CFF2 fonts will need access to those two functions.
* include/freetype/internal/sfnt.h: Include FT_SERVICE_GLYPH_DICT_H.
(SFNT_Interface): Add `get_glyph_name' and `get_name_index' members.
(FT_DEFINE_SFNT_INTERFACE): Updated.
* src/sfnt/sfdriver.c (sfnt_get_glyph_name, sfnt_get_name_index):
Fix signatures to exactly correspond to the glyph dict service
function typedefs.
(sfnt_interface): Updated.
It's unavoidable to call the PNG engine, but to get the metrics it
is sufficient to read the PNG image's header only.
* src/sfnt/pngshim.c (Load_SBit_Png): Add argument to control the
allocation of the glyph slot.
* src/sfnt/pngshim.h: Updated.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_png,
tt_face_load_sbix_image, tt_face_load_sbit_image): Updated.
This also fixes a bug introduced in 2016-10-01 which prevents
display of embedded bitmap fonts that use the `sbix' format.
* src/sfnt/ttsbit.c (tt_face_load_sbit): Store `sbix' size and
offset also in `ebdt_size' and `ebdt_start', respectively. This
makes the test for an embedded bitmap data table succeed for this
format.
(tt_face_load_strike_metrics) <TT_SBIT_TABLE_TYPE_SBIX>: Use
`ebdt_size' and `ebdt_start'
(tt_face_load_sbix_image): Ditto.
`FT_Load_Glyph' doesn't generate a bitmap for a non-bitmap glyph
until the user calls `FT_Render_Glyph'. However, it always
allocates memory for bitmaps and copies or decodes the contents of a
bitmap glyph, which can be quite slow for PNG data.
* include/freetype/freetype.h (FT_LOAD_BITMAP_METRICS_ONLY): New
macro.
* src/base/ftobjs.c (FT_Load_Glyph): Unset FT_LOAD_RENDER if
FT_LOAD_BITMAP_METRICS_ONLY is used.
* src/sfnt/ttsbit.c (tt_sbit_decoder_alloc_bitmap,
tt_sbit_decoder_load_bitmap): Add argument to control allocation of
the glyph slot.
(tt_sbit_decoder_load_image, tt_sbit_decoder_load_compound,
tt_face_load_sbit_image): Updated.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Quickly exit if
`FT_LOAD_BITMAP_METRICS_ONLY' is set.
* src/pfr/pfrsbit.c, src/pfr/pfrsbit.h (pfr_slot_load_bitmap): Add
argument to control allocation of the glyph slot.
* src/pfr/pfrobjs (pfr_slot_load): Updated.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto.
* docs/CHANGES: Updated.
Problems reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40
We now map the strike index right before accessing the physical
data, not earlier.
* src/sfnt/sfobjs.c (sfnt_load_face): Set `face->sbit_strike_map'
after creating the map so that...
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): ... this function
can be used before and after setting up `sbit_strike_map'.
(tt_face_set_sbit_strike): Revert change.
(tt_sbit_decoder_init, tt_face_load_sbix_image): Map strike index.
* src/truetype/ttdriver.c (tt_size_select): Revert change.
FreeType tries to sanitize strike header data; we now reject
completely broken ones.
* include/freetype/internal/tttypes.h (TT_FaceRec): New
`sbit_strike_map' array pointer.
* src/base/ftobjs.c (FT_Match_Size): Reject matches where either
width or height would be zero.
Add tracing message in case of error.
* src/sfnt/sfobjs.c (sfnt_load_face): Populate `sbit_strike_map',
only using (more or less) valid strike header data for
FT_Face's `available_sizes' array.
(sfnt_done_face): Updated.
* src/sfnt/ttsbit.c (tt_face_set_sbit_strike): Use
`sbit_strike_map'.
(tt_face_load_strike_metrics): Improve tracing.
* src/truetype/ttdriver.c (tt_size_select): Use `sbit_strike_map'.
This commit avoids `EBDT' and friends being looked up again and
again while loading a single embedded bitmap.
* include/freetype/internal/tttypes.h (TT_FaceRec)
[TT_CONFIG_OPTION_EMBEDDED_BITMAPS]: New fields `ebdt_start' and
`ebdt_size'.
* src/sfnt/ttsbit.c (tt_sbit_decoder_init): Move table lookup to ...
(tt_face_load_sbit): ... this function; also store the table size
and offset.
`FT_Get_Advance' returns 0 for bitmap fonts. It first gets the
advance value from the font table and then scales it by the
`font->size->metrics->x_scale' field. But `FT_Select_Size' doesn't
set that value for bitmap fonts and the advance gets scaled to zero.
Taken from
https://github.com/behdad/harfbuzz/issues/252
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics)
<TT_SBIT_TABLE_TYPE_EBLC>: Set scale values.
Since 2016-05-16 we detect infinite recursion directly.
* src/sfnt/ttload.c (tt_face_load_maxp): Don't adjust
`maxComponentDepth'.
* src/truetype/ttgload.c (load_truetype_glyph): Don't abort if
`maxComponentDepth' is not valid. Instead, simply adjust its value
and emit a tracing message.
The new code only displays the first master in the font.
* src/cff/cffgload.c (cff_decode_parse_charstrings): Add new
parameter to allow function calls from dictionaries also.
<cff_op_blend>: Partially implement it.
Update all callers.
* src/cff/cffgload.h: Updated.
* src/cff/cffparse.c (cff_parser_init): Add new parameter to pass the
number of Multiple Master designs.
Update all callers.
(cff_parse_multiple_master): New function to rudimentarily parse
operator.
(cff_parser_run): Handle `T2' operator.
* src/cff/cffparse.h: Updated.
(CFF_ParserRec): Add `num_designs' field.
* src/cff/cffload.c: Updated.
* src/cff/cfftoken.h: Handle `MultipleMaster' operator.
* src/cff/cfftypes.h (CFF_FontRecDictRec): Add `num_designs' field.
* src/sfnt/sfobjs.c (sfnt_init_face): Don't handle `fvar' table for
MM CFFs.
Problem reported by Nikolay Sivov <bunglehead@gmail.com>.
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): Avoid zero value
for `metrics->height' by applying some heuristics.
* src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Add code to better
skip invalid segments.
If searching the next character, provide a more efficient logic to
speed up the code.
While the current code in `FT_Get_Next_Char' correctly rejects
out-of-bounds glyph indices, it can be extremely slow for malformed
cmaps that use 32bit values. This commit tries to improve that.
* src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next,
tt_cmap12_char_map_binary, tt_cmap13_next,
tt_cmap13_char_map_binary): Reject glyph indices larger than or
equal to the number of glyphs.
* src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds
glyph indices.
(FT_Get_First_Char): Updated.
* src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character
codes greater than 0xFFFF.
(tt_cmap8_char_index): Avoid integer overflow in computation of
glyph index.
(tt_cmap8_char_next): Avoid integer overflows in computation of
both next character code and glyph index.
(tt_cmap10_char_index): Fix unsigned integer logic.
(tt_cmap10_char_next): Avoid integer overflow in computation of
next character code.
(tt_cmap12_next): Avoid integer overflows in computation of both
next character code and glyph index.
(tt_cmap12_char_map_binary): Ditto.
(tt_cmap12_char_next): Simplify.
(tt_cmap13_char_map_binary): Avoid integer overflow in computation
of next character code.
(tt_cmap13_char_next): Simplify.
This patch fixes weaknesses in function `tt_face_load_font_dir'.
- It incorrectly assumed that valid tables are always at the
beginning. As a consequence, some valid tables after invalid
entries (which are ignored) were never seen.
- Duplicate table entries (this is, having the same tag) were not
rejected.
- The number of valid tables was sometimes too large, leading to
access of invalid tables.
* src/sfnt/ttload.c (check_table_dir): Add argument to return number
of valid tables.
Add another tracing message.
(tt_face_load_font_dir): Only allocate table array for valid
entries as returned by `check_table_dir'.
Reject duplicate tables and adjust number of valid tables
accordingly.
For functions querying a face, bits 16-30 of the face index can hold
the named instance index if we have a GX font. The indices start
with value 1; value 0 indicates font access without GX variation
data.
* include/freetype/freetype.h (FT_FaceRec): Update documentation.
* include/freetype/internal/sfnt.h: Ditto.
* src/sfnt/sfobjs.c (sfnt_init_face)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Get number of named instances and
do argument checks.
(sfnt_load_face): Updated.
* src/truetype/ttobjs.c (tt_face_init)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Use named instance, overwriting
the style name.
* src/base/ftobjs.c (open_face_from_buffer,
open_face_PS_from_sfnt_stream): Updated.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Updated.
* src/cff/cffload.c (cff_font_load): Updated.
* src/cff/cffobjs.c (cff_face_init): Make function exit early for
pure CFF fonts if `font_index < 0'.
Updated.
* src/cid/cidobjs.c (cid_face_init): Updated.
* src/pcf/pcfdrivr.c (PCF_Face_Init): Updated.
* src/pfr/pfrobjs.c (pfr_face_init): Updated.
* src/type1/t1objs.c (T1_Face_Init): Updated.
* src/type42/t42objs.c (T42_Face_Init): Updated.
* src/winfonts/winfnt.c (fnt_face_get_dll_font, FNT_Face_Init):
Updated.
* docs/CHANGES: Updated.
