src


Log

Author Commit Date CI Message
Werner Lemberg 93771d61 2021-07-16T07:40:56 Formatting and ChangeLog additions for previous commits.
Ben Wagner c37c0873 2021-07-15T11:33:16 Guard inclusion of emmintrin.h Guard inclusion of emmintrin.h with "#ifdef __SSE2__". The gcc version of this header, xmmintrin.h, and mmintrin.h check that the appropriate defines are set before defining anything (are internally guarded). However the clang versions of these includes are not internally guarded. As a result of this, externally guard the inclusion of these headers.
David Turner 56cc2ad4 2021-06-19T10:26:53 [smooth] Implement Bezier quadratic arc flattenning with DDA Benchmarking shows that this provides a very slighty performance boost when rendering fonts with lots of quadratic bezier arcs, compared to the recursive arc splitting, but only when SSE2 is available, or on 64-bit CPUs. On a 2017 Core i5-7300U CPU on Linux/x86_64: ./ftbench -p -s10 -t5 -cb .../DroidSansFallbackFull.ttf Before: 4.033 us/op (best of 5 runs for all numbers) After: 3.876 us/op ./ftbench -p -s60 -t5 -cb .../DroidSansFallbackFull.ttf Before: 13.467 us/op After: 13.385 us/op
David Turner 86b9c934 2021-06-19T11:18:40 [smooth] Minor speedup to smooth rasterizer This speeds up the smooth rasterizer by avoiding a conditional branches in the hot path. Namely: - Define a fixed "null cell" which will be pointed to whenever the current cell is outside of the current target region. This avoids a "ras.cell != NULL" check in the FT_INTEGRATE() macro. - Also use the null cell as a sentinel at the end of all ycells[] linked-lists, by setting its x coordinate to INT_MAX. This avoids a 'if (!cell)' check in gray_set_cell() as well. - Slightly change the worker struct fields to perform a little less operations during rendering. Example results (on a 2013 Corei5-3337U CPU) out/ftbench -p -s10 -t5 -bc /usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf Before: 5.472 us/op After: 5.275 us/op out/ftbench -p -s60 -t5 -bc /usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf Before: 17.988 us/op After: 17.389 us/op
Oleg Oshmyan 5d27b10f 2021-07-13T10:59:32 [base] Fix `FT_Open_Face`'s handling of user-supplied streams. This was already true (though undocumented) most of the time, but not if `FT_NEW` inside `FT_Stream_New` failed or if the `FT_OPEN_XXX` flags were bad. Normally, `FT_Open_Face` calls `FT_Stream_New`, which returns the user-supplied stream unchanged, and in case of any subsequent error in `FT_Open_Face`, the stream is closed via `FT_Stream_Free`. Up to now, however, `FT_Stream_New` allocates a new stream even if it is already given one by the user. If this allocation fails, the user-supplied stream is not returned to `FT_Open_Face` and never closed. Moreover, the user cannot detect this situation: all they see is that `FT_Open_Face` returns `FT_Err_Out_Of_Memory`, but that can also happen after a different allocation fails within the main body of `FT_Open_Face`, when the user's stream has already been closed by `FT_Open_Face`. It is plausible that the user stream's `close` method frees memory allocated for the stream object itself, so the user cannot defensively free it upon `FT_Open_Face` failure lest it ends up doubly freed. All in all, this ends up leaking the memory/resources used by user's stream. Furthermore, `FT_Stream_New` simply returns an error if the `FT_OPEN_XXX` flags are unsupported, which can mean either an invalid combination of flags or a perfectly innocent `FT_OPEN_STREAM` on a FreeType build that lacks stream support. With this patch, the user-supplied stream is closed even in these cases, so the user can be sure that if `FT_Open_Face` failed, the stream is definitely closed. * src/base/ftobjs.c (FT_Stream_New): Don't allocate a buffer unnecessarily. Move error-handling code to make the control flow more obvious. Close user-supplied stream if the flags are unsupported. `FT_Stream_Open` always sets `pathname.pointer`, so remove the redundant (re)assignment. None of the `FT_Stream_Open...` functions uses `stream->memory`, so keep just one assignment at the end, shared among all possible control flow paths. ('Unsupported flags' that may need a stream closure can be either an invalid combination of multiple `FT_OPEN_XXX` mode flags or a clean `FT_OPEN_STREAM` flag on a FreeType build that lacks stream support.)
Oleg Oshmyan a4c8f21a 2021-07-13T10:44:38 [base] Reject combinations of incompatible `FT_OPEN_XXX` flags. The three modes are mutually exclusive, and the documentation of the `FT_OPEN_XXX` constants notes this. However, there was no check to validate this in the code, and the documentation on `FT_Open_Args` claimed that the corresponding bits were checked in a well-defined order, implying it was valid (if useless) to specify more than one. Ironically, this documented order did not agree with the actual code, so it could not be relied upon; hopefully, nobody did this and nobody will be hurt by the new validation. Even if multiple mode bits were allowed, they could cause memory leaks: if both `FT_OPEN_STREAM` and `stream` are set along with either `FT_OPEN_MEMORY` or `FT_OPEN_PATHNAME`, then `FT_Stream_New` allocated a new stream but `FT_Open_Face` marked it as an 'external' stream, so the stream object was never released. * src/base/ftobjs.c (FT_Stream_New): Reject incompatible `FT_OPEN_XXX` flags.
Anuj Verma e592982a 2021-07-13T10:00:22 [sdf] Improve documentation.
Werner Lemberg 825b7ea2 2021-07-12T22:11:24 [autofit] More clean-ups. * src/autofit/afhints.h (AF_GlyphHintsRec): Remove the no longer needed fields `xmin_delta` and `xmax_delta`. * src/autofit/afhints.c (af_glyph_hints_reload), src/autofit/afloader.c (af_loader_load_glyph): Updated.
David Turner a212668c 2021-06-02T19:07:56 Remove obsolete AF_Angle type and related sources. Move the af_sort_xxx() functions from afangles.c to afhints.c in order to get rid of the obsolete angle-related types, macros and function definitions.
David Turner 2f11522a 2021-06-02T19:05:09 Remove experimental auto-hinting 'warp' mode. This feature was always experimental, and probably nevery worked properly. This patch completely removes it from the source code, except for a documentation block describing it for historical purpose.
David Turner 15e88980 2021-06-02T18:54:41 Remove experimental "Latin2" writing system (FT_OPTION_AUTOFIT2) This code has always been experimental and was never compiled anyway (FT_OPTION_AUTOFIT2 does not appear in ftoption.h or even any of our build files).
Werner Lemberg 89c60eca 2021-07-05T05:39:59 * src/base/ftlcdfil.c (FT_Library_SetLcdGeometry): Fix argument. Reported by Hin-Tak.
Ben Wagner d3dc2da9 2021-06-30T18:22:29 * src/truetype/ttgxvar.c (tt_set_mm_blend): Test `coords`. It is undefined behavior to pass `NULL` to `memcpy`. `coords' is passed to `memcpy` but `TT_Get_MM_Blend` and `TT_Get_Var_Design` explictly call `tt_set_mm_blend` with `coords` as `NULL`. In addition, `TT_Set_MM_Blend` has a similar possible issue.
Dominik Röttsches 286da6c5 2021-06-22T15:01:19 [sfnt] Support PaintScale in 'COLR' v1 parsing. * include/freetype/ftcolor.h (FT_PaintFormat): Renumber values, add `FT_COLR_PAINTFORMAT_SCALE`. (FT_PaintScale): New structure to represent 'PaintScale*' tables. (FT_COLR_Paint): Updated. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration. (read_paint): Parse 'PaintScale' and friends.
Dominik Röttsches 0348c627 2021-06-29T20:51:32 [sfnt] Handle fonts without layer list in 'COLR' v1. 'COLR' v1 fonts do not necessarily need to have a layer list; for this reason, 'fontTools' recently started generating fonts in a way that drops the layer list if there are no layers in it. This results in the layer list offset becoming zero, which FreeType treated as an invalid table. Fix that and handle the case for layer list offset being 0. This slightly changes how we need to calculate the starting offset for paints. * src/sfnt/ttcolr.c (tt_face_load_colr): Handle case of layer list offset being zero without outright rejecting table.
Alexei Podtelezhnikov f27b4834 2021-06-30T10:54:59 * src/raster/ftraster.c (Render_Single_Pass): Simplify `band_stack'.
Werner Lemberg 90ecac41 2021-06-30T10:23:42 Update `CHANGES` file; other minor doc fixes.
Alexei Podtelezhnikov 69c3516c 2021-06-29T23:51:23 [raster] Do not skip the second pass without dropout control. The second pass also fixes horizontal lines through the pixel centers. * src/raster/ftraster.c (black_TWorker): Do not use `second_pass'. (Render_Glyph): Skip the second pass only with the appropriate flag.
Alexei Podtelezhnikov 3696ac5a 2021-06-29T23:27:10 [raster] Handle sub-band stack locally. * src/raster/ftraster.c (black_TWorker): Move `band_stack' from here.. (Render_Single_Pass): ... to here and accept limit arguments. (Render_Glyph): Updated.
Alexei Podtelezhnikov c852388d 2021-06-28T23:26:10 [raster] Handle Bézier stack locally. * src/raster/ftraster.c (black_TWorker): Move `arcs' from here... (Conic_To, Cubic_To): ... to here to tighten their scope. (Bezier_Up, Bezier_Down): ... Take the current `arc' argument.
Dominik Röttsches 7d4e55c3 2021-06-28T16:29:49 [sfnt] Improve paint limit checks Paint tables can appear before the `base_glyphs_v1` offset if the font is produced with the layer list before the base glyph list. In this case paint tables can occur after the layer list but before the base glyph list. Checks in the 'COLR' v1 code were rejecting fonts with this layout. Improve these checks by calculating a minimum offset after which paint tables can occur and use that in safety checks. * src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare `paint_start_v1` and calculate that as the minimum of the end of layer list and base glyph list. (get_child_table_pointer, read_paint, tt_face_get_paint_layers): Use that in safety checks.
Alexei Podtelezhnikov 3a278381 2021-06-28T10:22:03 [raster] Clean up vertical sweep. * src/raster/ftraster.c (black_TWorker): Replace the current line offset with the pointer and drop the increment. (Function_Sweep_Init): Take values as arguments instead of pointers. (Vertical_Sweep_*, Horizontal_Sweep_Init, Draw_Sweep): Updated.
Alexei Podtelezhnikov fb4511eb 2021-06-26T08:49:20 [raster] Make `band_top' local variable. * src/raster/ftraster.c (black_TWorker): Move `band_top' from here... (Render_Single_Pass): ... to here, and refactor. (Render_Glyph): Updated.
Alexei Podtelezhnikov f6370e2f 2021-06-25T22:59:39 [raster] Adjust sub-band bisecting limits. We can bisect a band until it is just a single scan line. This might be slow and cause time-outs but if we need to impose limits it should be elsewhere. * src/raster/ftraster.c (Render_Single_Pass): Tweak sub-banding.
Alexei Podtelezhnikov bc1029b9 2021-06-25T18:20:57 * src/raster/ftraster.c (Render_Single_Pass): Remove dead code.
Alexei Podtelezhnikov 1e0cef9e 2021-06-24T00:19:50 [smooth, raster] Fix up and align error codes. FT_Render_Glyph picked up FAILURE or 1 returned from the raster function, which became a confusing error code. Instead, return Raster_Overflow in the unlikely event that banding does not help or another meaningful error. * src/smooth/ftgrays.c (gray_convert_glyph_inner, gray_convert_glyph): Use Raster_Overflow when the rendering pool is exhausted and return it if banding does not help. (gray_raster_render): Use Smooth_Err_Ok. * src/raster/ftraster.c (Render_Single_Pass): Return Raster_Overflow if banding does not help or another error code.
Alexei Podtelezhnikov d8ac180c 2021-06-23T23:32:02 [smooth, raster] Remove synonymous error macros. * src/smooth/ftgays.c [STANDALONE_]: s/ErrRaster_/Smooth_Err_/. (gray_convert_glyph_inner): Updated accordingly. * src/raster/ftraster.c [STANDALONE_]: Do not abbreviate error macros. (New_Profile, End_Profile, Insert_Y_Turn, Line_Up, Bezier_Up, Decompose_Curve, Draw_Sweep, Render_Single_Pass, ft_black_render): Updated accordingly.
Dominik Röttsches 4cb21b9a 2021-06-22T20:50:48 [sfnt] s/PaintTransformed/PaintTransform/, s/transformed/transform/. * include/freetype/ftcolor.h (FT_PaintTransformed, FT_PaintFormat, FT_COLR_Paint): Do it to make it harmonize with other names such as 'PaintTranslate'. * src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Ditto.
Werner Lemberg 008e42a1 2021-06-19T15:45:46 ftver.rc: Update copyright year.
Werner Lemberg b460a506 2021-06-19T07:03:40 [truetype] Fix integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312 * src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.
Werner Lemberg 232243e7 2021-06-19T06:32:29 Prevent hinting if there are too many segments. This speeds up handling of broken glyphs. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35309 * src/autofit/aflatin.c (af_latin_hints_compute_segments): Implement it.
Alexei Podtelezhnikov 61bac759 2021-06-18T17:38:00 * src/sdf/ftsdfrend.c (ft_(b)sdf_render): Do not FT_ERROR routinely.
David Turner f8c5c546 2021-06-16T09:54:49 Fix for issue 1063 See https://gitlab.freedesktop.org/freetype/freetype/-/issues/1063 for more details on the bug.
Alexei Podtelezhnikov c6fcd612 2021-06-15T22:49:21 Add a comment.
Alexei Podtelezhnikov 8336d53c 2021-06-12T22:33:08 [type42] Fix new memory leak. We need to inverse inheritance of FT_GlyphSlot_Internal so that we have a chance to free the rendered bitmap from the parent slot. * src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts of the child `ttslot' and replace it with the parent structure. (T42_GlyphSlot_Done): Updated accordingly.
Werner Lemberg db0f2c44 2021-06-12T10:05:07 [psaux] Fix another assertion. * src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the problem can happen with invalid user input. Test case is file fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read in the `freetype2-testing` repository.
Werner Lemberg a34afe67 2021-06-12T08:40:16 [psaux] Fix assertions. * src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow before emitting an assertion error.
Alexei Podtelezhnikov 9bfecfd2 2021-06-09T23:34:04 * src/truetype/ttinterp.c (TT_RunIns): Optimize tracing.
Alexei Podtelezhnikov 7833e308 2021-06-09T10:40:30 [sdf] Fix SDF positioning. * src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Add padding to `bitmap_top' and `bitmap_left'. * sdf/sdf/ftsdf.c (sdf_generate_with_overlaps): Fix VC++ warning.
Werner Lemberg 08f66322 2021-06-08T18:23:16 More various documentation improvements and fixes.
Werner Lemberg b24cfc8d 2021-06-08T15:26:41 [sfnt] Sanitize cmap4 table better. Fixes #1062. * src/sfnt/ttcmap.c (tt_cmap4_validate): Handle a too-small value of `length` gracefully.
Dominik Röttsches ee6d03d3 2021-06-08T14:29:11 [sfnt] Pointer validity check when reading COLR 'v1' layers * src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the existing sanity checks, ensure that the pointer to the layer to be read is within the 'COLR' v1 table.
Werner Lemberg 41fa19fc 2021-06-08T10:32:20 * src/sdf/ftsdfcommon.c: Fix inclusion of header files.
Werner Lemberg 35b21c71 2021-06-08T09:06:39 [sdf] Make `make multi` work. * src/sdf/ftsdf.c: Include `ftbitmap.h`. * src/sdf/ftsdfcommon.h: Move function bodies to `ftsdfcommon.c`. Include `ftobjs.h` to get definitions of `FT_LOCAL` and friends. * src/sdf/ftsdfcommon.c: New file. * src/sdf/rules.mk, src/sdf/sdf.c: Updated.
Werner Lemberg 36ee7171 2021-06-08T09:00:39 [sdf] Formatting and improved comments.
Anuj Verma 2b1d5562 2021-06-08T08:29:34 [sdf] Use 8 bits for final SDF output instead of 16bits. Since 8-bits is enough to represent SDF data we no longer require 16-bits for this purpose. Also, we now normalize the output data to use the entire 8-bit range efficiently. For example: if we use 3.5 format with a spread of 1 we basically only use the starting 5-bits. By normalizing we can use the entire 8-bit range. * include/freetype/freetype.h (FT_Render_Mode): Updated description for `FT_RENDER_MODE_SDF` regarding this change. * include/freetype/ftimage.h (FT_Pixel_Mode): Removed `FT_PIXEL_MODE_GRAY16` since no longer required. * include/freetype/fttypes.h (FT_F6Dot10): Removed since no longer required. * src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Allocate 8-bit bitmap instead of 16-bit buffer. * src/sdf/ftsdfcommon.h (map_fixed_to_sdf): Added function to convert 16.16 distance value to our desired format. * src/sdf/ftsdf.c (sdf_generate_with_overlaps, sdf_generate_bounding_box): Use the new `map_fixed_to_sdf` function and also use 8-bit output buffer. * src/sdf/ftbsdf.c (finalize_sdf): Output to a 8-bit buffer instead of 16-bit buffer.
Ben Wagner 2a6665a4 2021-06-01T15:25:31 [sfnt] Fix fallout from 2021-05-29 change. * src/sfnt/ttcolr.c (find_base_glyph_record, find_base_glyph_v1_record): Adjust binary search. Needs to be updated with change to unsigned.
Werner Lemberg 7ca7da9d 2021-06-02T06:59:01 * src/autofit/aflatin.c (af_latin_metrics_scale_dim): Fix tracing. Problem reported by Alexei.
Werner Lemberg 0abbc9f5 2021-06-02T06:36:11 [psaux] Fix MSVC compiler warnings. * src/psaux/afmparse.c (afm_parse_track_kern, afm_parse_kern_pairs): Add cast.
Werner Lemberg 6e253b26 2021-05-29T11:05:41 Typos in previous commit.
Werner Lemberg a50c39aa 2021-05-29T09:50:29 Fix compilation errors and (some) warnings for clang++. * src/autofit/afmodule.c (AF_GlyphHintsRec): Make it static. * src/cache/ftcache.c (FTC_Cache_NewNode), src/cache/ftcsbits.c (ftc_snode_compare): Remove semicolon. * src/cff/cffparse.c (cff_parser_run): Add `break` statement. * src/cid/cidload.c (cid_hex_to_binary): Add cast. * src/sdf/ftbsdf.c (CHECK_NEIGHBOR): Use `do {} while(0)` loop. (bsdf_init_distance_map, finalize_sdf, bsdf_raster_render): Add casts. * src/sdf/ftsdf.c (sdf_generate_bounding_box, sdf_generate_with_overlaps): Ditto. * src/sdf/ftsdfcommon.h (square_root): Ditto. * src/sdf/ftsdfrend.c (sdf_property_get, ft_sdf_render, ft_bsdf_render): Ditto. * src/sfnt/ttcolr.c (find_base_glyph_record, find_base_glyph_v1_record): Fix variable signedness. (read_color_line): Add cast. (read_paint): Add casts. Fix signedness issue. (tt_face_get_colorline_stops) Fix signedness issues. * src/sfnt/ttpost.c (load_format_20): Add casts. * src/truetype/ttsubpix.c (TWEAK_RULES, TWEAK_RULES_EXCEPTIONS): Remove final semicolons.
Alexei Podtelezhnikov 28eee363 2021-05-27T11:38:56 [type42] Fix auto-hinting. The autohinter could not access the base (unscaled) outline in the child TrueType glyph slot. We now share the internal parts between the parent and child glyph slots. Fixes #1057. * src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts of `T42_GlyphSlot' and replace it with the child TrueType structure. (T42_GlyphSlot_Done): Updated accordingly.
Werner Lemberg 0d1c306e 2021-05-25T11:27:56 [psaux] Guard and trace AFM kern data allocation. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31543 * include/freetype/internal/fttrace.h: Add 'afmparse' trace component. * src/psaux/afmparse.c (FT_COMPONENT): Define. (afm_parse_track_kern, afm_parse_kern_pairs): Protect against allocations bombs. Add tracing. (afm_parse_kern_data): Don't allow multiple kern data sections.
Alexei Podtelezhnikov 2468e59a 2021-05-20T22:20:36 [type42] Avoid some memory zeroing. * src/type42/t42objs.c (T42_Open_Face): Tweak allocation macro. * src/type42/t42parse.c (t42_parse_sfnts): Ditto.
Ben Wagner 06e21ffe 2021-05-18T14:49:50 [gzip] Use exact type for `ft_gzip_alloc` and `ft_gzip_free`. While a function pointer may be cast to another function pointer type, it is required to cast the function pointer back to the original function pointer type before calling it. If a parameter is a pointer the exact pointer type is required. Using a pointer to a different underlying type is technically undefined behavior. The wrapper functions `ft_gzip_alloc` and `ft_gzip_free` took `FT_Memory` (a `FT_MemoryRec_*`) instead of `voidpf` (`void*`), so when gzip calls these callbacks through `alloc_func` or `free_func` it invokes undefined behavior. On most platforms this works out as expected, but newer undefined behavior detectors and targets like wasm can detect this and will produce an error. * src/gzip/ftgzip.c (ft_gzip_alloc, ft_gzip_free): Update signatures to exactly match `alloc_func` and `free_func`, respectively. Internally, cast the `void*` opaque pointer to `FT_Memory`.
Alexei Podtelezhnikov 1bc801b0 2021-05-16T23:12:01 [sfnt] Additional guards on the POST table. Fixes timeout (#1055) analyzed by Ben Wagner, reported as https://crbug.com/1194092 * src/sfnt/ttload.c (tt_face_load_post): Check POST format. * src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode charmap only if the glyph names exist. * src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and ".null".
Daniel McArdle de151657 2021-05-13T23:08:31 [psaux] Use doubling allocation strategy for CF2_ArrStack. Fixes timeout reported as https://crbug.com/1206181 * src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it. * src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.
Alexei Podtelezhnikov 2d3f5dd2 2021-05-12T17:24:35 * src/smooth/ftgrays.c (FT_MAX_GRAY_SPANS): Increase from 10 to 16. Ten was barely enough for two slanted stems. Sixteen can actually fit a bit more complicated scanlines.
Alexei Podtelezhnikov c653b8d2 2021-05-12T16:17:21 * src/smooth/ftgrays.c (FT_GRAY_SET): Adjust for better code.
Alexei Podtelezhnikov 8f43d324 2021-05-12T00:04:59 [smooth] Faster bitmap sweeping. Selecting the fill rule or checking the direct mode each time we call `gray_hline' is sub-optimal. This effectively splits the direct mode into a separate code path while inlining `gray_hline' and saving 5-7% of rendering time. * src/smooth/ftgrays.c (gray_hline): Eliminated in favor of... (FT_FILL_RULE, FT_GRAY_SET): ... these new macros... (gray_sweep): ... inlined here. (gray_sweep_direct): New function that handles the direct span buffer. (gray_TWorker): Remove the span buffer. (gray_raster_render, gray_convert_glyph): Updated.
Alexei Podtelezhnikov b0702645 2021-05-10T22:06:01 * src/smooth/ftgrays.c (gray_hline): Simplify even-odd computations. It is too bad the even-odd rule is not used much.
Alexei Podtelezhnikov 967a34ee 2021-05-07T19:17:48 [type1] Avoid MM memory zeroing. * src/type1/t1load.c (t1_allocate_blend, parse_blend_design_map): Tweak allocation macros. * src/type1/t1objs.c (T1_Face_Done): Minor.
Alexei Podtelezhnikov 2f62d8e0 2021-05-07T09:33:41 * src/bdf/bdflib.c (_bdf_list_ensure): Tweak allocation macro.
Alexei Podtelezhnikov 79ed536d 2021-05-06T23:46:46 * src/psaux/psobjs.c (ps_parser_load_field): Tweak allocation macro.
Alexei Podtelezhnikov 44c59414 2021-05-06T22:54:03 * src/sfnt/sfobjs.c (sfnt_load_face): Tweak allocation macro.
Alexei Podtelezhnikov 998c7c0f 2021-05-06T22:51:37 * src/cid/cidload.c (cid_read_subrs): Tweak allocation macro.
Alexei Podtelezhnikov 2d957848 2021-05-06T22:49:13 * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Tweak allocation.
Alexei Podtelezhnikov 8150ed0d 2021-05-05T23:30:46 [cff,psaux] Avoid memory zeroing (contd.). * src/cff/cffload.c (cff_blend_doBlend, cff_blend_build_vector): Tweak allocation macros. * src/psaux/psarrst.c (cf2_arrstack_setNumElements): Ditto. * src/psaux/psstack.c (cf2_stack_init): Ditto.
Ben Wagner 82fd32d6 2021-05-03T13:49:14 * src/cid/cidload.c (cid_hex_to_binary): Improve return value. Add argument to return the actual number of bytes that were decoded. The actual number of bytes decoded can be quite variable depending on the number of ignored 'whitespace' bytes or early termination with `>`. (cid_face_open): Updated to use this calculated value. This avoids trusting `parser->binary_length` is always be correct and reading uninitialized bits if fewer are actually decoded. First reported as https://crbug.com/1203240
Alexei Podtelezhnikov 66630d88 2021-05-03T22:40:16 [sfnt] Streamline POST format 2.0 handing. To reduce memory allocations, we read an entire Pascal-string buffer and convert it to a C-string buffer. We also reject tables with Postscript glyph names exceeding 63 bytes. * src/sfnt/ttpost.c (load_format20): Implement it. (load_post_names): Check the minimal POST table size. (load_format25, tt_face_free_ps_names): Updated accordingly.
Alexei Podtelezhnikov ec95f9c9 2021-05-02T18:30:22 [bdf,pcf] Avoid memory zeroing (contd.). * src/bdf/bdflib.c (bdf_create_property, _bdf_add_comment, _bdf_add_property, bdf_load_font): Tweak allocation macros. * src/pcf/pcfread.c (pcf_get_properties, pcf_get_metrics): Ditto.
Alexei Podtelezhnikov d911cb53 2021-05-01T23:49:11 * src/cid/cidload.c (cid_read_subrs): Tweak allocaton macro.
Alexei Podtelezhnikov dc42f826 2021-05-01T12:46:44 [sfnt] Avoid some memory zeroing. * src/sfnt/sfobjs.c (sfnt_open_font, sfnt_init_face, tt_name_ascii_from_{utf16,other}): Tweak allocaton macros. * src/sfnt/ttload.c (tt_face_load_name): Ditto.
Alexei Podtelezhnikov b8968d66 2021-05-01T12:24:44 * src/sfnt/ttpost.c (load_format_{20,25}): Tweak allocaton macros.
Alexei Podtelezhnikov 2583b608 2021-05-01T09:22:26 * src/sfnt/pngshim.c (Load_SBit_Png): Tweak allocaton macro.
Alexei Podtelezhnikov 56ae9430 2021-05-01T09:14:04 [truetype] Avoid some memory zeroing. * src/truetype/ttinterp.c (Init_Context): Tweak allocation macro. * src/truetype/ttpload.c (tt_face_load_cvt): Ditto.
Alexei Podtelezhnikov c177cc35 2021-05-01T09:09:52 [woff2] Avoid some memory zeroing. * src/sfnt/sfwoff2.c (store_loca, woff2_open_font): Tweak macros.
Alexei Podtelezhnikov 4e1c6a12 2021-04-30T09:35:21 * src/gzip/ftgzip.c (ft_gzip_alloc): Zero out memory again.
Alexei Podtelezhnikov f631542d 2021-04-27T11:39:58 [lzw] Preserve decompression stack when relocating to heap. * src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Copy stack when relocating to heap.
Alexei Podtelezhnikov c213c8a9 2021-04-27T08:54:19 * src/cid/cidgload.c (cid_load_glyph): Restore the glyph_length check.
Werner Lemberg 2ec6feaf 2021-04-27T13:28:35 * src/psmodule.c (ps_unicodes_init): Ignore empty glyph names. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33637
Alexei Podtelezhnikov caff87b1 2021-04-26T22:45:40 * src/sfnt/sfobjs.c (sfnt_init_face): Revert macro change.
Alexei Podtelezhnikov 8750e843 2021-04-26T17:21:51 [cff] Avoid some memory zeroing. * src/cff/cffparse.c (cff_parser_init): Tweak memory macro. * src/cff/cffload.c (cff_index_load_offsets, cff_index_get_pointers, cff_charset_load, cff_vstore_load): Ditto.
Alexei Podtelezhnikov 618d0834 2021-04-26T17:14:28 [pfr] Avoid some memory zeroing. * src/pfr/pfrobjs.c (pfr_face_init) : Tweak memory macro. * src/pfr/pfrload.c (pfr_extra_item_load_stem_snaps, pfr_phy_font_load): Ditto.
Alexei Podtelezhnikov b0a28197 2021-04-26T17:10:28 * src/winfonts/winfnt.c (FNT_Face_Init): Tweak memory macro.
Alexei Podtelezhnikov deee5b70 2021-04-26T17:07:44 [psaux,psnames] Avoid some memory zeroing. * src/psaux/psstack.c (cf2_stack_init): Tweak memory macro. * src/psnames/psmodule.c (ps_unicodes_init): Ditto.
Alexei Podtelezhnikov 270ff52f 2021-04-25T23:40:59 [base] Avoid some memory zeroing. * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Use FT_QNEW_ARRAY. * src/base/ftsnames.c (FT_Get_Sfnt_{Name,LangTag}): Ditto.
Alexei Podtelezhnikov c2d28314 2021-04-25T23:33:15 [bdf,pcf] Avoid some memory zeroing. * src/pcf/pcfread.c (pcf_read_TOC, pcf_get_properties, pcf_load_font): Tweak memory macros. * src/bdf/bdfdrivr.c (BDF_Face_Init): Ditto. * src/bdf/bdflib.c (_bdf_readstreami, bdf_create_property, _bdf_parse_glyphs, _bdf_parse_start): Ditto. (_bdf_add_property): Do not handle zero size.
Alexei Podtelezhnikov c78f78fa 2021-04-24T22:38:48 * src/cff/cffload.c (cff_index_get_pointers): s/FT_QALLOC/FT_ALLOC/.
Alexei Podtelezhnikov 0bd5d95d 2021-04-23T22:04:05 * src/base/ftobjs.c (Mac_Read_POST_Resource): s/FT_ALLOC/FT_QALLOC/. * builds/mac/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.
Alexei Podtelezhnikov e6e5b67d 2021-04-23T21:33:03 * src/sdf/ftsdf.c (sdf_{edge,contour,shape}_new): Use FT_QALLOC.
Alexei Podtelezhnikov 6ada59ab 2021-04-23T19:22:51 [sfnt] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/sfnt/sfdriver.c (get_win_string, get_apple_string, sfnt_get_var_ps_name): Do not zero out the buffer. * src/sfnt/sfobjs.c (sfnt_init_face): Ditto. * src/sfnt/sfwoff.c (woff_open_font): Ditto. * src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
Alexei Podtelezhnikov ec9e5114 2021-04-23T14:03:03 [cff,type1,type42] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/cff/cffload.c (cff_index_get_pointers, cff_index_get_name): Do not zero out the buffer. * src/cff/cffdrivr.c (cff_ps_get_font_info): Ditto. * src/type1/t1load.c (parse_subrs, parse_charstrings, parse_blend_axis_types): Ditto. * src/type1/t1parse.c (T1_New_Parser, T1_Get_Private_Dict): Ditto. * src/type42/t42parse.c (t42_parser_init): Ditto.
Alexei Podtelezhnikov baa0f71d 2021-04-23T13:48:34 [cid] s/FT_ALLOC/FT_QALLOC/ and clean up. * src/cid/cidgload.c (cid_load_glyph): Do not zero out the buffer. * src/cid/cidload.c (cid_face_open, cid_read_subrs): Ditto.
Alexei Podtelezhnikov b3438ccb 2021-04-23T08:35:02 [pfr] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/pfr/pfrload.c (pfr_extra_item_load_font_id, pfr_aux_name_load): Do not zero out the buffer.
Alexei Podtelezhnikov 1e525c62 2021-04-23T08:24:22 [bzip2,gzip] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/bzip2/ftbzip2.c (ft_bzip2_alloc): Do not zero out the buffer. * src/gzip/ftgzip.c (ft_gzip_alloc, FT_Stream_OpenGzip): Ditto.
Alexei Podtelezhnikov a0fb6dbc 2021-04-23T00:05:18 [pcf,bdf,winfonts] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/pcf/pcfread.c (pcf_interpret_style): Do not zero out the buffer. * src/bdf/bdfdrivr.c (bdf_interpret_style): Ditto. * src/winfonts/winfnt.c (FNT_Face_Init, FNT_Load_Glyph): Ditto.
Alexei Podtelezhnikov 23f85c8a 2021-04-22T23:34:08 [cache] Optimize SBit copying. * src/cache/ftcsbits.c (ftc_snode_load): Do not initialize the buffer. (ftc_sbit_copy_bitmap): Accept zero size, s/FT_ALLOC/FT_QALLOC/.
Alexei Podtelezhnikov 93715ab2 2021-04-22T23:07:01 [gxvalid,otvalid] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/gxvalid/gxvmod.c (gxv_load_table): Do not zero out the buffer. * src/otvalid/otvmod.c (otv_load_table): Ditto.
Alexei Podtelezhnikov 90b97a83 2021-04-22T23:00:40 [psaux] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/psaux/psobjs.c (ps_table_done, ps_parser_load_field): Do not zero out the buffer.