kmx git

Commit	Date	Message
b460a506	2021-06-19T07:03:40	[truetype] Fix integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312 * src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.
232243e7	2021-06-19T06:32:29	Prevent hinting if there are too many segments. This speeds up handling of broken glyphs. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35309 * src/autofit/aflatin.c (af_latin_hints_compute_segments): Implement it.
61bac759	2021-06-18T17:38:00	* src/sdf/ftsdfrend.c (ft_(b)sdf_render): Do not FT_ERROR routinely.
f8c5c546	2021-06-16T09:54:49	Fix for issue 1063 See https://gitlab.freedesktop.org/freetype/freetype/-/issues/1063 for more details on the bug.
c6fcd612	2021-06-15T22:49:21	Add a comment.
8336d53c	2021-06-12T22:33:08	[type42] Fix new memory leak. We need to inverse inheritance of FT_GlyphSlot_Internal so that we have a chance to free the rendered bitmap from the parent slot. * src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts of the child `ttslot' and replace it with the parent structure. (T42_GlyphSlot_Done): Updated accordingly.
db0f2c44	2021-06-12T10:05:07	[psaux] Fix another assertion. * src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the problem can happen with invalid user input. Test case is file fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read in the `freetype2-testing` repository.
a34afe67	2021-06-12T08:40:16	[psaux] Fix assertions. * src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow before emitting an assertion error.
9bfecfd2	2021-06-09T23:34:04	* src/truetype/ttinterp.c (TT_RunIns): Optimize tracing.
7833e308	2021-06-09T10:40:30	[sdf] Fix SDF positioning. * src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Add padding to `bitmap_top' and `bitmap_left'. * sdf/sdf/ftsdf.c (sdf_generate_with_overlaps): Fix VC++ warning.
08f66322	2021-06-08T18:23:16	More various documentation improvements and fixes.
b24cfc8d	2021-06-08T15:26:41	[sfnt] Sanitize cmap4 table better. Fixes #1062. * src/sfnt/ttcmap.c (tt_cmap4_validate): Handle a too-small value of `length` gracefully.
ee6d03d3	2021-06-08T14:29:11	[sfnt] Pointer validity check when reading COLR 'v1' layers * src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the existing sanity checks, ensure that the pointer to the layer to be read is within the 'COLR' v1 table.
41fa19fc	2021-06-08T10:32:20	* src/sdf/ftsdfcommon.c: Fix inclusion of header files.
35b21c71	2021-06-08T09:06:39	[sdf] Make `make multi` work. * src/sdf/ftsdf.c: Include `ftbitmap.h`. * src/sdf/ftsdfcommon.h: Move function bodies to `ftsdfcommon.c`. Include `ftobjs.h` to get definitions of `FT_LOCAL` and friends. * src/sdf/ftsdfcommon.c: New file. * src/sdf/rules.mk, src/sdf/sdf.c: Updated.
36ee7171	2021-06-08T09:00:39	[sdf] Formatting and improved comments.
2b1d5562	2021-06-08T08:29:34	[sdf] Use 8 bits for final SDF output instead of 16bits. Since 8-bits is enough to represent SDF data we no longer require 16-bits for this purpose. Also, we now normalize the output data to use the entire 8-bit range efficiently. For example: if we use 3.5 format with a spread of 1 we basically only use the starting 5-bits. By normalizing we can use the entire 8-bit range. * include/freetype/freetype.h (FT_Render_Mode): Updated description for `FT_RENDER_MODE_SDF` regarding this change. * include/freetype/ftimage.h (FT_Pixel_Mode): Removed `FT_PIXEL_MODE_GRAY16` since no longer required. * include/freetype/fttypes.h (FT_F6Dot10): Removed since no longer required. * src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Allocate 8-bit bitmap instead of 16-bit buffer. * src/sdf/ftsdfcommon.h (map_fixed_to_sdf): Added function to convert 16.16 distance value to our desired format. * src/sdf/ftsdf.c (sdf_generate_with_overlaps, sdf_generate_bounding_box): Use the new `map_fixed_to_sdf` function and also use 8-bit output buffer. * src/sdf/ftbsdf.c (finalize_sdf): Output to a 8-bit buffer instead of 16-bit buffer.
2a6665a4	2021-06-01T15:25:31	[sfnt] Fix fallout from 2021-05-29 change. * src/sfnt/ttcolr.c (find_base_glyph_record, find_base_glyph_v1_record): Adjust binary search. Needs to be updated with change to unsigned.
7ca7da9d	2021-06-02T06:59:01	* src/autofit/aflatin.c (af_latin_metrics_scale_dim): Fix tracing. Problem reported by Alexei.
0abbc9f5	2021-06-02T06:36:11	[psaux] Fix MSVC compiler warnings. * src/psaux/afmparse.c (afm_parse_track_kern, afm_parse_kern_pairs): Add cast.
6e253b26	2021-05-29T11:05:41	Typos in previous commit.
a50c39aa	2021-05-29T09:50:29	Fix compilation errors and (some) warnings for clang++. * src/autofit/afmodule.c (AF_GlyphHintsRec): Make it static. * src/cache/ftcache.c (FTC_Cache_NewNode), src/cache/ftcsbits.c (ftc_snode_compare): Remove semicolon. * src/cff/cffparse.c (cff_parser_run): Add `break` statement. * src/cid/cidload.c (cid_hex_to_binary): Add cast. * src/sdf/ftbsdf.c (CHECK_NEIGHBOR): Use `do {} while(0)` loop. (bsdf_init_distance_map, finalize_sdf, bsdf_raster_render): Add casts. * src/sdf/ftsdf.c (sdf_generate_bounding_box, sdf_generate_with_overlaps): Ditto. * src/sdf/ftsdfcommon.h (square_root): Ditto. * src/sdf/ftsdfrend.c (sdf_property_get, ft_sdf_render, ft_bsdf_render): Ditto. * src/sfnt/ttcolr.c (find_base_glyph_record, find_base_glyph_v1_record): Fix variable signedness. (read_color_line): Add cast. (read_paint): Add casts. Fix signedness issue. (tt_face_get_colorline_stops) Fix signedness issues. * src/sfnt/ttpost.c (load_format_20): Add casts. * src/truetype/ttsubpix.c (TWEAK_RULES, TWEAK_RULES_EXCEPTIONS): Remove final semicolons.
28eee363	2021-05-27T11:38:56	[type42] Fix auto-hinting. The autohinter could not access the base (unscaled) outline in the child TrueType glyph slot. We now share the internal parts between the parent and child glyph slots. Fixes #1057. * src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts of `T42_GlyphSlot' and replace it with the child TrueType structure. (T42_GlyphSlot_Done): Updated accordingly.
0d1c306e	2021-05-25T11:27:56	[psaux] Guard and trace AFM kern data allocation. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31543 * include/freetype/internal/fttrace.h: Add 'afmparse' trace component. * src/psaux/afmparse.c (FT_COMPONENT): Define. (afm_parse_track_kern, afm_parse_kern_pairs): Protect against allocations bombs. Add tracing. (afm_parse_kern_data): Don't allow multiple kern data sections.
2468e59a	2021-05-20T22:20:36	[type42] Avoid some memory zeroing. * src/type42/t42objs.c (T42_Open_Face): Tweak allocation macro. * src/type42/t42parse.c (t42_parse_sfnts): Ditto.
06e21ffe	2021-05-18T14:49:50	[gzip] Use exact type for `ft_gzip_alloc` and `ft_gzip_free`. While a function pointer may be cast to another function pointer type, it is required to cast the function pointer back to the original function pointer type before calling it. If a parameter is a pointer the exact pointer type is required. Using a pointer to a different underlying type is technically undefined behavior. The wrapper functions `ft_gzip_alloc` and `ft_gzip_free` took `FT_Memory` (a `FT_MemoryRec_`) instead of `voidpf` (`void`), so when gzip calls these callbacks through `alloc_func` or `free_func` it invokes undefined behavior. On most platforms this works out as expected, but newer undefined behavior detectors and targets like wasm can detect this and will produce an error. * src/gzip/ftgzip.c (ft_gzip_alloc, ft_gzip_free): Update signatures to exactly match `alloc_func` and `free_func`, respectively. Internally, cast the `void*` opaque pointer to `FT_Memory`.
1bc801b0	2021-05-16T23:12:01	[sfnt] Additional guards on the POST table. Fixes timeout (#1055) analyzed by Ben Wagner, reported as https://crbug.com/1194092 * src/sfnt/ttload.c (tt_face_load_post): Check POST format. * src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode charmap only if the glyph names exist. * src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and ".null".
de151657	2021-05-13T23:08:31	[psaux] Use doubling allocation strategy for CF2_ArrStack. Fixes timeout reported as https://crbug.com/1206181 * src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it. * src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.
2d3f5dd2	2021-05-12T17:24:35	* src/smooth/ftgrays.c (FT_MAX_GRAY_SPANS): Increase from 10 to 16. Ten was barely enough for two slanted stems. Sixteen can actually fit a bit more complicated scanlines.
c653b8d2	2021-05-12T16:17:21	* src/smooth/ftgrays.c (FT_GRAY_SET): Adjust for better code.
8f43d324	2021-05-12T00:04:59	[smooth] Faster bitmap sweeping. Selecting the fill rule or checking the direct mode each time we call `gray_hline' is sub-optimal. This effectively splits the direct mode into a separate code path while inlining `gray_hline' and saving 5-7% of rendering time. * src/smooth/ftgrays.c (gray_hline): Eliminated in favor of... (FT_FILL_RULE, FT_GRAY_SET): ... these new macros... (gray_sweep): ... inlined here. (gray_sweep_direct): New function that handles the direct span buffer. (gray_TWorker): Remove the span buffer. (gray_raster_render, gray_convert_glyph): Updated.
b0702645	2021-05-10T22:06:01	* src/smooth/ftgrays.c (gray_hline): Simplify even-odd computations. It is too bad the even-odd rule is not used much.
967a34ee	2021-05-07T19:17:48	[type1] Avoid MM memory zeroing. * src/type1/t1load.c (t1_allocate_blend, parse_blend_design_map): Tweak allocation macros. * src/type1/t1objs.c (T1_Face_Done): Minor.
2f62d8e0	2021-05-07T09:33:41	* src/bdf/bdflib.c (_bdf_list_ensure): Tweak allocation macro.
79ed536d	2021-05-06T23:46:46	* src/psaux/psobjs.c (ps_parser_load_field): Tweak allocation macro.
44c59414	2021-05-06T22:54:03	* src/sfnt/sfobjs.c (sfnt_load_face): Tweak allocation macro.
998c7c0f	2021-05-06T22:51:37	* src/cid/cidload.c (cid_read_subrs): Tweak allocation macro.
2d957848	2021-05-06T22:49:13	* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Tweak allocation.
8150ed0d	2021-05-05T23:30:46	[cff,psaux] Avoid memory zeroing (contd.). * src/cff/cffload.c (cff_blend_doBlend, cff_blend_build_vector): Tweak allocation macros. * src/psaux/psarrst.c (cf2_arrstack_setNumElements): Ditto. * src/psaux/psstack.c (cf2_stack_init): Ditto.
82fd32d6	2021-05-03T13:49:14	* src/cid/cidload.c (cid_hex_to_binary): Improve return value. Add argument to return the actual number of bytes that were decoded. The actual number of bytes decoded can be quite variable depending on the number of ignored 'whitespace' bytes or early termination with `>`. (cid_face_open): Updated to use this calculated value. This avoids trusting `parser->binary_length` is always be correct and reading uninitialized bits if fewer are actually decoded. First reported as https://crbug.com/1203240
66630d88	2021-05-03T22:40:16	[sfnt] Streamline POST format 2.0 handing. To reduce memory allocations, we read an entire Pascal-string buffer and convert it to a C-string buffer. We also reject tables with Postscript glyph names exceeding 63 bytes. * src/sfnt/ttpost.c (load_format20): Implement it. (load_post_names): Check the minimal POST table size. (load_format25, tt_face_free_ps_names): Updated accordingly.
ec95f9c9	2021-05-02T18:30:22	[bdf,pcf] Avoid memory zeroing (contd.). * src/bdf/bdflib.c (bdf_create_property, _bdf_add_comment, _bdf_add_property, bdf_load_font): Tweak allocation macros. * src/pcf/pcfread.c (pcf_get_properties, pcf_get_metrics): Ditto.
d911cb53	2021-05-01T23:49:11	* src/cid/cidload.c (cid_read_subrs): Tweak allocaton macro.
dc42f826	2021-05-01T12:46:44	[sfnt] Avoid some memory zeroing. * src/sfnt/sfobjs.c (sfnt_open_font, sfnt_init_face, tt_name_ascii_from_{utf16,other}): Tweak allocaton macros. * src/sfnt/ttload.c (tt_face_load_name): Ditto.
b8968d66	2021-05-01T12:24:44	* src/sfnt/ttpost.c (load_format_{20,25}): Tweak allocaton macros.
2583b608	2021-05-01T09:22:26	* src/sfnt/pngshim.c (Load_SBit_Png): Tweak allocaton macro.
56ae9430	2021-05-01T09:14:04	[truetype] Avoid some memory zeroing. * src/truetype/ttinterp.c (Init_Context): Tweak allocation macro. * src/truetype/ttpload.c (tt_face_load_cvt): Ditto.
c177cc35	2021-05-01T09:09:52	[woff2] Avoid some memory zeroing. * src/sfnt/sfwoff2.c (store_loca, woff2_open_font): Tweak macros.
4e1c6a12	2021-04-30T09:35:21	* src/gzip/ftgzip.c (ft_gzip_alloc): Zero out memory again.
f631542d	2021-04-27T11:39:58	[lzw] Preserve decompression stack when relocating to heap. * src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Copy stack when relocating to heap.
c213c8a9	2021-04-27T08:54:19	* src/cid/cidgload.c (cid_load_glyph): Restore the glyph_length check.
2ec6feaf	2021-04-27T13:28:35	* src/psmodule.c (ps_unicodes_init): Ignore empty glyph names. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33637
caff87b1	2021-04-26T22:45:40	* src/sfnt/sfobjs.c (sfnt_init_face): Revert macro change.
8750e843	2021-04-26T17:21:51	[cff] Avoid some memory zeroing. * src/cff/cffparse.c (cff_parser_init): Tweak memory macro. * src/cff/cffload.c (cff_index_load_offsets, cff_index_get_pointers, cff_charset_load, cff_vstore_load): Ditto.
618d0834	2021-04-26T17:14:28	[pfr] Avoid some memory zeroing. * src/pfr/pfrobjs.c (pfr_face_init) : Tweak memory macro. * src/pfr/pfrload.c (pfr_extra_item_load_stem_snaps, pfr_phy_font_load): Ditto.
b0a28197	2021-04-26T17:10:28	* src/winfonts/winfnt.c (FNT_Face_Init): Tweak memory macro.
deee5b70	2021-04-26T17:07:44	[psaux,psnames] Avoid some memory zeroing. * src/psaux/psstack.c (cf2_stack_init): Tweak memory macro. * src/psnames/psmodule.c (ps_unicodes_init): Ditto.
270ff52f	2021-04-25T23:40:59	[base] Avoid some memory zeroing. * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Use FT_QNEW_ARRAY. * src/base/ftsnames.c (FT_Get_Sfnt_{Name,LangTag}): Ditto.
c2d28314	2021-04-25T23:33:15	[bdf,pcf] Avoid some memory zeroing. * src/pcf/pcfread.c (pcf_read_TOC, pcf_get_properties, pcf_load_font): Tweak memory macros. * src/bdf/bdfdrivr.c (BDF_Face_Init): Ditto. * src/bdf/bdflib.c (_bdf_readstreami, bdf_create_property, _bdf_parse_glyphs, _bdf_parse_start): Ditto. (_bdf_add_property): Do not handle zero size.
c78f78fa	2021-04-24T22:38:48	* src/cff/cffload.c (cff_index_get_pointers): s/FT_QALLOC/FT_ALLOC/.
0bd5d95d	2021-04-23T22:04:05	* src/base/ftobjs.c (Mac_Read_POST_Resource): s/FT_ALLOC/FT_QALLOC/. * builds/mac/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.
e6e5b67d	2021-04-23T21:33:03	* src/sdf/ftsdf.c (sdf_{edge,contour,shape}_new): Use FT_QALLOC.
6ada59ab	2021-04-23T19:22:51	[sfnt] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/sfnt/sfdriver.c (get_win_string, get_apple_string, sfnt_get_var_ps_name): Do not zero out the buffer. * src/sfnt/sfobjs.c (sfnt_init_face): Ditto. * src/sfnt/sfwoff.c (woff_open_font): Ditto. * src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
ec9e5114	2021-04-23T14:03:03	[cff,type1,type42] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/cff/cffload.c (cff_index_get_pointers, cff_index_get_name): Do not zero out the buffer. * src/cff/cffdrivr.c (cff_ps_get_font_info): Ditto. * src/type1/t1load.c (parse_subrs, parse_charstrings, parse_blend_axis_types): Ditto. * src/type1/t1parse.c (T1_New_Parser, T1_Get_Private_Dict): Ditto. * src/type42/t42parse.c (t42_parser_init): Ditto.
baa0f71d	2021-04-23T13:48:34	[cid] s/FT_ALLOC/FT_QALLOC/ and clean up. * src/cid/cidgload.c (cid_load_glyph): Do not zero out the buffer. * src/cid/cidload.c (cid_face_open, cid_read_subrs): Ditto.
b3438ccb	2021-04-23T08:35:02	[pfr] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/pfr/pfrload.c (pfr_extra_item_load_font_id, pfr_aux_name_load): Do not zero out the buffer.
1e525c62	2021-04-23T08:24:22	[bzip2,gzip] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/bzip2/ftbzip2.c (ft_bzip2_alloc): Do not zero out the buffer. * src/gzip/ftgzip.c (ft_gzip_alloc, FT_Stream_OpenGzip): Ditto.
a0fb6dbc	2021-04-23T00:05:18	[pcf,bdf,winfonts] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/pcf/pcfread.c (pcf_interpret_style): Do not zero out the buffer. * src/bdf/bdfdrivr.c (bdf_interpret_style): Ditto. * src/winfonts/winfnt.c (FNT_Face_Init, FNT_Load_Glyph): Ditto.
23f85c8a	2021-04-22T23:34:08	[cache] Optimize SBit copying. * src/cache/ftcsbits.c (ftc_snode_load): Do not initialize the buffer. (ftc_sbit_copy_bitmap): Accept zero size, s/FT_ALLOC/FT_QALLOC/.
93715ab2	2021-04-22T23:07:01	[gxvalid,otvalid] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/gxvalid/gxvmod.c (gxv_load_table): Do not zero out the buffer. * src/otvalid/otvmod.c (otv_load_table): Ditto.
90b97a83	2021-04-22T23:00:40	[psaux] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/psaux/psobjs.c (ps_table_done, ps_parser_load_field): Do not zero out the buffer.
44b1ebe5	2021-04-22T22:34:05	[base] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream, Mac_Read_sfnt_Resource): Do not zero out the buffer. * src/base/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto. * src/base/ftrfork.c (raccess_make_file_name, raccess_guess_darwin_hfsplus, raccess_guess_darwin_newvfs): Ditto.
8a459e51	2021-04-20T22:53:13	[cache] Restore SBit copying for unowned (BDF) bitmaps. * src/cache/ftcsbits.c (ftc_sbit_copy_bitmap): Restore. (ftc_snode_load): Check ownership and copy unowned bitmaps.
361465de	2021-04-20T22:31:28	Bitmap tracing.
e662a950	2021-04-19T12:49:16	[sfnt] Return in 'COLR' v1 when layer pointer outside table * src/sfnt/ttcolr.c (tt_face_get_paint_layers): Add missing return when paint pointer outside table. (read_paint): Add missing return when paint pointer outside table.
7c685cb3	2021-04-18T22:31:13	[cache] Switch to lazy SBit setting. * src/cache/ftcsbits.c (ftc_sbit_copy_bitmap): Removed. (ftc_snode_load): Take the bitmap ownership instead of copying.
2e68785e	2021-04-17T09:00:40	* src/cache/ftcsbits.c (ftc_snode_load): Properly handle short pitch.
7f8a1edd	2021-04-16T12:35:29	[sfnt] Safeguard 'COLR' v1 layer extraction * src/sfnt/ttcolr.c (tt_face_get_paint_layers): Do not output layer pointer to iterator if it is outside the 'COLR' table. (read_paint): Do not attempt to read layers that are outside the table.
f9350be1	2021-04-01T09:44:00	[base] Complete `ft_glyphslot_clear`. * src/base/ftobjs.c (ft_glyphslot_clear): This function is intended to reset all the values of a glyph slot. However, it was not resetting the values of the advances and `glyph_index`. Reset the advances and `glyph_index` to zero.
52f2a008	2021-04-01T09:33:47	Update TT_New_Context documentation In commit 531d463aed365b [truetype] Allocate TT_ExecContext in TT_Size instead of TT_Driver. the `TT_ExecContext` was moved from being on the driver to being on the size to make it easier to use FreeType in a multi-threaded environment. However, the documentation for `TT_New_Context` was not updated and still reflects the old behavior and parameter list. This change updates `TT_New_Context` documentation to reflect the current parameters and usage.
369d8be9	2021-03-31T22:31:44	[truetype] Prevent glyph program state from persisting. `FDEF` instructions are specified as allowed only in 'prep' or 'fpgm'. FreeType has attempted to prevent their use in the glyph program, but they were still allowed in glyph programs if defined in a function defined in 'prep' or 'fpgm' and called from the glyph program. Similarly, `IDEF` instructions are specified not to be able to modify any existing instruction. FreeType has attempted to prevent their use in the glyph program, but they can still be used like `FDEF`. This change stores the initial bytecode range type and disallows the use of `FDEF` and `IDEF` while running the glyph program. Most other state is copied from the `TT_Size` into the execution context. However, it is possible for a glyph program to use `WS` to write to the storage area or `WCVTP`, `WCVTF`, and `DELTAC[123]` to write to the control value table. Allowing any change to the global state from the glyph program is problematic as the outlines of any given glyph may change based on the order the glyphs are loaded or even how many times they are loaded. There exist fonts that write to the storage area or the control value table in the glyph program, so their use should not be an error. Possible solutions to using these in the glyph program are * ignore the writes; * value-level copy on write, discard modified values when finished; * array-level copy on write, discard the copy when finished; * array-level copy up-front. Ignoring the writes may break otherwise good uses. A full copy up-front was implemented, but was quite heavy as even well behaved fonts required a full copy and the memory management that goes along with it. Value-level copy on write could use less memory but requires a great deal more record keeping and complexity. This change implements array-level copy on write. If any attempt is made to write to the control value table or the storage area when the initial bytecode range was in a glyph program, the relevant array will be copied to a designated storage area and the copy used for the rest of the glyph program's execution. * src/truetype/ttinterp.h (TT_ExecContextRec): New fields `iniRange`, `glyfCvtSize`, `glyfCvt`, `origCvt`, `glyfStoreSize`, `glyfStorage`, and `origStorage`. * src/truetype/ttinterp.c (Modify_CVT_Check): New function to handle `exc->glyfCvt`. (Write_CVT, Write_CVT_Stretched, Move_CVT, Move_CVT_Stretched): Use it. (Ins_WS): Handle `exc->glyfStorage`. (Ins_FDEF, Ins_IDEF): Updated. (TT_RunIns): Updated. (TT_Done_Context): Free 'glyf' CVT working and storage area. (TT_Load_Context): Fix/add casts. * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Fix cast.
1c086293	2021-04-02T06:55:29	[sfnt] Check validity of pointer location of `read_color_line`. * src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch child table pointer early for all paint formats that compute a child table pointer. (read_color_line, read_paint): Updated. (tt_face_get_colorline_stops): Check `colr->table`.
e9c50fa7	2021-03-16T22:12:41	* src/sfnt/pngshim.c (Load_SBit_Png): Free `rows` once later.
b0729b8f	2021-03-15T14:32:24	[sfnt] Fix memory leak in png loading. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1182552 Memory is allocated and the pointer assigned to `rows` inside a 'setjmp' scope. This memory must be freed outside the 'setjmp' scope after a 'longjmp'. Since `rows` is a local and modified inside the 'setjmp' scope it must be marked volatile or it will have an indeterminate value after the 'longjmp'. * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
fb9bf2ef	2021-03-15T22:33:17	* src/smooth/ftgrays.c (gray_set_cell): Refactor to fix VC++ warning.
2149b51f	2021-03-13T19:08:09	Handle various VC++ compiler warnings. Fixes #1039. * src/base/ftstroke.c (ft_stroker_inside, ft_stroker_outside): Initialize `sigma`. * src/sdf/ftsdf.c (sdf_generate_with_overlaps): Exit immediately if function arguments are invalid. * src/sdf/ftsdfrend.c (sdf_property_set) <"overlaps">: Fix cast. * src/sfnt/sfwoff2.c (woff2_decompress) [!FT_CONFIG_OPTION_USE_BROTLI]: Use `FT_UNUSED`. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Initialize `fvar_head`.
80bda804	2021-03-11T22:40:19	[smooth] Reduce copying during integration phase. We now record `cover' and `area' directly into the linked list. This makes rendering faster by 10% or even more at larger sizes. * src/smooth/ftgrays.c (FT_INTEGRATE): Write directly. (gray_TWorker): Add direct cell reference and remove unused fields. (gray_set_cell): Consolidate the linked list management and pointers. (gray_convert_glyph, gray_convert_glyph_inner): Updated.
d5b7de55	2021-03-11T22:08:45	* src/smooth/ftgrays.c (FT_INTEGRATE): New convenience macro. (gray_render_line, gray_render_scanline): Use it.
85168499	2021-03-09T22:14:44	* src/smooth/ftgrays.c (gray_render_line): Rearrange conditionals. These produce faster or more optimizable code.
7227aabb	2021-03-04T06:41:30	Revert "[sfnt] Fix crash in `Load_SBit_Png` on Windows x64." This reverts commit dbf9142f7e0432c9ed618b3276e2b61fa39e7262, as discussed in #1037.
dbf9142f	2021-02-25T15:07:25	[sfnt] Fix crash in `Load_SBit_Png` on Windows x64. This change fixes a crash that occurs in `Load_SBit_Png` when running on a 64-bit Windows OS. A memory access violation exception would be raised by `setjmp` if the `jmp_buf` is not aligned to a 16-byte memory boundary. This is due to setjmp executing `movdqa` instructions to store 128-bit XMM registers to memory, which require correct memory alignment. This problem occurs because `png_create_read_struct` uses `malloc` and `free` for memory management, which only guarantees 8-byte alignment on Windows. Instead, to fix the problem, `png_create_read_struct_2` is used on 64-bit Windows, which allows for user-defined memory allocation and deallocation callbacks to be specified. These callbacks forward the allocation and deallocation requests to `_aligned_alloc` and `_aligned_free`, ensuring that the allocated `png_struct` and internal `jmp_buf` have the requisite 16-byte alignment. * src/sfnt/pngshim.c <_WIN64>: Include `malloc.h`. (malloc_callback, free_callback) <_WIN64>: New functions. (Load_SBit_Png) <_WIN64>: Use `png_create_read_struct_2` instead of `png_create_read_struct`
e1f364e5	2021-02-25T20:00:07	[woff2] Fix memory leak. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28148 * src/sfnt/sfwoff2.c (woff2_open_font): Reject fonts that have multiple tables with the same tag. While not explicitly forbidden in the OpenType specification, it is implicitly forbidden by describing a binary search algorithm for tables that only works reliably if table tags are unique.
92bd99bd	2021-02-16T14:07:18	Move 'dlg' submodule to `subprojects` directory. This is for future changes with Meson, which doesn't allow a different name for its `subprojects` directory. Having both a `submodules` and a `subprojects` directory is confusing. * .gitmodules, autogen.sh (copy_submodule_files, DLG_INC_DIR, DLG_SRC_DIR): Updated. * builds/toplevel.mk (<top-level>, do-dist), builds/windows/vc2010/script.bat: Updated. * src/tools/no-copyright: Updated.
215ae253	2021-02-16T12:53:45	[sfnt] Update paint format values to support non-variable paints. * freetype.h (FT_PaintFormat): Update paint format identifiers after a specification change. The specification was updated to have sibling formats, variable and non-variable variants for each. Reflect that here. * sfnt/ttcolr.c (read_paint): Remove parsing of variable indices as the non-variable formats no longer have them.
7849316c	2021-02-13T09:21:37	* src/tools/update-copyright-year: Fix single-year entry handling. The fix from 2021-01-17 didn't cover the case where the year to be updated is identical to the current year.
d51452e3	2021-02-13T08:52:58	Add new function `FT_Get_Transform`. See https://github.com/harfbuzz/harfbuzz/issues/2428 for some reasons to introduce this function. * include/freetype/freetype.h, src/base/ftobjs.c (FT_Get_Transform): Implement it.
70fd20e6	2021-02-12T19:28:05	Decorate qsort callbacks with cdecl. * include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF): Add new macro. * src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c, src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c, src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks. Fixes #1026 when compiling FreeType with an unusual calling convention while the C library qsort still expects cdecl.
54c5ad5c	2021-02-10T19:24:13	[sfnt] Implement 'COLR' v1 sweep gradients. * freetype.h (FT_PaintSweepGradient): Add `FT_PaintSweepGradient` to represent a 'COLR' v1 sweep gradient. Update format. (FT_PaintFormat): Update shifted paint formats. Sync with spec. * sfnt/ttcolr.c (read_paint): Logic to parse sweep gradients. Fix struct access in radial gradient implementation.
64f01bfe	2021-01-20T13:04:50	[sfnt] Provide optional root transform for 'COLR' v1 glyph graph. * include/freetype/freetype.h (FT_Get_Color_Glyph_Paint): Additional function argument root_transform to control whether root transform should be returned. (FT_OpaquePaint): Additional tracking field to denote whether root transform is to be returned. * include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_Paint_Func): Propagate additional argument. * src/base/ftobjs.c (FT_Get_Color_Glyph_Paint): Ditto. * src/sfnt/ttcolr.c (tt_face_get_colr_glyph_paint): Return root transform reflecting the size and tranform configured on FT_Face. (read_paint): Initialize and track status of insert_root_transform flag.
947e4752	2021-02-04T10:19:26	[base] Fix Netpbm tracing message. * src/base/ftobjs.c (FT_Render_Glyph_Internal): Don't emit Netpbm warning if there is nothing to output.

b460a506

2021-06-19T07:03:40

[truetype] Fix integer overflow. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35312 * src/truetype/ttinterp.c (Ins_JMPR): Use `ADD_LONG`.

232243e7

2021-06-19T06:32:29

Prevent hinting if there are too many segments. This speeds up handling of broken glyphs. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35309 * src/autofit/aflatin.c (af_latin_hints_compute_segments): Implement it.

61bac759

2021-06-18T17:38:00

* src/sdf/ftsdfrend.c (ft_(b)sdf_render): Do not FT_ERROR routinely.

f8c5c546

2021-06-16T09:54:49

Fix for issue 1063 See https://gitlab.freedesktop.org/freetype/freetype/-/issues/1063 for more details on the bug.

c6fcd612

2021-06-15T22:49:21

Add a comment.

8336d53c

2021-06-12T22:33:08

[type42] Fix new memory leak. We need to inverse inheritance of FT_GlyphSlot_Internal so that we have a chance to free the rendered bitmap from the parent slot. * src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts of the child `ttslot' and replace it with the parent structure. (T42_GlyphSlot_Done): Updated accordingly.

db0f2c44

2021-06-12T10:05:07

[psaux] Fix another assertion. * src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_escCALLOTHERSUBR>: Convert assertion into error, since the problem can happen with invalid user input. Test case is file fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read in the `freetype2-testing` repository.

a34afe67

2021-06-12T08:40:16

[psaux] Fix assertions. * src/psaux/pshints.c (cf2_hintmap_adjustHints): Check for overflow before emitting an assertion error.

9bfecfd2

2021-06-09T23:34:04

* src/truetype/ttinterp.c (TT_RunIns): Optimize tracing.

7833e308

2021-06-09T10:40:30

[sdf] Fix SDF positioning. * src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Add padding to `bitmap_top' and `bitmap_left'. * sdf/sdf/ftsdf.c (sdf_generate_with_overlaps): Fix VC++ warning.

08f66322

2021-06-08T18:23:16

More various documentation improvements and fixes.

b24cfc8d

2021-06-08T15:26:41

[sfnt] Sanitize cmap4 table better. Fixes #1062. * src/sfnt/ttcmap.c (tt_cmap4_validate): Handle a too-small value of `length` gracefully.

ee6d03d3

2021-06-08T14:29:11

[sfnt] Pointer validity check when reading COLR 'v1' layers * src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the existing sanity checks, ensure that the pointer to the layer to be read is within the 'COLR' v1 table.

41fa19fc

2021-06-08T10:32:20

* src/sdf/ftsdfcommon.c: Fix inclusion of header files.

35b21c71

2021-06-08T09:06:39

[sdf] Make `make multi` work. * src/sdf/ftsdf.c: Include `ftbitmap.h`. * src/sdf/ftsdfcommon.h: Move function bodies to `ftsdfcommon.c`. Include `ftobjs.h` to get definitions of `FT_LOCAL` and friends. * src/sdf/ftsdfcommon.c: New file. * src/sdf/rules.mk, src/sdf/sdf.c: Updated.

36ee7171

2021-06-08T09:00:39

[sdf] Formatting and improved comments.

2b1d5562

2021-06-08T08:29:34

[sdf] Use 8 bits for final SDF output instead of 16bits. Since 8-bits is enough to represent SDF data we no longer require 16-bits for this purpose. Also, we now normalize the output data to use the entire 8-bit range efficiently. For example: if we use 3.5 format with a spread of 1 we basically only use the starting 5-bits. By normalizing we can use the entire 8-bit range. * include/freetype/freetype.h (FT_Render_Mode): Updated description for `FT_RENDER_MODE_SDF` regarding this change. * include/freetype/ftimage.h (FT_Pixel_Mode): Removed `FT_PIXEL_MODE_GRAY16` since no longer required. * include/freetype/fttypes.h (FT_F6Dot10): Removed since no longer required. * src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Allocate 8-bit bitmap instead of 16-bit buffer. * src/sdf/ftsdfcommon.h (map_fixed_to_sdf): Added function to convert 16.16 distance value to our desired format. * src/sdf/ftsdf.c (sdf_generate_with_overlaps, sdf_generate_bounding_box): Use the new `map_fixed_to_sdf` function and also use 8-bit output buffer. * src/sdf/ftbsdf.c (finalize_sdf): Output to a 8-bit buffer instead of 16-bit buffer.

2a6665a4

2021-06-01T15:25:31

[sfnt] Fix fallout from 2021-05-29 change. * src/sfnt/ttcolr.c (find_base_glyph_record, find_base_glyph_v1_record): Adjust binary search. Needs to be updated with change to unsigned.

7ca7da9d

2021-06-02T06:59:01

* src/autofit/aflatin.c (af_latin_metrics_scale_dim): Fix tracing. Problem reported by Alexei.

0abbc9f5

2021-06-02T06:36:11

[psaux] Fix MSVC compiler warnings. * src/psaux/afmparse.c (afm_parse_track_kern, afm_parse_kern_pairs): Add cast.

6e253b26

2021-05-29T11:05:41

Typos in previous commit.

a50c39aa

2021-05-29T09:50:29

Fix compilation errors and (some) warnings for clang++. * src/autofit/afmodule.c (AF_GlyphHintsRec): Make it static. * src/cache/ftcache.c (FTC_Cache_NewNode), src/cache/ftcsbits.c (ftc_snode_compare): Remove semicolon. * src/cff/cffparse.c (cff_parser_run): Add `break` statement. * src/cid/cidload.c (cid_hex_to_binary): Add cast. * src/sdf/ftbsdf.c (CHECK_NEIGHBOR): Use `do {} while(0)` loop. (bsdf_init_distance_map, finalize_sdf, bsdf_raster_render): Add casts. * src/sdf/ftsdf.c (sdf_generate_bounding_box, sdf_generate_with_overlaps): Ditto. * src/sdf/ftsdfcommon.h (square_root): Ditto. * src/sdf/ftsdfrend.c (sdf_property_get, ft_sdf_render, ft_bsdf_render): Ditto. * src/sfnt/ttcolr.c (find_base_glyph_record, find_base_glyph_v1_record): Fix variable signedness. (read_color_line): Add cast. (read_paint): Add casts. Fix signedness issue. (tt_face_get_colorline_stops) Fix signedness issues. * src/sfnt/ttpost.c (load_format_20): Add casts. * src/truetype/ttsubpix.c (TWEAK_RULES, TWEAK_RULES_EXCEPTIONS): Remove final semicolons.

28eee363

2021-05-27T11:38:56

[type42] Fix auto-hinting. The autohinter could not access the base (unscaled) outline in the child TrueType glyph slot. We now share the internal parts between the parent and child glyph slots. Fixes #1057. * src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts of `T42_GlyphSlot' and replace it with the child TrueType structure. (T42_GlyphSlot_Done): Updated accordingly.

0d1c306e

2021-05-25T11:27:56

[psaux] Guard and trace AFM kern data allocation. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31543 * include/freetype/internal/fttrace.h: Add 'afmparse' trace component. * src/psaux/afmparse.c (FT_COMPONENT): Define. (afm_parse_track_kern, afm_parse_kern_pairs): Protect against allocations bombs. Add tracing. (afm_parse_kern_data): Don't allow multiple kern data sections.

2468e59a

2021-05-20T22:20:36

[type42] Avoid some memory zeroing. * src/type42/t42objs.c (T42_Open_Face): Tweak allocation macro. * src/type42/t42parse.c (t42_parse_sfnts): Ditto.

06e21ffe

2021-05-18T14:49:50

[gzip] Use exact type for `ft_gzip_alloc` and `ft_gzip_free`. While a function pointer may be cast to another function pointer type, it is required to cast the function pointer back to the original function pointer type before calling it. If a parameter is a pointer the exact pointer type is required. Using a pointer to a different underlying type is technically undefined behavior. The wrapper functions `ft_gzip_alloc` and `ft_gzip_free` took `FT_Memory` (a `FT_MemoryRec_*`) instead of `voidpf` (`void*`), so when gzip calls these callbacks through `alloc_func` or `free_func` it invokes undefined behavior. On most platforms this works out as expected, but newer undefined behavior detectors and targets like wasm can detect this and will produce an error. * src/gzip/ftgzip.c (ft_gzip_alloc, ft_gzip_free): Update signatures to exactly match `alloc_func` and `free_func`, respectively. Internally, cast the `void*` opaque pointer to `FT_Memory`.

1bc801b0

2021-05-16T23:12:01

[sfnt] Additional guards on the POST table. Fixes timeout (#1055) analyzed by Ben Wagner, reported as https://crbug.com/1194092 * src/sfnt/ttload.c (tt_face_load_post): Check POST format. * src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode charmap only if the glyph names exist. * src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and ".null".

de151657

2021-05-13T23:08:31

[psaux] Use doubling allocation strategy for CF2_ArrStack. Fixes timeout reported as https://crbug.com/1206181 * src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it. * src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.

2d3f5dd2

2021-05-12T17:24:35

* src/smooth/ftgrays.c (FT_MAX_GRAY_SPANS): Increase from 10 to 16. Ten was barely enough for two slanted stems. Sixteen can actually fit a bit more complicated scanlines.

c653b8d2

2021-05-12T16:17:21

* src/smooth/ftgrays.c (FT_GRAY_SET): Adjust for better code.

8f43d324

2021-05-12T00:04:59

[smooth] Faster bitmap sweeping. Selecting the fill rule or checking the direct mode each time we call `gray_hline' is sub-optimal. This effectively splits the direct mode into a separate code path while inlining `gray_hline' and saving 5-7% of rendering time. * src/smooth/ftgrays.c (gray_hline): Eliminated in favor of... (FT_FILL_RULE, FT_GRAY_SET): ... these new macros... (gray_sweep): ... inlined here. (gray_sweep_direct): New function that handles the direct span buffer. (gray_TWorker): Remove the span buffer. (gray_raster_render, gray_convert_glyph): Updated.

b0702645

2021-05-10T22:06:01

* src/smooth/ftgrays.c (gray_hline): Simplify even-odd computations. It is too bad the even-odd rule is not used much.

967a34ee

2021-05-07T19:17:48

[type1] Avoid MM memory zeroing. * src/type1/t1load.c (t1_allocate_blend, parse_blend_design_map): Tweak allocation macros. * src/type1/t1objs.c (T1_Face_Done): Minor.

2f62d8e0

2021-05-07T09:33:41

* src/bdf/bdflib.c (_bdf_list_ensure): Tweak allocation macro.

79ed536d

2021-05-06T23:46:46

* src/psaux/psobjs.c (ps_parser_load_field): Tweak allocation macro.

44c59414

2021-05-06T22:54:03

* src/sfnt/sfobjs.c (sfnt_load_face): Tweak allocation macro.

998c7c0f

2021-05-06T22:51:37

* src/cid/cidload.c (cid_read_subrs): Tweak allocation macro.

2d957848

2021-05-06T22:49:13

* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Tweak allocation.

8150ed0d

2021-05-05T23:30:46

[cff,psaux] Avoid memory zeroing (contd.). * src/cff/cffload.c (cff_blend_doBlend, cff_blend_build_vector): Tweak allocation macros. * src/psaux/psarrst.c (cf2_arrstack_setNumElements): Ditto. * src/psaux/psstack.c (cf2_stack_init): Ditto.

82fd32d6

2021-05-03T13:49:14

* src/cid/cidload.c (cid_hex_to_binary): Improve return value. Add argument to return the actual number of bytes that were decoded. The actual number of bytes decoded can be quite variable depending on the number of ignored 'whitespace' bytes or early termination with `>`. (cid_face_open): Updated to use this calculated value. This avoids trusting `parser->binary_length` is always be correct and reading uninitialized bits if fewer are actually decoded. First reported as https://crbug.com/1203240

66630d88

2021-05-03T22:40:16

[sfnt] Streamline POST format 2.0 handing. To reduce memory allocations, we read an entire Pascal-string buffer and convert it to a C-string buffer. We also reject tables with Postscript glyph names exceeding 63 bytes. * src/sfnt/ttpost.c (load_format20): Implement it. (load_post_names): Check the minimal POST table size. (load_format25, tt_face_free_ps_names): Updated accordingly.

ec95f9c9

2021-05-02T18:30:22

[bdf,pcf] Avoid memory zeroing (contd.). * src/bdf/bdflib.c (bdf_create_property, _bdf_add_comment, _bdf_add_property, bdf_load_font): Tweak allocation macros. * src/pcf/pcfread.c (pcf_get_properties, pcf_get_metrics): Ditto.

d911cb53

2021-05-01T23:49:11

* src/cid/cidload.c (cid_read_subrs): Tweak allocaton macro.

dc42f826

2021-05-01T12:46:44

[sfnt] Avoid some memory zeroing. * src/sfnt/sfobjs.c (sfnt_open_font, sfnt_init_face, tt_name_ascii_from_{utf16,other}): Tweak allocaton macros. * src/sfnt/ttload.c (tt_face_load_name): Ditto.

b8968d66

2021-05-01T12:24:44

* src/sfnt/ttpost.c (load_format_{20,25}): Tweak allocaton macros.

2583b608

2021-05-01T09:22:26

* src/sfnt/pngshim.c (Load_SBit_Png): Tweak allocaton macro.

56ae9430

2021-05-01T09:14:04

[truetype] Avoid some memory zeroing. * src/truetype/ttinterp.c (Init_Context): Tweak allocation macro. * src/truetype/ttpload.c (tt_face_load_cvt): Ditto.

c177cc35

2021-05-01T09:09:52

[woff2] Avoid some memory zeroing. * src/sfnt/sfwoff2.c (store_loca, woff2_open_font): Tweak macros.

4e1c6a12

2021-04-30T09:35:21

* src/gzip/ftgzip.c (ft_gzip_alloc): Zero out memory again.

f631542d

2021-04-27T11:39:58

[lzw] Preserve decompression stack when relocating to heap. * src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Copy stack when relocating to heap.

c213c8a9

2021-04-27T08:54:19

* src/cid/cidgload.c (cid_load_glyph): Restore the glyph_length check.

2ec6feaf

2021-04-27T13:28:35

* src/psmodule.c (ps_unicodes_init): Ignore empty glyph names. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33637

caff87b1

2021-04-26T22:45:40

* src/sfnt/sfobjs.c (sfnt_init_face): Revert macro change.

8750e843

2021-04-26T17:21:51

[cff] Avoid some memory zeroing. * src/cff/cffparse.c (cff_parser_init): Tweak memory macro. * src/cff/cffload.c (cff_index_load_offsets, cff_index_get_pointers, cff_charset_load, cff_vstore_load): Ditto.

618d0834

2021-04-26T17:14:28

[pfr] Avoid some memory zeroing. * src/pfr/pfrobjs.c (pfr_face_init) : Tweak memory macro. * src/pfr/pfrload.c (pfr_extra_item_load_stem_snaps, pfr_phy_font_load): Ditto.

b0a28197

2021-04-26T17:10:28

* src/winfonts/winfnt.c (FNT_Face_Init): Tweak memory macro.

deee5b70

2021-04-26T17:07:44

[psaux,psnames] Avoid some memory zeroing. * src/psaux/psstack.c (cf2_stack_init): Tweak memory macro. * src/psnames/psmodule.c (ps_unicodes_init): Ditto.

270ff52f

2021-04-25T23:40:59

[base] Avoid some memory zeroing. * src/base/ftrfork.c (FT_Raccess_Get_DataOffsets): Use FT_QNEW_ARRAY. * src/base/ftsnames.c (FT_Get_Sfnt_{Name,LangTag}): Ditto.

c2d28314

2021-04-25T23:33:15

[bdf,pcf] Avoid some memory zeroing. * src/pcf/pcfread.c (pcf_read_TOC, pcf_get_properties, pcf_load_font): Tweak memory macros. * src/bdf/bdfdrivr.c (BDF_Face_Init): Ditto. * src/bdf/bdflib.c (_bdf_readstreami, bdf_create_property, _bdf_parse_glyphs, _bdf_parse_start): Ditto. (_bdf_add_property): Do not handle zero size.

c78f78fa

2021-04-24T22:38:48

* src/cff/cffload.c (cff_index_get_pointers): s/FT_QALLOC/FT_ALLOC/.

0bd5d95d

2021-04-23T22:04:05

* src/base/ftobjs.c (Mac_Read_POST_Resource): s/FT_ALLOC/FT_QALLOC/. * builds/mac/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.

e6e5b67d

2021-04-23T21:33:03

* src/sdf/ftsdf.c (sdf_{edge,contour,shape}_new): Use FT_QALLOC.

6ada59ab

2021-04-23T19:22:51

[sfnt] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/sfnt/sfdriver.c (get_win_string, get_apple_string, sfnt_get_var_ps_name): Do not zero out the buffer. * src/sfnt/sfobjs.c (sfnt_init_face): Ditto. * src/sfnt/sfwoff.c (woff_open_font): Ditto. * src/sfnt/sfwoff2.c (woff2_open_font): Ditto.

ec9e5114

2021-04-23T14:03:03

[cff,type1,type42] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/cff/cffload.c (cff_index_get_pointers, cff_index_get_name): Do not zero out the buffer. * src/cff/cffdrivr.c (cff_ps_get_font_info): Ditto. * src/type1/t1load.c (parse_subrs, parse_charstrings, parse_blend_axis_types): Ditto. * src/type1/t1parse.c (T1_New_Parser, T1_Get_Private_Dict): Ditto. * src/type42/t42parse.c (t42_parser_init): Ditto.

baa0f71d

2021-04-23T13:48:34

[cid] s/FT_ALLOC/FT_QALLOC/ and clean up. * src/cid/cidgload.c (cid_load_glyph): Do not zero out the buffer. * src/cid/cidload.c (cid_face_open, cid_read_subrs): Ditto.

b3438ccb

2021-04-23T08:35:02

[pfr] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/pfr/pfrload.c (pfr_extra_item_load_font_id, pfr_aux_name_load): Do not zero out the buffer.

1e525c62

2021-04-23T08:24:22

[bzip2,gzip] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/bzip2/ftbzip2.c (ft_bzip2_alloc): Do not zero out the buffer. * src/gzip/ftgzip.c (ft_gzip_alloc, FT_Stream_OpenGzip): Ditto.

a0fb6dbc

2021-04-23T00:05:18

[pcf,bdf,winfonts] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/pcf/pcfread.c (pcf_interpret_style): Do not zero out the buffer. * src/bdf/bdfdrivr.c (bdf_interpret_style): Ditto. * src/winfonts/winfnt.c (FNT_Face_Init, FNT_Load_Glyph): Ditto.

23f85c8a

2021-04-22T23:34:08

[cache] Optimize SBit copying. * src/cache/ftcsbits.c (ftc_snode_load): Do not initialize the buffer. (ftc_sbit_copy_bitmap): Accept zero size, s/FT_ALLOC/FT_QALLOC/.

93715ab2

2021-04-22T23:07:01

[gxvalid,otvalid] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/gxvalid/gxvmod.c (gxv_load_table): Do not zero out the buffer. * src/otvalid/otvmod.c (otv_load_table): Ditto.

90b97a83

2021-04-22T23:00:40

[psaux] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/psaux/psobjs.c (ps_table_done, ps_parser_load_field): Do not zero out the buffer.

44b1ebe5

2021-04-22T22:34:05

[base] s/FT_ALLOC/FT_QALLOC/ for initialized buffers. * src/base/ftobjs.c (open_face_PS_from_sfnt_stream, Mac_Read_sfnt_Resource): Do not zero out the buffer. * src/base/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto. * src/base/ftrfork.c (raccess_make_file_name, raccess_guess_darwin_hfsplus, raccess_guess_darwin_newvfs): Ditto.

8a459e51

2021-04-20T22:53:13

[cache] Restore SBit copying for unowned (BDF) bitmaps. * src/cache/ftcsbits.c (ftc_sbit_copy_bitmap): Restore. (ftc_snode_load): Check ownership and copy unowned bitmaps.

361465de

2021-04-20T22:31:28

Bitmap tracing.

e662a950

2021-04-19T12:49:16

[sfnt] Return in 'COLR' v1 when layer pointer outside table * src/sfnt/ttcolr.c (tt_face_get_paint_layers): Add missing return when paint pointer outside table. (read_paint): Add missing return when paint pointer outside table.

7c685cb3

2021-04-18T22:31:13

[cache] Switch to lazy SBit setting. * src/cache/ftcsbits.c (ftc_sbit_copy_bitmap): Removed. (ftc_snode_load): Take the bitmap ownership instead of copying.

2e68785e

2021-04-17T09:00:40

* src/cache/ftcsbits.c (ftc_snode_load): Properly handle short pitch.

7f8a1edd

2021-04-16T12:35:29

[sfnt] Safeguard 'COLR' v1 layer extraction * src/sfnt/ttcolr.c (tt_face_get_paint_layers): Do not output layer pointer to iterator if it is outside the 'COLR' table. (read_paint): Do not attempt to read layers that are outside the table.

f9350be1

2021-04-01T09:44:00

[base] Complete `ft_glyphslot_clear`. * src/base/ftobjs.c (ft_glyphslot_clear): This function is intended to reset all the values of a glyph slot. However, it was not resetting the values of the advances and `glyph_index`. Reset the advances and `glyph_index` to zero.

52f2a008

2021-04-01T09:33:47

Update TT_New_Context documentation In commit 531d463aed365b [truetype] Allocate TT_ExecContext in TT_Size instead of TT_Driver. the `TT_ExecContext` was moved from being on the driver to being on the size to make it easier to use FreeType in a multi-threaded environment. However, the documentation for `TT_New_Context` was not updated and still reflects the old behavior and parameter list. This change updates `TT_New_Context` documentation to reflect the current parameters and usage.

369d8be9

2021-03-31T22:31:44

[truetype] Prevent glyph program state from persisting. `FDEF` instructions are specified as allowed only in 'prep' or 'fpgm'. FreeType has attempted to prevent their use in the glyph program, but they were still allowed in glyph programs if defined in a function defined in 'prep' or 'fpgm' and called from the glyph program. Similarly, `IDEF` instructions are specified not to be able to modify any existing instruction. FreeType has attempted to prevent their use in the glyph program, but they can still be used like `FDEF`. This change stores the initial bytecode range type and disallows the use of `FDEF` and `IDEF` while running the glyph program. Most other state is copied from the `TT_Size` into the execution context. However, it is possible for a glyph program to use `WS` to write to the storage area or `WCVTP`, `WCVTF`, and `DELTAC[123]` to write to the control value table. Allowing any change to the global state from the glyph program is problematic as the outlines of any given glyph may change based on the order the glyphs are loaded or even how many times they are loaded. There exist fonts that write to the storage area or the control value table in the glyph program, so their use should not be an error. Possible solutions to using these in the glyph program are * ignore the writes; * value-level copy on write, discard modified values when finished; * array-level copy on write, discard the copy when finished; * array-level copy up-front. Ignoring the writes may break otherwise good uses. A full copy up-front was implemented, but was quite heavy as even well behaved fonts required a full copy and the memory management that goes along with it. Value-level copy on write could use less memory but requires a great deal more record keeping and complexity. This change implements array-level copy on write. If any attempt is made to write to the control value table or the storage area when the initial bytecode range was in a glyph program, the relevant array will be copied to a designated storage area and the copy used for the rest of the glyph program's execution. * src/truetype/ttinterp.h (TT_ExecContextRec): New fields `iniRange`, `glyfCvtSize`, `glyfCvt`, `origCvt`, `glyfStoreSize`, `glyfStorage`, and `origStorage`. * src/truetype/ttinterp.c (Modify_CVT_Check): New function to handle `exc->glyfCvt`. (Write_CVT, Write_CVT_Stretched, Move_CVT, Move_CVT_Stretched): Use it. (Ins_WS): Handle `exc->glyfStorage`. (Ins_FDEF, Ins_IDEF): Updated. (TT_RunIns): Updated. (TT_Done_Context): Free 'glyf' CVT working and storage area. (TT_Load_Context): Fix/add casts. * src/truetype/ttgload.c (TT_Load_Simple_Glyph): Fix cast.

1c086293

2021-04-02T06:55:29

[sfnt] Check validity of pointer location of `read_color_line`. * src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch child table pointer early for all paint formats that compute a child table pointer. (read_color_line, read_paint): Updated. (tt_face_get_colorline_stops): Check `colr->table`.

e9c50fa7

2021-03-16T22:12:41

* src/sfnt/pngshim.c (Load_SBit_Png): Free `rows` once later.

b0729b8f

2021-03-15T14:32:24

[sfnt] Fix memory leak in png loading. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1182552 Memory is allocated and the pointer assigned to `rows` inside a 'setjmp' scope. This memory must be freed outside the 'setjmp' scope after a 'longjmp'. Since `rows` is a local and modified inside the 'setjmp' scope it must be marked volatile or it will have an indeterminate value after the 'longjmp'. * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.

fb9bf2ef

2021-03-15T22:33:17

* src/smooth/ftgrays.c (gray_set_cell): Refactor to fix VC++ warning.

2149b51f

2021-03-13T19:08:09

Handle various VC++ compiler warnings. Fixes #1039. * src/base/ftstroke.c (ft_stroker_inside, ft_stroker_outside): Initialize `sigma`. * src/sdf/ftsdf.c (sdf_generate_with_overlaps): Exit immediately if function arguments are invalid. * src/sdf/ftsdfrend.c (sdf_property_set) <"overlaps">: Fix cast. * src/sfnt/sfwoff2.c (woff2_decompress) [!FT_CONFIG_OPTION_USE_BROTLI]: Use `FT_UNUSED`. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Initialize `fvar_head`.

80bda804

2021-03-11T22:40:19

[smooth] Reduce copying during integration phase. We now record `cover' and `area' directly into the linked list. This makes rendering faster by 10% or even more at larger sizes. * src/smooth/ftgrays.c (FT_INTEGRATE): Write directly. (gray_TWorker): Add direct cell reference and remove unused fields. (gray_set_cell): Consolidate the linked list management and pointers. (gray_convert_glyph, gray_convert_glyph_inner): Updated.

d5b7de55

2021-03-11T22:08:45

* src/smooth/ftgrays.c (FT_INTEGRATE): New convenience macro. (gray_render_line, gray_render_scanline): Use it.

85168499

2021-03-09T22:14:44

* src/smooth/ftgrays.c (gray_render_line): Rearrange conditionals. These produce faster or more optimizable code.

7227aabb

2021-03-04T06:41:30

Revert "[sfnt] Fix crash in `Load_SBit_Png` on Windows x64." This reverts commit dbf9142f7e0432c9ed618b3276e2b61fa39e7262, as discussed in #1037.

dbf9142f

2021-02-25T15:07:25

[sfnt] Fix crash in `Load_SBit_Png` on Windows x64. This change fixes a crash that occurs in `Load_SBit_Png` when running on a 64-bit Windows OS. A memory access violation exception would be raised by `setjmp` if the `jmp_buf` is not aligned to a 16-byte memory boundary. This is due to setjmp executing `movdqa` instructions to store 128-bit XMM registers to memory, which require correct memory alignment. This problem occurs because `png_create_read_struct` uses `malloc` and `free` for memory management, which only guarantees 8-byte alignment on Windows. Instead, to fix the problem, `png_create_read_struct_2` is used on 64-bit Windows, which allows for user-defined memory allocation and deallocation callbacks to be specified. These callbacks forward the allocation and deallocation requests to `_aligned_alloc` and `_aligned_free`, ensuring that the allocated `png_struct` and internal `jmp_buf` have the requisite 16-byte alignment. * src/sfnt/pngshim.c <_WIN64>: Include `malloc.h`. (malloc_callback, free_callback) <_WIN64>: New functions. (Load_SBit_Png) <_WIN64>: Use `png_create_read_struct_2` instead of `png_create_read_struct`

e1f364e5

2021-02-25T20:00:07

[woff2] Fix memory leak. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28148 * src/sfnt/sfwoff2.c (woff2_open_font): Reject fonts that have multiple tables with the same tag. While not explicitly forbidden in the OpenType specification, it is implicitly forbidden by describing a binary search algorithm for tables that only works reliably if table tags are unique.

92bd99bd

2021-02-16T14:07:18

Move 'dlg' submodule to `subprojects` directory. This is for future changes with Meson, which doesn't allow a different name for its `subprojects` directory. Having both a `submodules` and a `subprojects` directory is confusing. * .gitmodules, autogen.sh (copy_submodule_files, DLG_INC_DIR, DLG_SRC_DIR): Updated. * builds/toplevel.mk (<top-level>, do-dist), builds/windows/vc2010/script.bat: Updated. * src/tools/no-copyright: Updated.

215ae253

2021-02-16T12:53:45

[sfnt] Update paint format values to support non-variable paints. * freetype.h (FT_PaintFormat): Update paint format identifiers after a specification change. The specification was updated to have sibling formats, variable and non-variable variants for each. Reflect that here. * sfnt/ttcolr.c (read_paint): Remove parsing of variable indices as the non-variable formats no longer have them.

7849316c

2021-02-13T09:21:37

* src/tools/update-copyright-year: Fix single-year entry handling. The fix from 2021-01-17 didn't cover the case where the year to be updated is identical to the current year.

d51452e3

2021-02-13T08:52:58

Add new function `FT_Get_Transform`. See https://github.com/harfbuzz/harfbuzz/issues/2428 for some reasons to introduce this function. * include/freetype/freetype.h, src/base/ftobjs.c (FT_Get_Transform): Implement it.

70fd20e6

2021-02-12T19:28:05

Decorate qsort callbacks with cdecl. * include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF): Add new macro. * src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c, src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c, src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks. Fixes #1026 when compiling FreeType with an unusual calling convention while the C library qsort still expects cdecl.

54c5ad5c

2021-02-10T19:24:13

[sfnt] Implement 'COLR' v1 sweep gradients. * freetype.h (FT_PaintSweepGradient): Add `FT_PaintSweepGradient` to represent a 'COLR' v1 sweep gradient. Update format. (FT_PaintFormat): Update shifted paint formats. Sync with spec. * sfnt/ttcolr.c (read_paint): Logic to parse sweep gradients. Fix struct access in radial gradient implementation.

64f01bfe

2021-01-20T13:04:50

[sfnt] Provide optional root transform for 'COLR' v1 glyph graph. * include/freetype/freetype.h (FT_Get_Color_Glyph_Paint): Additional function argument root_transform to control whether root transform should be returned. (FT_OpaquePaint): Additional tracking field to denote whether root transform is to be returned. * include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_Paint_Func): Propagate additional argument. * src/base/ftobjs.c (FT_Get_Color_Glyph_Paint): Ditto. * src/sfnt/ttcolr.c (tt_face_get_colr_glyph_paint): Return root transform reflecting the size and tranform configured on FT_Face. (read_paint): Initialize and track status of insert_root_transform flag.

947e4752

2021-02-04T10:19:26

[base] Fix Netpbm tracing message. * src/base/ftobjs.c (FT_Render_Glyph_Internal): Don't emit Netpbm warning if there is nothing to output.

kc3-lang/freetype/src

src

Log