kmx git

Commit	Date	Message
32cb5390	2025-09-06T06:14:03	Update all copyright notices.
d3668e00	2025-09-05T20:21:27	src/sfnt/ttload.c (tt_face_load_any): Correctly handle font containers. Reported as https://issues.oss-fuzz.com/issues/424613326
b04db387	2025-07-04T19:52:53	[sfnt] Rewrite GPOS kerning support. (2/2) The previous code had a fundamental flaw: it didn't validate the necessary parts of the 'GPOS' table before accessing it, causing crashes with malformed data (since `TT_CONFIG_OPTION_GPOS_KERNING` is off by default, standard fuzzers don't catch these problems). Additionally, it did a lot of parsing while accessing kerning data, making it rather slow. The new implementation fixes this. After validation, offsets to the 'GPOS' lookup subtables used in the 'kern' feature that correspond to 'simple' kerning (i.e., similar to 'kern' table kerning) are stored in `TT_Face`; this greatly simplifies and accelerates access to the kerning data. Testing with font `SF-Pro.ttf` version '1.00', the validation time for the 'GPOS' table increases the start-up time of `FT_New_Face` by less than 1%, while calls to `FT_Get_Kerning` become about 3.5 times faster. * include/freetype/internal (gpos_kerning_available): Replace with... (gpos_lookups_kerning, num_gpos_lookups_kerning): ... these new fields. Update callers. * src/ttgpos.c [TT_CONFIG_OPTION_GPOS_KERNING]: A new implementation.
8ef26a80	2025-07-04T19:50:48	[sfnt] Rewrite GPOS kerning support. (1/2) This commit removes the previous implementation.
fb6a7426	2025-07-04T06:03:37	* src/sfnt/ttkern.h (TT_FACE_HAS_KERNING): Remove macro. Given that we also support (limited) 'GPOS' table kerning if `TT_CONFIG_OPTION_GPOS_KERNING` is defined, the name of this macro is misleading since it only is true for 'kern' table kerning. * src/sfnt/sfobjs.c (sfn_load_face): Replace `TT_FACE_HAS_KERNING` with plain code.
8d82c9fa	2025-07-01T17:08:37	/: Fix trivial signedness issues with format strings in trace messages. As reported with clang 19's `-Wformat` option.
7f559fbe	2025-06-10T04:55:43	Update links. Found with `linkchecker --check-extern index.html` running locally in the 'freetype-web' repository.
5a07f41d	2025-05-28T09:52:44	[sfnt] `FT_Load_Sfnt_Table` can now also load a font's table directory. Closes issue #1263. * src/sfnt/ttload.c (tt_face_load_any): Implement it.
5987a9f5	2025-05-22T02:51:36	[ttmtx] Fix check for being non-default variation position. If user explicitly sets variations to `NULL` after it being set to something else, `face->blend` will still be non-`NULL`. The intention here however is correctly captured by `FT_IS_VARIATION`. * src/sfnt/ttmtx.c (tt_face_get_metrics): Use `FT_IS_VARIATION`.
6fa8725a	2025-05-09T13:25:34	[sfnt] Avoid allocation bomb in compressed SVG documents. Reported as https://issues.oss-fuzz.com/issues/416538625 * src/sfnt/ttsvg.c (MAX_SVG_SIZE): New macro. (tt_face_load_svg_doc): Reject too large buffer.
1beb83fd	2025-01-01T22:28:36	* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Refactor `flip`.
83af801b	2024-09-07T13:44:57	* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Respect metrics_only. Also fixes recursive flip.
30080320	2024-09-06T13:43:47	* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Tweak loop.
98283cb3	2024-09-06T17:03:58	[sfnt] Support sbix graphicType 'flip'. * src/sfnt/ttsbit.c (tt_face_load_sbix_image): Currently undocumented by Apple, this flips the bitmap data horizontally. It is used on macOS in Apple Color Emoji; 19.4d6e1; 2024-02-05 (file `Apple Color Emoji.ttc`). Fixes issue #1282.
d2612e1c	2024-08-26T07:01:19	* src/sfnt/ttcmap.c (tt_cmap*_get_info): Remove casting.
6b992aaa	2024-08-11T19:44:13	* src//: Fix C++ compilation; fix clang warnings.
ed8b82ba	2024-08-08T10:28:05	Various minor documentation or formatting fixes.
3f8edd23	2024-07-28T20:56:07	* src/sfnt/ttload.c (tt_face_load_name): Shorten dereference.
24888540	2024-07-28T19:42:49	[bdf,pcf,winfonts,sfnt] Remove barely used marcros. * include/freetype/internal/ftobjs.h (FT_FACE_SIZE, FT_SIZE_FACE): Removed. * src/bdf/bdfdrivr.c (BDF_Glyph_Load): Updated. * src/pcf/pcfdrivr.c (PCF_Glyph_Load): Ditto. * src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto * src/sfnt/ttbdf.c (tt_face_find_bdf_prop): Ditto.
bab9564a	2024-06-26T05:39:11	Make 'multi' build work again. * src/psaux/psobjs.c: Include `psft.h`. * src/sfnt/rules.mk (SFNT_DRV_SRC): Add `ttgpos.c`. Fixes issue #1284.
5858fa16	2024-05-07T18:19:58	[colr] Avoid overflow in range checks In 32 bit builds `FT_ULong` is 32 bits and can silently overflow when a large number is read into one and then it is summed or multiplied with another number. Checks for range overflow must be written so that they themselves do not overflow. Also ensure that the table_size is always the first part of the range check and consistently use `<` or `<=`. * src/sfnt/ttcolr.c (tt_face_load_colr): Avoid overflow. (find_base_glyph_v1_record): Remove old work-around. Bug: https://issues.chromium.org/issues/41495455 Bug: https://issues.chromium.org/issues/40945818
7bd887f1	2024-05-03T16:04:35	* src/sfnt/sfwoff2.c (woff2_open_font): Fix copy-paste typo.
3f28a6b6	2024-05-03T15:44:57	[woff,woff2] Limit the number of tables and use FT_MSB. The upper limit of 4095 is implied by the SFNT header format where the multiplication by 16 would overflow without it. * src/sfnt/sfwoff.c (woff_open_font): Updated. * src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
13d1180f	2024-05-02T13:16:46	[woff2] Disallow zero table font entries The existing code already disallows zero table woff2 overall, but still allows for individual CollectionFontEntry to create font instances with zero tables. Such fonts are not useful so error early. This also fixes an MSAN discovered issue where if a CollectionFontEntry numTables is zero then the sfnt_header was not fully initialized. * src/sfnt/sfwoff2.c (woff2_open_font): error on zero tables, always initalize sfnt_header Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68384
4d504684	2024-05-01T23:19:31	[sfnt] Use faster macros in checksums. * src/truetype/ttobjs.c (tt_synth_sfnt_checksum): Use FT_NEXT_XXX. * src/sfnt/sfwoff2.c (compute_ULong_sum): Use macros.
13da9042	2024-05-01T00:34:21	* src/sfnt/sfwoff2.c (compute_ULong_sum): Clean up.
f42ce255	2024-03-08T14:55:12	[colr] Ensure enough bytes for PaintColrLayers * src/sfnt/ttcolr.c (read_paint): check that there are five additional bytes to be read when reading PaintColrLayers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66566
47574f7e	2024-01-27T11:11:22	Update all copyright notices.
4f0256c1	2024-01-27T10:47:10	* src/sfnt/ttgpos.c (tt_gpos_get_glyph_class): Fix warning C4018.
8f286c86	2024-01-19T16:42:48	Add support for kerning from 'GPOS' tables. This commit adds support for kerning from 'GPOS' tables, while maintaining support for basic 'kern' tables. `FT_HAS_KERNING` will be true for a font with either available and `FT_Get_Kerning` will still use the basic 'kern' table data if avilable, otherwise check the GPOS 'kern' feature. This feature is disabled by default; it can be enabled with the `TT_CONFIG_OPTION_GPOS_KERNING` flag. Only basic kerning (pair positioning with just an x advance) is supported from the GPOS layout features; support for that was added to make the existing `FT_Get_Kerning` API more consistently functional. FreeType does not intend to extend itself to further GPOS functionality though; a higher-level library like HarfBuzz can be used instead for that. * include/freetype/config/ftoption.h, include/devel/ftoption.h (TT_CONFIG_OPTION_GPOS_KERNING): New configuration option. * include/freetype/internal/fttrace.h: Add `ttgpos` trace handler. * include/freetype/internal/sfnt.h (SFNT_Interface): Add `load_gpos` and `get_gpos_kerning` fields. (FT_DEFINE_SFNT_INTERFACE): Updated. * include/freetype/internal/tttypes.h: Include `fttypes.h`. (TT_FaceRec) [TT_CONFIG_OPTION_GPOS_KERNING]: Add `gpos_table` and `gpos_kerning_available` fields. * src/sfnt/ttgpos.c, src/sfnt/ttgpos.h: New files. * src/sfnt/sfdriver.c [TT_CONFIG_OPTION_GPOS_KERNING]: Include `ttgpos.h`. (sfnt_interface): Updated. * src/sfnt/sfnt.c: Include `ttgpos.c`. * src/sfnt/sfobjs.c [TT_CONFIG_OPTION_GPOS_KERNING]: Include `ttgpos.h`. (sfnt_load_face) [TT_CONFIG_OPTION_GPOS_KERNING]: Load and free GPOS kerning data; check GPOS kerning availability. * src/truetype/ttdriver.c (tt_get_kerning): Use GPOS kerning if there's no 'kern' table.
7bac4d14	2024-01-08T20:25:31	* src/sfnt/ttcolr.c (find_base_glyph_v1_record): Fix build in C90 mode.
4a85ff0b	2024-01-04T21:38:51	[sfnt] Restrict POST version 1.0. A font has surfaced with `post` version 1.0 and fewer than 258 glyphs. Its glyphs did not correspond to their names. We now reject such `post` strictly following specifications. * src/sfnt/ttpost.c (tt_face_get_ps_name): Check the number of glyphs for version 1.0.
57c4252a	2024-01-02T17:55:33	[sfnt] Guard access in 'COLR' v1 glyph binary search. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1505216 * src/sfnt/ttcolr.c (find_base_glyph_v1_record): Guard access of the search pointer during binary search. The pointer needs to be checked as we go as the test that compares number of v1 glyphs with table size at the time of loading the table is not sufficient on its own. A scenario is possible in which the `BaseGlyphRecord` list extends into non-`BaseGlyphRecord` parts of the 'COLR' v1 table (but passed the size comparison check). Then, at those locations, invalid glyph ID values are read and may provoke an invalid read due to reassigning min and max values during the binary search.
4904d1eb	2023-09-06T22:58:46	* src/sfnt/ttpost.c (load_format_20): Micro-optimize.
000b26a3	2023-08-30T23:03:02	* src/sfnt/ttpost.c (load_format_20): Rework tracing.
2f7abe48	2023-08-29T19:18:43	Comment added.
c46c4b8e	2023-08-29T17:52:06	* src/sfnt/ttpost.c (load_format_20): Permit long names. Fixes #1254.
3829fdaa	2023-08-04T11:41:23	Avoid overflow in COLR bounds checks. The values read into `base_glyphs_offset_v1` and `layer_offset_v1` may be in the range 0xFFFFFFFD-0xFFFFFFFF. On systems where `unsigned long` is 32 bits adding 4 to such values will wrap and pass bounds checks but accessing values at such offsets will be out of bounds. On the other hand `table_size` has already been tested to be at least `COLRV1_HEADER_SIZE` (34) so it is safe to subtract 4 from it. * src/sfnt/ttcolr.c (tt_face_load_colr): subtract 4 from `table_size` instead of adding 4 to font data offsets in bounds checks Fixes: https://crbug.com/1469348
dd3c9c5f	2023-07-18T13:25:57	[woff2] Clean up on large brotli expansion * src/sfnt/sfwoff2.c (woff2_open_font): set error and goto cleanup Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60711
336503df	2023-07-16T07:36:01	[woff2] Avoid allocation bomb. This is a fix for commit 85167dbd5, reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60615 * src/sfnt/sfwoff2.c (MAX_SFNT_SIZE): New macro. (woff2_open_font): Use it to limit the maximum size of an uncompressed WOFF2 font.
85167dbd	2023-07-13T16:49:34	[woff2] Remove sfnt size guess check In WOFF the `totalSfntSize` must be correct, however in WOFF2 this value is now just a hint and a conforming implementation must not reject otherwise valid data if the `totalSfntSize` turns out not to be exact. * src/sfnt/sfwoff2.c (woff2_open_font): remove check that uncompressed woff2 data would fit in the sfnt size guess. Fixes: #1235
2fb8eda5	2023-06-01T19:38:36	/: Remove many function pointer casts. In C it is undefined behavior to call a function through a function pointer of a different type. This is now detected by the Control Flow Integrity Sanitizer. All known issues have already been fixed. Prevent any accidental re-introduction by removing function pointer casts when defining services. The services will call the service functions through the function pointers on the service. As a result the functions must have the same type so there should be no need to cast. Removing the casts allows compilers to warn about assignment to an incompatible function pointer type.
365eb10d	2023-05-07T19:16:38	* src/sfnt/ttcmap: Signature fixes.
e245951c	2023-05-06T23:59:25	* src/sfnt/sfdriver.c, src/sfnt/ttbdf.c: Clean up interface. Ensure that all driver functions use the signature of the service or driver. This avoids pointer mismatches, which are technically undefined behaviour. Recent compilers are more picky in catching them as part of Control Flow Integrity tests. * src/sfnt/sfdriver.c (sfnt_load_table): New wrapper function. (sfnt_service_sfnt_table): Use it.
8fe50c2a	2023-04-27T23:06:51	[truetype] Fix style name handling for variation fonts. * include/freetype/internal/tttypes.h (TT_FaceRec): New field `non_var_style_name`. * src/sfnt/sfobjs.c (sfnt_load_face): Initialize `non_var_style_name`. (sfnt_done_face): Free `non_var_style_name`. * src/truetype/ttgxvar.c (TT_Set_Named_Instance): Restore non-VF style name if switching back to non-VF mode.
fb982e78	2023-04-26T08:17:17	New Variation Font function `FT_Get_Default_Named_Instance`. * include/freetype/ftmm.h, src/base/ftmm.c (FT_Get_Default_Named_Instance): New function. * include/freetype/internal/services/svmm.h (FT_Get_Default_Named_Instance_Func): New typedef. (FT_Service_MultiMasters): New field `get_default_named_instance`. (FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated. * include/freetype/internal/tttypes.h (TT_Face): New field `var_default_named_instance`. * src/sfnt/sfobjc.s (sfnt_init_face): Initialize `var_default_named_instance`. * src/cff/cffdrivr.c (cff_get_default_named_instance): New function. (cff_service_multi_masters): Updated. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Initialize `var_default_named_instance`. (TT_Get_Default_Named_Instance): New function. * src/truetype/ttgxvar.h: Updated. * src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated. * src/type1/t1driver.c (t1_service_multi_masters): Updated. * docs/CHANGES: Updated.
36a086b6	2023-04-28T19:40:35	* src/sfnt/pngshim.c (Load_SBit_Png): Remove FALL_THROUGH warning.
08268691	2023-04-28T15:32:16	* src/sfnt/ttload.c (tt_face_load_font_dir): Add another guard. Reject 'OTTO' fonts with no valid tables.
0a3836c9	2023-04-25T09:54:09	Improve/add source comments and documentation.
40676afc	2023-04-25T09:30:30	[sfnt] Fix handling of PS names for Variation Fonts. * src/sfnt/sfdriver.c (get_win_string, get_apple_string): Continue construction of string if an invalid character is encountered. Fixes #1218.
e78e2d29	2023-04-06T11:16:29	[sfnt, truetype] Add `size_reset` to `MetricsVariations`. This is a generalization of commit ``` commit e6699596af5c5d6f0ae0ea06e19df87dce088df8 Author: Werner Lemberg <wl@gnu.org> Date: Thu Feb 2 11:38:04 2017 +0100 [truetype] Fix MVAR post-action handling. ``` It is also possible for plain `CFF ` style fonts to contain an `fvar` and `MVAR` table and use `cff_metrics_adjust`. `tt_size_reset` should only be called with `TT_Size` and never with `CFF_Size`. Allow the "metrics-variations" service to specify the correct function (if any) to reset `FT_Size`s after adjusting metrics. * src/truetype/ttobjs.c (tt_size_reset): Split off some functionality into... (tt_size_reset_height): ... this new function. * src/truetype/ttdriver.c (tt_service_metrics_variations): Add `size_reset`. (tt_size_select, tt_size_request): Updated. * src/truetype/ttobjs.h: Updated. * include/freetype/internal/services/svmetric.h (MetricsVariations): Add `size_reset`. (FT_DEFINE_SERVICE_METRICSVARIATIONSREC): Updated. * include/freetype/internal/tttypes.h (TT_FaceRec_): Rename `var` to `tt_var` and add `face_var`. * src/cff/cffdrivr.c (cff_service_metrics_variations): Add `size_reset`. (cff_hadvance_adjust, cff_metrics_adjust): Updated. * src/cff/cffobjs.c (cff_face_init): Use `face_var`. * src/sfnt/sfobjs.c (sfnt_init_face): Initialize `face_var`. * src/sfnt/ttmtx.c (tt_face_get_metrics): Use `tt_var`. * src/truetype/ttgxvar.c (tt_size_reset_iterator): Renamed to... (ft_size_reset_iterator): ... this new function. Call `size_reset`. (tt_apply_mvar): Pass `size_reset` to `ft_size_reset_iterator`. Fixes #1211
1a4c18f7	2023-04-10T15:30:43	Align `char_next` return types. This is mostly cosmetic because FT_UInt and FT_UInt32 are likely identical. * src/sfnt/ttcmap.c, src/cff/cffcmap.c, src/psaux/t1cmap.c, src/psnames/psmodule.c, include/freetype/internal/service/svpcsmap.h, src/pfr/pfrcmap.c, src/winfonts/winfnt.c (*_char_next): return FT_UInt.
d2544433	2023-04-08T23:15:41	[sfnt] Clean up CMAP{4,12,13} handling. This moves the charcode overflow checks upstream and turns some while-loops into the do-while ones to avoid the uninitialized warnings. This should slightly reduce the number of checks and jumps. * src/sfnt/ttcmap.c (tt_cmap{4,12,13}_next, tt_cmap{4.12.13}_char_map_linear): Remove the charcode overflow check. (tt_cmap{4,12,13}_char_map_binary): Ditto and use do-while. (tt_cmap{12,13}_char_next): Add the overflow check.
b0a4f992	2023-04-02T22:45:48	* src/sfnt/ttpost.c (load_format_25): Do not abort frame reading.
340767bf	2023-04-02T22:00:59	* src/sfnt/ttpost.c (load_format_*): Streamline frame reading.
311b78fa	2023-04-02T09:24:16	* src/sfnt/ttpost.c: Formatting and comments.
8f7b1455	2023-04-01T23:37:51	[sfnt] Consolidate POST version 2.0 and 2.5 (pt 2). * src/sfnt/ttpost.c (load_format_20, load_format_25): Update arguments and move shared calls and checks upstream to... (load_post_names): ... this function. (tt_face_free_ps_names, tt_face_get_ps_name): Updated.
9597a62b	2023-04-01T22:34:30	[sfnt] Consolidate POST version 2.0 and 2.5 (pt 1). The deprecated POST version 2.5 can be handled using the data structures of version 2.0. The goal is to reduce the footprint. * include/freetype/internal/tttypes.h (TT_Post_Names): Absorb and... (TT_Post_20, TT_Post_25): ... remove these structures. src/sfnt/ttpost.c (load_post_names, tt_face_get_ps_name, tt_face_free_ps_names, load_format_20): Updated accordingly. (load_format_25): ditto and convert offsets to glyph indices.
6d7b8b22	2023-03-31T23:17:46	[sfnt] Miscellaneous POST clean-ups. * src/sfnt/ttpost.c (load_format_20): Decrease casts. (load_format_25): Check the table length and impose a theoretical glyph number limit usable with 8-bit offset. Decrease casts. (load_post_names): Pass the mapping data length without 2 bytes.
0db69970	2023-03-30T09:06:35	* src/sfnt/ttpost.c (load_format_20): Simplify comutations.
4679fcb6	2023-03-29T00:21:00	[sfnt] Streamline POST format 2.0 handing (cont'd). * src/sfnt/ttpost.c (load_format_20): Co-allocate the string data and their pointers, which makes it easier to handle and free them. (tt_face_free_ps_names): Updated. * include/freetype/internal/tttypes.h (TT_Post_20): Update type.
fc01e7dd	2023-03-05T22:05:24	Fix a couple of MSVC warnings. * src/base/ftcalc.c (FT_MulAddFix): Add cast. * src/sfnt/ttcolr.c (tt_face_get_colorline_stops, read_paint): Ditto.
7ae20e55	2023-03-03T22:41:09	* src/sfnt/sfobjs.c (sfnt_load_face): Shorten de-referencing.
d399657f	2023-02-26T20:18:54	* src/*: Replace leading underscores with trailing ones in dummy variables. This is to avoid clang warnings.
663486a7	2023-02-08T20:56:19	Fix `FT_LOCAL` and `FT_LOCAL_DEF` tags.
ac5babe8	2023-02-08T19:36:10	Fix 'fall-through' warning messages. Modern compilers get more insistent on that... * include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define. * src/: Use it instead of `/ fall through */` comments.
da9eb9c7	2023-02-07T07:01:36	Fix minor clang and clang++ warnings.
e97544a7	2023-01-28T17:04:38	Minor changes. Comment fixes, typos, removing of unnecessary parentheses.
bacc48e6	2023-01-28T17:04:11	Whitespace.
a297feab	2023-01-17T14:30:48	[sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044. * src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is too small, don't deallocate delta set index map structures.
65f85237	2023-01-17T09:18:25	Update all copyright notices.
6a179ff7	2023-01-16T16:38:56	sr/.c: Various minor fixes. src/autofit/ft-hb.c (_hb_ft_reference_table): Call `FT_UNUSED` after variable declarations. * src/gxvalid/gxvjust.c (gxv_just_widthDeltaClusters_validate): Eliminate unused variable. * src/gzip/ftgzip.c: Don't call GCC '-Wstrict-prototypes' pragma for C++ compiler. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): Remove final semicolon to avoid compiler warning. * src/sfnt/ttsvg.c (tt_face_load_svg_doc): Fix signedness warning.
2692b321	2023-01-03T17:19:02	[sfnt] Remove temporary runtime flag for variable 'COLR' v1. Fixes #1187. * src/sfnt/ttcolr.c (top level, read_paint, tt_face_load_colr, tt_face_free_colr, get_deltas_for_var_index_base, tt_face_get_color_glyph_clipbox, tt_face_get_colorline_stops): Remove macro definition `VARIABLE_COLRV1_ENABLED` and its usage. * src/truetype/ttdriver.c (tt_property_set): Remove parsing of 'TEMPORARY-enable-variable-colrv1' property name. * src/truetype/ttobjs.h (TT_DriverRec): Remove `enable_variable_colrv1` flag.
63f37136	2023-01-04T15:52:41	[sfnt] Fix color stop bounds check calculation at table end. Fixes https://bugs.chromium.org/p/skia/issues/detail?id=14021 * src/sfnt/ttcolr.c (VAR_IDX_BASE_SIZE): New macro. (tt_face_get_colorline_stops): Fix off-by-one bounds check calculation, take `VarColorStop` into account, and hopefully make it easier to read.
26e9028f	2022-12-13T09:53:26	[sdf, sfnt] Handle minor compiler warnings. * src/sdf/ftsdf.c (get_min_distance_conic): Initialize `nearest_point`. * src/sfnt/ttsvg.c (find_doc): Initialize `mid_doc`. Fixes #1195.
0b62c1e4	2022-10-18T14:45:43	[sfnt] Additional bounds checks for `COLR` v1 table handling. * src/sfnt/ttcolr.c (read_paint): Add `colr` argument, necessary for... ... another use of `ENSURE_READ_BYTES`. Update callers. (tt_face_get_paint_layers): Ensure that the 4-byte paint table offset can be read. This is a follow-up to !124 and issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
b8882a3e	2022-10-18T15:58:02	* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Simplify calculations.
04272824	2022-10-17T18:18:49	[sfnt] Guard individual `COLR` v1 paint field reads. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): New macro. (read_paint): Use it – after the start pointer `p` has been checked for whether it allows reading the format byte, each successive paint table field read need to be bounds-checked before reading further values. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404
141d979a	2022-10-10T12:25:51	Minor comment changes.
ff66e912	2022-09-29T17:46:23	* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Use lighter FT_DivFix.
df260139	2022-09-27T17:50:55	[sfnt] Guard access in 'COLR' table when requesting child table pointer. * src/sfnt/ttcolr.c (tt_face_get_colorline_stops, read_paint): Tighten pointer bounds checks. (get_child_table_pointer): Check whether incoming pointer `p` lies within the 'COLR' table. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51816
bd417007	2022-09-26T14:46:42	[sfnt] Add SVG document bounds checking. Add a check that the document content is actually contained within the `SVG ` table. Without this check a malformed font may claim arbitrary memory as its document content. * src/sfnt/ttsvg.c (tt_face_load_svg): Take `numEntries` into account when testing 'documentRecord' extents. (find_doc): Rename `stream` to `document_records` for clarity. (tt_face_load_svg_doc): Split `doc` from `doc_list` pointer for clarity. Test that the document content is contained within the table. Ensure minimum length of document before testing for gzip format. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51812
33ceac2a	2022-09-15T09:47:07	Reject 'COLR' table if version is 1 but header too small. * src/sfnt/ttcolr.c (tt_face_load_colr): If the version is determined to be 1, then the table size has to be at least the size of the v1 header. Also, for peeking the number of base glyphs and entries in the layer list, ensure that the table is sufficiently long. Fixes #1179. Original patch by Sergey Temnikov.
91a7fae7	2022-09-05T15:49:27	[sfnt] Handle variable `COLR` v1 fonts without delta set index map Fixes #1178. * src/sfnt/ttcolr.c (get_deltas_for_var_index_base): Set outer index to 0 and inner index to the delta index when retrieving deltas if the `COLR` table has no delta set index map.
6d62076a	2022-08-30T15:00:37	[sfnt] Pointer sanity checks before reading layer info in 'COLR' v0 * src/sfnt/ttcolr.c (tt_face_get_colr_layer): Check that the pointer to read from is within the 'COLR' table. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50633
a1017e26	2022-08-19T19:07:42	[sfnt] Don't require 'gvar' table to support variation fonts. Fixes #1172. * src/sfnt/sfobjs.c (sfnt_load_face): Tag font as Multiple Masters font if `fvar` is present; do not require other tables to be present. * src/truetype/ttgxvar.c (tt_set_mm_blend): Allow for a missing 'gvar' table when setting variation coordinates. However, if a 'gvar' table is actually present, do perform a sanity check and fail on malformedness. (TT_Get_MM_Var): Don't assume 'fvar' needs 'gvar' or 'CFF2 tables in all cases, which is an overly tight check.
4797b2ff	2022-08-26T12:08:34	[sfnt] Avoid undefined shifts in `COLR` v1 color line retrieval * src/sfnt/ttcolr.c (tt_face_get_colorline_stops): Disambiguate shift behavior by using multiplication using macros from ftcalc.h. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50573
dcb5fc5b	2022-08-02T17:10:25	* src/sfnt/ttload.c: Trace formatting updates.
919561ca	2022-07-30T12:09:21	[sfnt] Implement VarClipBox. * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Depending on the format, read `var_index_base`, then retrieve and apply scaled deltas.
649352ab	2022-07-30T12:09:09	[sfnt] Fix typo in clip box computation. * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Use appropriate scale factor for `yMin` and `yMax`.
a3749a64	2022-07-29T21:49:51	Fix compilation if `TT_CONFIG_OPTION_GX_VAR_SUPPORT` is not set. * src/sfnt/ttcolr.c: Protect relevant code with `TT_CONFIG_OPTION_GX_VAR_SUPPORT`.
38dc768a	2022-07-29T21:17:06	Fix clang14 compiler warnings. * include/freetype/internal/ftstream.h (FT_GET_SHORT_LE, FT_GET_USHORT_LE): Fix type. * src/sfnt/ttcolr.c (get_deltas_for_var_index_base): Always return boolean value. (tt_face_get_colorline_stops): Fix type of `var_index_base`.
275b116b	2022-07-05T15:16:31	[sfnt] Support variable 'COLR' v1 `PaintVarSkew`. src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration values `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SKEW`, `FT_COLR_PAINTFORMAT_INTERNAL_SKEW_CENTER`, and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SKEW_CENTER`. (read_paint): Handle new enumeration values.
44fd524e	2022-07-05T15:09:28	[sfnt] Support variable 'COLR' v1 `PaintVarRotate`. src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration values `FT_COLR_PAINTFORMAT_INTERNAL_VAR_ROTATE` and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_ROTATE_CENTER`. (read_paint): Handle new enumeration values.
603fef28	2022-07-05T14:56:22	[sfnt] Support 'COLR' v1 variable `PaintVarScale`. src/sfnt/ttcolr.c: (FT_PaintFormatInternal): New enumeration values `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE`, `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE_CENTER`, `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE_UNIFORM`, and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE_UNIFORM_CENTER`. (read_paint): Handle new enumeration values.
d134b9e3	2022-07-05T14:51:48	[sfnt] Support for 'COLR' v1 variable translate. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration value `FT_COLR_PAINTFORMAT_INTERNAL_VAR_TRANSLATE`. (read_paint): Handle new enumeration value.
8ec531c2	2022-07-05T14:47:57	[sfnt] Support for 'COLR' v1 variable transforms. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration value `FT_COLR_PAINTFORMAT_INTERNAL_VAR_TRANSFORM`. (read_paint): Handle new enumeration value.
9c4ad2a9	2022-07-05T14:43:10	[sfnt] Deltas for 'COLR' v1 gradient coordinates. * src/sfnt/ttcolr.c (read_paint) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Read and apply deltas to radial, linear, and sweep gradient coordinates such as 'p0', 'p1', 'p2', 'center', 'radii', and 'angles'.
3414fef7	2022-07-04T16:29:31	[sfnt] Support variable 'COLR' v1 color lines. * include/freetype/ftcolor.h (FT_ColorStopIterator): Add field `read_variable` to indicate whether a variation index base should be read. * src/sfnt/ttcolr.c: (FT_PaintFormat_Internal): New enumerations `FT_COLR_PAINTFORMAT_INTERNAL_VAR_LINEAR_GRADIENT` `FT_COLR_PAINTFORMAT_INTERNAL_VAR_RADIAL_GRADIENT`, and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SWEEP_GRADIENT`. (read_color_line): New parameter `read_variable`; update callers. (read_paint): Handle new enumerations.
7c151abb	2022-07-04T12:44:06	[sfnt] Apply variation deltas to `PaintVarSolid`. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal_): New enumeration `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SOLID`. (get_deltas_for_var_index_base) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: New function to retrieve an array of delta values, which will be used for most of 'COLR' v1 variation formats (in follow-up commits). (read_paint): Add `face` parameter; update caller. Handle `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SOLID`.

32cb5390

2025-09-06T06:14:03

Update all copyright notices.

d3668e00

2025-09-05T20:21:27

src/sfnt/ttload.c (tt_face_load_any): Correctly handle font containers. Reported as https://issues.oss-fuzz.com/issues/424613326

b04db387

2025-07-04T19:52:53

[sfnt] Rewrite GPOS kerning support. (2/2) The previous code had a fundamental flaw: it didn't validate the necessary parts of the 'GPOS' table before accessing it, causing crashes with malformed data (since `TT_CONFIG_OPTION_GPOS_KERNING` is off by default, standard fuzzers don't catch these problems). Additionally, it did a lot of parsing while accessing kerning data, making it rather slow. The new implementation fixes this. After validation, offsets to the 'GPOS' lookup subtables used in the 'kern' feature that correspond to 'simple' kerning (i.e., similar to 'kern' table kerning) are stored in `TT_Face`; this greatly simplifies and accelerates access to the kerning data. Testing with font `SF-Pro.ttf` version '1.00', the validation time for the 'GPOS' table increases the start-up time of `FT_New_Face` by less than 1%, while calls to `FT_Get_Kerning` become about 3.5 times faster. * include/freetype/internal (gpos_kerning_available): Replace with... (gpos_lookups_kerning, num_gpos_lookups_kerning): ... these new fields. Update callers. * src/ttgpos.c [TT_CONFIG_OPTION_GPOS_KERNING]: A new implementation.

8ef26a80

2025-07-04T19:50:48

[sfnt] Rewrite GPOS kerning support. (1/2) This commit removes the previous implementation.

fb6a7426

2025-07-04T06:03:37

* src/sfnt/ttkern.h (TT_FACE_HAS_KERNING): Remove macro. Given that we also support (limited) 'GPOS' table kerning if `TT_CONFIG_OPTION_GPOS_KERNING` is defined, the name of this macro is misleading since it only is true for 'kern' table kerning. * src/sfnt/sfobjs.c (sfn_load_face): Replace `TT_FACE_HAS_KERNING` with plain code.

8d82c9fa

2025-07-01T17:08:37

*/*: Fix trivial signedness issues with format strings in trace messages. As reported with clang 19's `-Wformat` option.

7f559fbe

2025-06-10T04:55:43

Update links. Found with `linkchecker --check-extern index.html` running locally in the 'freetype-web' repository.

5a07f41d

2025-05-28T09:52:44

[sfnt] `FT_Load_Sfnt_Table` can now also load a font's table directory. Closes issue #1263. * src/sfnt/ttload.c (tt_face_load_any): Implement it.

5987a9f5

2025-05-22T02:51:36

[ttmtx] Fix check for being non-default variation position. If user explicitly sets variations to `NULL` after it being set to something else, `face->blend` will still be non-`NULL`. The intention here however is correctly captured by `FT_IS_VARIATION`. * src/sfnt/ttmtx.c (tt_face_get_metrics): Use `FT_IS_VARIATION`.

6fa8725a

2025-05-09T13:25:34

[sfnt] Avoid allocation bomb in compressed SVG documents. Reported as https://issues.oss-fuzz.com/issues/416538625 * src/sfnt/ttsvg.c (MAX_SVG_SIZE): New macro. (tt_face_load_svg_doc): Reject too large buffer.

1beb83fd

2025-01-01T22:28:36

* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Refactor `flip`.

83af801b

2024-09-07T13:44:57

* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Respect metrics_only. Also fixes recursive flip.

30080320

2024-09-06T13:43:47

* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Tweak loop.

98283cb3

2024-09-06T17:03:58

[sfnt] Support sbix graphicType 'flip'. * src/sfnt/ttsbit.c (tt_face_load_sbix_image): Currently undocumented by Apple, this flips the bitmap data horizontally. It is used on macOS in Apple Color Emoji; 19.4d6e1; 2024-02-05 (file `Apple Color Emoji.ttc`). Fixes issue #1282.

d2612e1c

2024-08-26T07:01:19

* src/sfnt/ttcmap.c (tt_cmap*_get_info): Remove casting.

6b992aaa

2024-08-11T19:44:13

* src/*/*: Fix C++ compilation; fix clang warnings.

ed8b82ba

2024-08-08T10:28:05

Various minor documentation or formatting fixes.

3f8edd23

2024-07-28T20:56:07

* src/sfnt/ttload.c (tt_face_load_name): Shorten dereference.

24888540

2024-07-28T19:42:49

[bdf,pcf,winfonts,sfnt] Remove barely used marcros. * include/freetype/internal/ftobjs.h (FT_FACE_SIZE, FT_SIZE_FACE): Removed. * src/bdf/bdfdrivr.c (BDF_Glyph_Load): Updated. * src/pcf/pcfdrivr.c (PCF_Glyph_Load): Ditto. * src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto * src/sfnt/ttbdf.c (tt_face_find_bdf_prop): Ditto.

bab9564a

2024-06-26T05:39:11

Make 'multi' build work again. * src/psaux/psobjs.c: Include `psft.h`. * src/sfnt/rules.mk (SFNT_DRV_SRC): Add `ttgpos.c`. Fixes issue #1284.

5858fa16

2024-05-07T18:19:58

[colr] Avoid overflow in range checks In 32 bit builds `FT_ULong` is 32 bits and can silently overflow when a large number is read into one and then it is summed or multiplied with another number. Checks for range overflow must be written so that they themselves do not overflow. Also ensure that the table_size is always the first part of the range check and consistently use `<` or `<=`. * src/sfnt/ttcolr.c (tt_face_load_colr): Avoid overflow. (find_base_glyph_v1_record): Remove old work-around. Bug: https://issues.chromium.org/issues/41495455 Bug: https://issues.chromium.org/issues/40945818

7bd887f1

2024-05-03T16:04:35

* src/sfnt/sfwoff2.c (woff2_open_font): Fix copy-paste typo.

3f28a6b6

2024-05-03T15:44:57

[woff,woff2] Limit the number of tables and use FT_MSB. The upper limit of 4095 is implied by the SFNT header format where the multiplication by 16 would overflow without it. * src/sfnt/sfwoff.c (woff_open_font): Updated. * src/sfnt/sfwoff2.c (woff2_open_font): Ditto.

13d1180f

2024-05-02T13:16:46

[woff2] Disallow zero table font entries The existing code already disallows zero table woff2 overall, but still allows for individual CollectionFontEntry to create font instances with zero tables. Such fonts are not useful so error early. This also fixes an MSAN discovered issue where if a CollectionFontEntry numTables is zero then the sfnt_header was not fully initialized. * src/sfnt/sfwoff2.c (woff2_open_font): error on zero tables, always initalize sfnt_header Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68384

4d504684

2024-05-01T23:19:31

[sfnt] Use faster macros in checksums. * src/truetype/ttobjs.c (tt_synth_sfnt_checksum): Use FT_NEXT_XXX. * src/sfnt/sfwoff2.c (compute_ULong_sum): Use macros.

13da9042

2024-05-01T00:34:21

* src/sfnt/sfwoff2.c (compute_ULong_sum): Clean up.

f42ce255

2024-03-08T14:55:12

[colr] Ensure enough bytes for PaintColrLayers * src/sfnt/ttcolr.c (read_paint): check that there are five additional bytes to be read when reading PaintColrLayers. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66566

47574f7e

2024-01-27T11:11:22

Update all copyright notices.

4f0256c1

2024-01-27T10:47:10

* src/sfnt/ttgpos.c (tt_gpos_get_glyph_class): Fix warning C4018.

8f286c86

2024-01-19T16:42:48

Add support for kerning from 'GPOS' tables. This commit adds support for kerning from 'GPOS' tables, while maintaining support for basic 'kern' tables. `FT_HAS_KERNING` will be true for a font with either available and `FT_Get_Kerning` will still use the basic 'kern' table data if avilable, otherwise check the GPOS 'kern' feature. This feature is disabled by default; it can be enabled with the `TT_CONFIG_OPTION_GPOS_KERNING` flag. Only basic kerning (pair positioning with just an x advance) is supported from the GPOS layout features; support for that was added to make the existing `FT_Get_Kerning` API more consistently functional. FreeType does not intend to extend itself to further GPOS functionality though; a higher-level library like HarfBuzz can be used instead for that. * include/freetype/config/ftoption.h, include/devel/ftoption.h (TT_CONFIG_OPTION_GPOS_KERNING): New configuration option. * include/freetype/internal/fttrace.h: Add `ttgpos` trace handler. * include/freetype/internal/sfnt.h (SFNT_Interface): Add `load_gpos` and `get_gpos_kerning` fields. (FT_DEFINE_SFNT_INTERFACE): Updated. * include/freetype/internal/tttypes.h: Include `fttypes.h`. (TT_FaceRec) [TT_CONFIG_OPTION_GPOS_KERNING]: Add `gpos_table` and `gpos_kerning_available` fields. * src/sfnt/ttgpos.c, src/sfnt/ttgpos.h: New files. * src/sfnt/sfdriver.c [TT_CONFIG_OPTION_GPOS_KERNING]: Include `ttgpos.h`. (sfnt_interface): Updated. * src/sfnt/sfnt.c: Include `ttgpos.c`. * src/sfnt/sfobjs.c [TT_CONFIG_OPTION_GPOS_KERNING]: Include `ttgpos.h`. (sfnt_load_face) [TT_CONFIG_OPTION_GPOS_KERNING]: Load and free GPOS kerning data; check GPOS kerning availability. * src/truetype/ttdriver.c (tt_get_kerning): Use GPOS kerning if there's no 'kern' table.

7bac4d14

2024-01-08T20:25:31

* src/sfnt/ttcolr.c (find_base_glyph_v1_record): Fix build in C90 mode.

4a85ff0b

2024-01-04T21:38:51

[sfnt] Restrict POST version 1.0. A font has surfaced with `post` version 1.0 and fewer than 258 glyphs. Its glyphs did not correspond to their names. We now reject such `post` strictly following specifications. * src/sfnt/ttpost.c (tt_face_get_ps_name): Check the number of glyphs for version 1.0.

57c4252a

2024-01-02T17:55:33

[sfnt] Guard access in 'COLR' v1 glyph binary search. Reported as https://bugs.chromium.org/p/chromium/issues/detail?id=1505216 * src/sfnt/ttcolr.c (find_base_glyph_v1_record): Guard access of the search pointer during binary search. The pointer needs to be checked as we go as the test that compares number of v1 glyphs with table size at the time of loading the table is not sufficient on its own. A scenario is possible in which the `BaseGlyphRecord` list extends into non-`BaseGlyphRecord` parts of the 'COLR' v1 table (but passed the size comparison check). Then, at those locations, invalid glyph ID values are read and may provoke an invalid read due to reassigning min and max values during the binary search.

4904d1eb

2023-09-06T22:58:46

* src/sfnt/ttpost.c (load_format_20): Micro-optimize.

000b26a3

2023-08-30T23:03:02

* src/sfnt/ttpost.c (load_format_20): Rework tracing.

2f7abe48

2023-08-29T19:18:43

Comment added.

c46c4b8e

2023-08-29T17:52:06

* src/sfnt/ttpost.c (load_format_20): Permit long names. Fixes #1254.

3829fdaa

2023-08-04T11:41:23

Avoid overflow in COLR bounds checks. The values read into `base_glyphs_offset_v1` and `layer_offset_v1` may be in the range 0xFFFFFFFD-0xFFFFFFFF. On systems where `unsigned long` is 32 bits adding 4 to such values will wrap and pass bounds checks but accessing values at such offsets will be out of bounds. On the other hand `table_size` has already been tested to be at least `COLRV1_HEADER_SIZE` (34) so it is safe to subtract 4 from it. * src/sfnt/ttcolr.c (tt_face_load_colr): subtract 4 from `table_size` instead of adding 4 to font data offsets in bounds checks Fixes: https://crbug.com/1469348

dd3c9c5f

2023-07-18T13:25:57

[woff2] Clean up on large brotli expansion * src/sfnt/sfwoff2.c (woff2_open_font): set error and goto cleanup Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60711

336503df

2023-07-16T07:36:01

[woff2] Avoid allocation bomb. This is a fix for commit 85167dbd5, reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60615 * src/sfnt/sfwoff2.c (MAX_SFNT_SIZE): New macro. (woff2_open_font): Use it to limit the maximum size of an uncompressed WOFF2 font.

85167dbd

2023-07-13T16:49:34

[woff2] Remove sfnt size guess check In WOFF the `totalSfntSize` must be correct, however in WOFF2 this value is now just a hint and a conforming implementation must not reject otherwise valid data if the `totalSfntSize` turns out not to be exact. * src/sfnt/sfwoff2.c (woff2_open_font): remove check that uncompressed woff2 data would fit in the sfnt size guess. Fixes: #1235

2fb8eda5

2023-06-01T19:38:36

*/*: Remove many function pointer casts. In C it is undefined behavior to call a function through a function pointer of a different type. This is now detected by the Control Flow Integrity Sanitizer. All known issues have already been fixed. Prevent any accidental re-introduction by removing function pointer casts when defining services. The services will call the service functions through the function pointers on the service. As a result the functions must have the same type so there should be no need to cast. Removing the casts allows compilers to warn about assignment to an incompatible function pointer type.

365eb10d

2023-05-07T19:16:38

* src/sfnt/ttcmap: Signature fixes.

e245951c

2023-05-06T23:59:25

* src/sfnt/sfdriver.c, src/sfnt/ttbdf.c: Clean up interface. Ensure that all driver functions use the signature of the service or driver. This avoids pointer mismatches, which are technically undefined behaviour. Recent compilers are more picky in catching them as part of Control Flow Integrity tests. * src/sfnt/sfdriver.c (sfnt_load_table): New wrapper function. (sfnt_service_sfnt_table): Use it.

8fe50c2a

2023-04-27T23:06:51

[truetype] Fix style name handling for variation fonts. * include/freetype/internal/tttypes.h (TT_FaceRec): New field `non_var_style_name`. * src/sfnt/sfobjs.c (sfnt_load_face): Initialize `non_var_style_name`. (sfnt_done_face): Free `non_var_style_name`. * src/truetype/ttgxvar.c (TT_Set_Named_Instance): Restore non-VF style name if switching back to non-VF mode.

fb982e78

2023-04-26T08:17:17

New Variation Font function `FT_Get_Default_Named_Instance`. * include/freetype/ftmm.h, src/base/ftmm.c (FT_Get_Default_Named_Instance): New function. * include/freetype/internal/services/svmm.h (FT_Get_Default_Named_Instance_Func): New typedef. (FT_Service_MultiMasters): New field `get_default_named_instance`. (FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated. * include/freetype/internal/tttypes.h (TT_Face): New field `var_default_named_instance`. * src/sfnt/sfobjc.s (sfnt_init_face): Initialize `var_default_named_instance`. * src/cff/cffdrivr.c (cff_get_default_named_instance): New function. (cff_service_multi_masters): Updated. * src/truetype/ttgxvar.c (TT_Get_MM_Var): Initialize `var_default_named_instance`. (TT_Get_Default_Named_Instance): New function. * src/truetype/ttgxvar.h: Updated. * src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated. * src/type1/t1driver.c (t1_service_multi_masters): Updated. * docs/CHANGES: Updated.

36a086b6

2023-04-28T19:40:35

* src/sfnt/pngshim.c (Load_SBit_Png): Remove FALL_THROUGH warning.

08268691

2023-04-28T15:32:16

* src/sfnt/ttload.c (tt_face_load_font_dir): Add another guard. Reject 'OTTO' fonts with no valid tables.

0a3836c9

2023-04-25T09:54:09

Improve/add source comments and documentation.

40676afc

2023-04-25T09:30:30

[sfnt] Fix handling of PS names for Variation Fonts. * src/sfnt/sfdriver.c (get_win_string, get_apple_string): Continue construction of string if an invalid character is encountered. Fixes #1218.

e78e2d29

2023-04-06T11:16:29

[sfnt, truetype] Add `size_reset` to `MetricsVariations`. This is a generalization of commit ``` commit e6699596af5c5d6f0ae0ea06e19df87dce088df8 Author: Werner Lemberg <wl@gnu.org> Date: Thu Feb 2 11:38:04 2017 +0100 [truetype] Fix MVAR post-action handling. ``` It is also possible for plain `CFF ` style fonts to contain an `fvar` and `MVAR` table and use `cff_metrics_adjust`. `tt_size_reset` should only be called with `TT_Size` and never with `CFF_Size`. Allow the "metrics-variations" service to specify the correct function (if any) to reset `FT_Size`s after adjusting metrics. * src/truetype/ttobjs.c (tt_size_reset): Split off some functionality into... (tt_size_reset_height): ... this new function. * src/truetype/ttdriver.c (tt_service_metrics_variations): Add `size_reset`. (tt_size_select, tt_size_request): Updated. * src/truetype/ttobjs.h: Updated. * include/freetype/internal/services/svmetric.h (MetricsVariations): Add `size_reset`. (FT_DEFINE_SERVICE_METRICSVARIATIONSREC): Updated. * include/freetype/internal/tttypes.h (TT_FaceRec_): Rename `var` to `tt_var` and add `face_var`. * src/cff/cffdrivr.c (cff_service_metrics_variations): Add `size_reset`. (cff_hadvance_adjust, cff_metrics_adjust): Updated. * src/cff/cffobjs.c (cff_face_init): Use `face_var`. * src/sfnt/sfobjs.c (sfnt_init_face): Initialize `face_var`. * src/sfnt/ttmtx.c (tt_face_get_metrics): Use `tt_var`. * src/truetype/ttgxvar.c (tt_size_reset_iterator): Renamed to... (ft_size_reset_iterator): ... this new function. Call `size_reset`. (tt_apply_mvar): Pass `size_reset` to `ft_size_reset_iterator`. Fixes #1211

1a4c18f7

2023-04-10T15:30:43

Align `char_next` return types. This is mostly cosmetic because FT_UInt and FT_UInt32 are likely identical. * src/sfnt/ttcmap.c, src/cff/cffcmap.c, src/psaux/t1cmap.c, src/psnames/psmodule.c, include/freetype/internal/service/svpcsmap.h, src/pfr/pfrcmap.c, src/winfonts/winfnt.c (*_char_next): return FT_UInt.

d2544433

2023-04-08T23:15:41

[sfnt] Clean up CMAP{4,12,13} handling. This moves the charcode overflow checks upstream and turns some while-loops into the do-while ones to avoid the uninitialized warnings. This should slightly reduce the number of checks and jumps. * src/sfnt/ttcmap.c (tt_cmap{4,12,13}_next, tt_cmap{4.12.13}_char_map_linear): Remove the charcode overflow check. (tt_cmap{4,12,13}_char_map_binary): Ditto and use do-while. (tt_cmap{12,13}_char_next): Add the overflow check.

b0a4f992

2023-04-02T22:45:48

* src/sfnt/ttpost.c (load_format_25): Do not abort frame reading.

340767bf

2023-04-02T22:00:59

* src/sfnt/ttpost.c (load_format_*): Streamline frame reading.

311b78fa

2023-04-02T09:24:16

* src/sfnt/ttpost.c: Formatting and comments.

8f7b1455

2023-04-01T23:37:51

[sfnt] Consolidate POST version 2.0 and 2.5 (pt 2). * src/sfnt/ttpost.c (load_format_20, load_format_25): Update arguments and move shared calls and checks upstream to... (load_post_names): ... this function. (tt_face_free_ps_names, tt_face_get_ps_name): Updated.

9597a62b

2023-04-01T22:34:30

[sfnt] Consolidate POST version 2.0 and 2.5 (pt 1). The deprecated POST version 2.5 can be handled using the data structures of version 2.0. The goal is to reduce the footprint. * include/freetype/internal/tttypes.h (TT_Post_Names): Absorb and... (TT_Post_20, TT_Post_25): ... remove these structures. src/sfnt/ttpost.c (load_post_names, tt_face_get_ps_name, tt_face_free_ps_names, load_format_20): Updated accordingly. (load_format_25): ditto and convert offsets to glyph indices.

6d7b8b22

2023-03-31T23:17:46

[sfnt] Miscellaneous POST clean-ups. * src/sfnt/ttpost.c (load_format_20): Decrease casts. (load_format_25): Check the table length and impose a theoretical glyph number limit usable with 8-bit offset. Decrease casts. (load_post_names): Pass the mapping data length without 2 bytes.

0db69970

2023-03-30T09:06:35

* src/sfnt/ttpost.c (load_format_20): Simplify comutations.

4679fcb6

2023-03-29T00:21:00

[sfnt] Streamline POST format 2.0 handing (cont'd). * src/sfnt/ttpost.c (load_format_20): Co-allocate the string data and their pointers, which makes it easier to handle and free them. (tt_face_free_ps_names): Updated. * include/freetype/internal/tttypes.h (TT_Post_20): Update type.

fc01e7dd

2023-03-05T22:05:24

Fix a couple of MSVC warnings. * src/base/ftcalc.c (FT_MulAddFix): Add cast. * src/sfnt/ttcolr.c (tt_face_get_colorline_stops, read_paint): Ditto.

7ae20e55

2023-03-03T22:41:09

* src/sfnt/sfobjs.c (sfnt_load_face): Shorten de-referencing.

d399657f

2023-02-26T20:18:54

* src/*: Replace leading underscores with trailing ones in dummy variables. This is to avoid clang warnings.

663486a7

2023-02-08T20:56:19

Fix `FT_LOCAL` and `FT_LOCAL_DEF` tags.

ac5babe8

2023-02-08T19:36:10

Fix 'fall-through' warning messages. Modern compilers get more insistent on that... * include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define. * src/*: Use it instead of `/* fall through */` comments.

da9eb9c7

2023-02-07T07:01:36

Fix minor clang and clang++ warnings.

e97544a7

2023-01-28T17:04:38

Minor changes. Comment fixes, typos, removing of unnecessary parentheses.

bacc48e6

2023-01-28T17:04:11

Whitespace.

a297feab

2023-01-17T14:30:48

[sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table. Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044. * src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is too small, don't deallocate delta set index map structures.

65f85237

2023-01-17T09:18:25

Update all copyright notices.

6a179ff7

2023-01-16T16:38:56

sr/*.c: Various minor fixes. * src/autofit/ft-hb.c (_hb_ft_reference_table): Call `FT_UNUSED` after variable declarations. * src/gxvalid/gxvjust.c (gxv_just_widthDeltaClusters_validate): Eliminate unused variable. * src/gzip/ftgzip.c: Don't call GCC '-Wstrict-prototypes' pragma for C++ compiler. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): Remove final semicolon to avoid compiler warning. * src/sfnt/ttsvg.c (tt_face_load_svg_doc): Fix signedness warning.

2692b321

2023-01-03T17:19:02

[sfnt] Remove temporary runtime flag for variable 'COLR' v1. Fixes #1187. * src/sfnt/ttcolr.c (top level, read_paint, tt_face_load_colr, tt_face_free_colr, get_deltas_for_var_index_base, tt_face_get_color_glyph_clipbox, tt_face_get_colorline_stops): Remove macro definition `VARIABLE_COLRV1_ENABLED` and its usage. * src/truetype/ttdriver.c (tt_property_set): Remove parsing of 'TEMPORARY-enable-variable-colrv1' property name. * src/truetype/ttobjs.h (TT_DriverRec): Remove `enable_variable_colrv1` flag.

63f37136

2023-01-04T15:52:41

[sfnt] Fix color stop bounds check calculation at table end. Fixes https://bugs.chromium.org/p/skia/issues/detail?id=14021 * src/sfnt/ttcolr.c (VAR_IDX_BASE_SIZE): New macro. (tt_face_get_colorline_stops): Fix off-by-one bounds check calculation, take `VarColorStop` into account, and hopefully make it easier to read.

26e9028f

2022-12-13T09:53:26

[sdf, sfnt] Handle minor compiler warnings. * src/sdf/ftsdf.c (get_min_distance_conic): Initialize `nearest_point`. * src/sfnt/ttsvg.c (find_doc): Initialize `mid_doc`. Fixes #1195.

0b62c1e4

2022-10-18T14:45:43

[sfnt] Additional bounds checks for `COLR` v1 table handling. * src/sfnt/ttcolr.c (read_paint): Add `colr` argument, necessary for... ... another use of `ENSURE_READ_BYTES`. Update callers. (tt_face_get_paint_layers): Ensure that the 4-byte paint table offset can be read. This is a follow-up to !124 and issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404

b8882a3e

2022-10-18T15:58:02

* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Simplify calculations.

04272824

2022-10-17T18:18:49

[sfnt] Guard individual `COLR` v1 paint field reads. * src/sfnt/ttcolr.c (ENSURE_READ_BYTES): New macro. (read_paint): Use it – after the start pointer `p` has been checked for whether it allows reading the format byte, each successive paint table field read need to be bounds-checked before reading further values. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52404

141d979a

2022-10-10T12:25:51

Minor comment changes.

ff66e912

2022-09-29T17:46:23

* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Use lighter FT_DivFix.

df260139

2022-09-27T17:50:55

[sfnt] Guard access in 'COLR' table when requesting child table pointer. * src/sfnt/ttcolr.c (tt_face_get_colorline_stops, read_paint): Tighten pointer bounds checks. (get_child_table_pointer): Check whether incoming pointer `p` lies within the 'COLR' table. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51816

bd417007

2022-09-26T14:46:42

[sfnt] Add SVG document bounds checking. Add a check that the document content is actually contained within the `SVG ` table. Without this check a malformed font may claim arbitrary memory as its document content. * src/sfnt/ttsvg.c (tt_face_load_svg): Take `numEntries` into account when testing 'documentRecord' extents. (find_doc): Rename `stream` to `document_records` for clarity. (tt_face_load_svg_doc): Split `doc` from `doc_list` pointer for clarity. Test that the document content is contained within the table. Ensure minimum length of document before testing for gzip format. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51812

33ceac2a

2022-09-15T09:47:07

Reject 'COLR' table if version is 1 but header too small. * src/sfnt/ttcolr.c (tt_face_load_colr): If the version is determined to be 1, then the table size has to be at least the size of the v1 header. Also, for peeking the number of base glyphs and entries in the layer list, ensure that the table is sufficiently long. Fixes #1179. Original patch by Sergey Temnikov.

91a7fae7

2022-09-05T15:49:27

[sfnt] Handle variable `COLR` v1 fonts without delta set index map Fixes #1178. * src/sfnt/ttcolr.c (get_deltas_for_var_index_base): Set outer index to 0 and inner index to the delta index when retrieving deltas if the `COLR` table has no delta set index map.

6d62076a

2022-08-30T15:00:37

[sfnt] Pointer sanity checks before reading layer info in 'COLR' v0 * src/sfnt/ttcolr.c (tt_face_get_colr_layer): Check that the pointer to read from is within the 'COLR' table. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50633

a1017e26

2022-08-19T19:07:42

[sfnt] Don't require 'gvar' table to support variation fonts. Fixes #1172. * src/sfnt/sfobjs.c (sfnt_load_face): Tag font as Multiple Masters font if `fvar` is present; do not require other tables to be present. * src/truetype/ttgxvar.c (tt_set_mm_blend): Allow for a missing 'gvar' table when setting variation coordinates. However, if a 'gvar' table is actually present, do perform a sanity check and fail on malformedness. (TT_Get_MM_Var): Don't assume 'fvar' needs 'gvar' or 'CFF2 tables in all cases, which is an overly tight check.

4797b2ff

2022-08-26T12:08:34

[sfnt] Avoid undefined shifts in `COLR` v1 color line retrieval * src/sfnt/ttcolr.c (tt_face_get_colorline_stops): Disambiguate shift behavior by using multiplication using macros from ftcalc.h. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50573

dcb5fc5b

2022-08-02T17:10:25

* src/sfnt/ttload.c: Trace formatting updates.

919561ca

2022-07-30T12:09:21

[sfnt] Implement VarClipBox. * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Depending on the format, read `var_index_base`, then retrieve and apply scaled deltas.

649352ab

2022-07-30T12:09:09

[sfnt] Fix typo in clip box computation. * src/sfnt/ttcolr.c (tt_face_get_color_glyph_clipbox): Use appropriate scale factor for `yMin` and `yMax`.

a3749a64

2022-07-29T21:49:51

Fix compilation if `TT_CONFIG_OPTION_GX_VAR_SUPPORT` is not set. * src/sfnt/ttcolr.c: Protect relevant code with `TT_CONFIG_OPTION_GX_VAR_SUPPORT`.

38dc768a

2022-07-29T21:17:06

Fix clang14 compiler warnings. * include/freetype/internal/ftstream.h (FT_GET_SHORT_LE, FT_GET_USHORT_LE): Fix type. * src/sfnt/ttcolr.c (get_deltas_for_var_index_base): Always return boolean value. (tt_face_get_colorline_stops): Fix type of `var_index_base`.

275b116b

2022-07-05T15:16:31

[sfnt] Support variable 'COLR' v1 `PaintVarSkew*`. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration values `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SKEW`, `FT_COLR_PAINTFORMAT_INTERNAL_SKEW_CENTER`, and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SKEW_CENTER`. (read_paint): Handle new enumeration values.

44fd524e

2022-07-05T15:09:28

[sfnt] Support variable 'COLR' v1 `PaintVarRotate*`. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration values `FT_COLR_PAINTFORMAT_INTERNAL_VAR_ROTATE` and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_ROTATE_CENTER`. (read_paint): Handle new enumeration values.

603fef28

2022-07-05T14:56:22

[sfnt] Support 'COLR' v1 variable `PaintVarScale*`. * src/sfnt/ttcolr.c: (FT_PaintFormatInternal): New enumeration values `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE`, `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE_CENTER`, `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE_UNIFORM`, and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SCALE_UNIFORM_CENTER`. (read_paint): Handle new enumeration values.

d134b9e3

2022-07-05T14:51:48

[sfnt] Support for 'COLR' v1 variable translate. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration value `FT_COLR_PAINTFORMAT_INTERNAL_VAR_TRANSLATE`. (read_paint): Handle new enumeration value.

8ec531c2

2022-07-05T14:47:57

[sfnt] Support for 'COLR' v1 variable transforms. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal): New enumeration value `FT_COLR_PAINTFORMAT_INTERNAL_VAR_TRANSFORM`. (read_paint): Handle new enumeration value.

9c4ad2a9

2022-07-05T14:43:10

[sfnt] Deltas for 'COLR' v1 gradient coordinates. * src/sfnt/ttcolr.c (read_paint) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Read and apply deltas to radial, linear, and sweep gradient coordinates such as 'p0', 'p1', 'p2', 'center', 'radii', and 'angles'.

3414fef7

2022-07-04T16:29:31

[sfnt] Support variable 'COLR' v1 color lines. * include/freetype/ftcolor.h (FT_ColorStopIterator): Add field `read_variable` to indicate whether a variation index base should be read. * src/sfnt/ttcolr.c: (FT_PaintFormat_Internal): New enumerations `FT_COLR_PAINTFORMAT_INTERNAL_VAR_LINEAR_GRADIENT` `FT_COLR_PAINTFORMAT_INTERNAL_VAR_RADIAL_GRADIENT`, and `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SWEEP_GRADIENT`. (read_color_line): New parameter `read_variable`; update callers. (read_paint): Handle new enumerations.

7c151abb

2022-07-04T12:44:06

[sfnt] Apply variation deltas to `PaintVarSolid`. * src/sfnt/ttcolr.c (FT_PaintFormat_Internal_): New enumeration `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SOLID`. (get_deltas_for_var_index_base) [TT_CONFIG_OPTION_GX_VAR_SUPPORT]: New function to retrieve an array of delta values, which will be used for most of 'COLR' v1 variation formats (in follow-up commits). (read_paint): Add `face` parameter; update caller. Handle `FT_COLR_PAINTFORMAT_INTERNAL_VAR_SOLID`.

kc3-lang/freetype/src/sfnt

src/sfnt

Log