttgload.c: Cosmetic changes.
Alexei Podtelezhnikov 1bfaca06 2022-10-21T07:18:06 [cff, truetype] Simplify SVG metrics scaling. Use pre-calculated scaling factors. Also, the advance widths used to be rounded, which was incorrect. * src/cff/cffgload.c (cff_slot_load): Use `x_scale` and `y_scale`. * src/truetype/ttgload.c (TT_Load_Glyph): Ditto.
Dominik Röttsches 0b62c1e4 2022-10-18T14:45:43 [sfnt] Additional bounds checks for `COLR` v1 table handling. * src/sfnt/ttcolr.c (read_paint): Add `colr` argument, necessary for... ... another use of `ENSURE_READ_BYTES`. Update callers. (tt_face_get_paint_layers): Ensure that the 4-byte paint table offset can be read. This is a follow-up to !124 and issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
Werner Lemberg af46fcc1 2022-10-18T19:40:03 [gzip] Update sources to zlib 1.2.13.
Alexei Podtelezhnikov b8882a3e 2022-10-18T15:58:02 * src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Simplify calculations.
Werner Lemberg c943d408 2022-10-18T11:41:00 Minor formatting.
Dominik Röttsches 04272824 2022-10-17T18:18:49 [sfnt] Guard individual `COLR` v1 paint field reads. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): New macro. (read_paint): Use it – after the start pointer `p` has been checked for whether it allows reading the format byte, each successive paint table field read need to be bounds-checked before reading further values. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
Liu Kunpeng(柳鲲鹏) bb59c3c9 2022-10-16T22:10:19 * src/base/ftsynth.c (FT_GlyphSlot_Slant): New API with custom slant. * include/freetype/ftsynth.h (FT_GlyphSlot_Slant): Declare it.
Werner Lemberg 5182264a 2022-10-10T12:31:53 [cff] Remove `FT_CONFIG_OPTION_NO_GLYPH_NAMES`. This ancient option stayed completely undocumented. Given that the 'cff' driver requires the 'psnames' module, it makes no sense today to have this macro. * src/cff/cffdrivr.c (cff_services), src/cff/cffobjs.c (cff_face_init): Remove corresponding conditional code.
Werner Lemberg 141d979a 2022-10-10T12:25:51 Minor comment changes.
Alexei Podtelezhnikov 0417527d 2022-10-03T19:23:26 [autofit] Reset the face charmap directly. There is no need to validate the original charmap in `FT_Set_Charmap`. It can be reset directly. * src/autofit/afglobal.c (af_face_globals_compute_style_coverage): Use direct assignment. * src/autofit/af{latin,cjk,indic}.c (af_latin_metrics_init): Ditto.
Alexei Podtelezhnikov 1b6dce84 2022-10-03T19:18:48 * src/type1/t1afm.c (T1_Read_PFM): Set charmaps directly. As with the previous commit, we can avoid the validation checks of `FT_Set_Charmap` and set it directly when choosing from the available list.
Alexei Podtelezhnikov 8faf57dd 2022-10-03T17:13:30 * src/cache/ftccmap.c (FTC_CMapCache_Lookup): Avoid `FT_Set_Charmap`. Set charmap aggressively without all validations of `FT_Set_Charmap` because we take it from the available array and only temporarily. Even CMap Format 14 will gracefully return 0.
Alexei Podtelezhnikov b93f20ab 2022-10-03T15:10:12 * src/cache/ftcbasic.c (ftc_basic_family_get_count): Remove redundancy.
Werner Lemberg de8f14a8 2022-09-30T23:25:02 * src/psaux/pshints.c (cf2_hintmap_insertHint): Fix midpoint computation. Replace '(start + end) / 2' with 'start + (end - start) / 2' to avoid overflow. Fixes #1180.
Werner Lemberg 2adb810c 2022-09-30T17:00:10 * src/psaux/pshints.c (cf2_hintmap_build): Improve debugging output.
mlugg 90527092 2022-09-29T18:38:06 [truetype] Fix undefined pointer arithmetic. * src/truetype/ttgxvar.c (tt_var_get_item_delta, ft_var_load_mvar): Use `FT_OFFSET`.
Alexei Podtelezhnikov ff66e912 2022-09-29T17:46:23 * src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Use lighter FT_DivFix.
Ali Chraghi 5faa1df8 2022-09-29T18:25:41 [base] FT_Attach_Stream: Make `parameters` argument constant.