Fixes#1164 by using a volatile variable around `setjmp`. It is hard to
say how this fixes crashes related to certain link-time optimizations.
This does not decrease the rendering performance.
* src/smooth/ftgrays.c (gray_convert_glyph_inner): Use volatile `error`.
* include/freetype/freetype.h (FT_GlyphSlotRec_): update doc
* src/cff/cffgload.c (cff_slot_load): do it
* src/truetype/ttgload.c (TT_Load_Glyph): do it
Fixes: #1156
This issue was discovered with an SVG based font with some documents
compressed and other uncompressed. After loading the first compressed
document the ownership flag on the glyph slot was set to true but never
set to false. As a result after loading a compressed document a glyph
from an uncompressed document would load fine, but when this glyph slot
was cleared it would try to free its document resulting in a wild free.
* src/base/ftobjs.c (ft_glyphslot_clear): clear correct flags
Fixes: #1162
* include/freetype/internal/ftmmtypes.h (FT_ItemVarDelta): Define type
to be used for delta arrays, upgrade to FT_long.
* src/truetype/ttgxvar.c: Adhere to long_words bit and read either
Short/Byte pairs or Long/Short pairs, as defined by spec. For better
readability, define macro for repetitive read code.
* truetype/ttgxvar.c (tt_hvadvance_adjust, tt_apply_mvar,
tt_var_get_item_delta): Remove special 0xFFFF handling in favor of less
redundant handling inside the tt_var_get_item_delta function, as it is
equivalent to returning a 0 delta. Avoids code-duplication checking for
special value 0xFFFF.
This is a preparation for handling `DeltaSetIdxMap` and `VarStore` as a
FreeType service.
* src/truetype/ttgxvar.c (ft_var_done_delta_set_index_map): New function.
(tt_done_blend): Use it.
This was introduced in OpenType 1.8.4.
* src/truetype/ttgxvar.c (ft_var_load_delta_set_index_mapping,
tt_hvadvance_adjust, ft_var_load_mvar, tt_apply_mvar): Handle special
inner/outer index values.
(ft_var_load_item_variation_store): Add test.
Fixes#1154.
==========================
Tag sources with `VER-2-12-1'.
* docs/VERSION.TXT: Add entry for version 2.12.1.
* docs/CHANGES, docs/release: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.12.0/2.12.1/, s/2120/2121/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 24:3:18.
* CMakeLists.txt (VERSION_PATCH): Set to 1.
* src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Return `FT_Err_Ok` if
width or height is zero, since some glyphs do not generate visible bitmaps.
Fixes#1150.
Fixes#1148 by moving the flag initialization back, partly reverting
7809007a and fd03dcc1. Initializing these flags elsewhere skips 'cvt'.
* src/truetype/ttinterp.c (TT_RunIns): Initialize the IUP flag here...
(TT_Run_Context): ... instead of here.
==========================
Tag sources with `VER-2-12-0'.
* docs/VERSION.TXT: Add entry for version 2.12.0.
* docs/CHANGES, docs/release: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.11.1/2.12.0/, s/2111/2120/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 12.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:2:18.
* CMakeLists.txt (VERSION_MINOR): Set to 12.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (do-dist): Generate `ChangeLog` entries for all commits
since version 2.11.0 (when we stopped creating this file manually).
This is another bit to handle 'sbix' tables as described in the OpenType
specification.
* include/freetype/ftparams.h (FT_PARAM_TAG_IGNORE_SBIX): New macro.
* src/sfnt/sfobjc.c (is_apple_sbix): Rename to...
(has_sbix): ... this.
Check for more sbit tables.
Handle `FT_PARAM_TAG_IGNORE_SBIX` to eventually control `has_sbix`.
Only call sbit table loader if an sbit table is present.
* src/sfnt/ttsbit.c (tt_face_load_sbix_image): Correct calculation of
'metrics->horiBearingY'.
Set vertical metrics.
* src/sfnt/sfobjs.c (sfnt_load_face): Adjust setting of `FT_FACE_FLAG_SBIX`.
Handle metrics of fonts with 'sbix' table.
* src/truetype/ttgload.c (TT_Load_Glyph): For 'sbix' embedded bitmaps, apply
bbox offset and bearing values of the corresponding glyph in the 'glyf'
table if it exists and has a contour.
* src/truetype/ttobjs.c (tt_face_init): Handle font with 'sbix' table.
Fixes issue #998.
Fonts with 'sbix' tables need special handling by the application.
* include/freetype/freetype.h (FT_FACE_FLAG_SBIX, FT_HAS_SBIX): New macros.
* src/sfnt/sfobjs.c (sfnt_load_face): Set `FT_FACE_FLAG_SBIX` if 'sbix'
table is present.
In the woff2 spec it has been proposed to allow the OVERLAP_SIMPLE flag
to be retained through the woff2 format [0].
[0] https://www.w3.org/TR/WOFF2/#glyf_table_format
* src/sfnt/sfwoff2.h (GLYF_OVERLAP_SIMPLE): add glyf flag.
* src/sfnt/sfwoff2.c (reconstruct_glyf): parse optionFlags and
overlapSimpleBitmap[]. (store_points): set OVERLAP_SIMPLE on first point's
flag if the overlap bit is set.
* src/sdf/ftsdf.c (sdf_generate_bounding_box): Always check for a corner if
two distances (for different curves) are very close.
(sdf_conic_to): Check whether the conic curve can be treated as a line
(which happens if the control point coincides with any end point).
* src/sdf/ftsdf.c (split_sdf_cubic, split_sdf_shape): Add checks to figure
out the deviation of Bezier curves and stop splitting if the curve is flat
enough.
* src/sdf/ftsdfcommon.h (ONE_PIXEL): New macro.
The `SVG_DOCUMENT_LIST_MINIMUM_SIZE` macro is non trivial and not
protected by parentheses. As a result, the expression
`table_size - SVG_DOCUMENT_LIST_MINIMUM_SIZE` expands to
`table_size - 2U + SVG_DOCUMENT_RECORD_SIZE` instead of the expected
`table_size - (2U + SVG_DOCUMENT_RECORD_SIZE)`. This causes an incorrect
bounds check which may lead to reading past the end of the `SVG ` table.
* src/sfnt/ttsvg.c (tt_face_load_svg): wrap macro definitions in
parentheses.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45179
It is possible for OtherSubr 19 to be invoked when `decoder->buildchar` is
NULL (so that `decoder->len_buildchar` is 0), the `blend` is non-NULL with
`blend->num_designs` set to 2, and the user supplied `idx` to be large (for
example 0xFFFFFFFE). Since these are all `FT_UInt32` the existing bounds
check overflows in a well defined manner, allowing for an invalid call to
`memcpy`.
In addition, it is possible to call OtherSubr 19 with
`decoder->len_buildchar`, `blend->num_designs`, and `idx` all zero (implying
that `blend->weight_vector` and `decoder->buildchar` are NULL). This passes
the bounds check (it is logically always fine to copy nothing starting at
index zero) but may invoke undefined behavior in `ft_memcpy` if it is backed
by `memcpy`. Calling `memcpy` with either the `src` or `dst` NULL is
undefined behavior (even if `count` is zero).
* src/psaux/psintrp.c (cf2_interpT2CharString): Correctly check that
`blend->num_designs` can be copied to `decoder->buildchar[idx]`.
Also avoid passing NULL to `ft_memcpy`.
Bug: https://crbug.com/1299259
Before the change, the hinting engine frequently confused horizontal
stem and serif hints making some stems too thin and some serifs too
thick. The value was tuned using serif fonts from the URW+ base 35
collection.
* src/pshinter/pshalgo.c [PSH_STRONG_THRESHOLD_MAXIMUM]: s/30/12/.
Since Type42 fonts don't have a 'Private' dictionary, the return value
should be `FT_Err_Invalid_Argument`.
* src/type42/t42drivr.c (t42_ps_get_font_private): Removed.
(t42_service_ps_info): Updated.
In PS hinter, memory allocations persist until the module is done.
Therefore, we have to clear reused masks.
* src/pshinter/pshrec.c (ps_mask_table_alloc): Clear reused mask.
We forgot to update the number of bits when merging a larger mask
into a smaller one. This fix might have rendering effects.
* src/pshinter/pshrec.c (ps_mask_table_merge): Inherit the number
of bits from a larger mask. There is no need to zero unused bits,
already zeroed during allocation.
(ps_mask_clear_bit): Removed.
(ps_mask_ensure): Minor.
* src/pshinter/pshrec.c (ps_hint_table_ensure): Remove redundant size
check; avoid array zeroing because it is fully initialized when used.
(ps_hint_table_alloc): Fix off-by-one comparison and remove another
zeroing of the array elements.
The old impleemntation was not using `FT_REALLOC`, buing too careful
with the offset rebasing. It shoudl be safe to rely on the base
movements.
* src/psaux/psobjs.c (reallocate_t1_table, shift_elements): Combine
into...
(ps_table_realloc): ... this function based on `FT_REALLOC`.
(ps_table_done): Simplified.
(ps_table_add): Updated.
* src/base/ftrfork.c (raccess_make_file_name): Do not set error.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string): Ditto.
* src/cff/cffobjs.c (cff_strcpy): Do not confuse about error.
* src/psaux/psobjs.c (ps_table_done): Ditto.
* src/truetype/ttgxvar.c (ft_var_readpacked*, ft_var_load_avar): Ditto.
Function `map_fixed_to_sdf` expects spread to be absolute
and not squared.
* src/sdf/ftbsdf.c (finalize_sdf): Pass absolute spread
while `map_fixed_to_sdf`.
* src/sdf/ftsdf.c (sdf_generate_bounding_box): Ditto.
* src/sfnt/ttsvg.c (SVG_TABLE_HEADER_SIZE, SVG_DOCUMENT_RECORD_SIZE,
SVG_DOCUMENT_LIST_MINIMUM_SIZE, SVG_MINIMUM_SIZE): New macros.
(tt_face_load_svg): Check offsets.
Check table and record sizes.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43918
* include/freetype/config/ftheader.h (FT_OTSVG_H): New macro.
* include/freetype/freetype.h (FT_FACE_FLAG_SVG, FT_HAS_SVG): New macros.
(FT_LOAD_SVG_ONLY): New internal macro.
* include/freetype/ftimage.h (FT_Glyph_Format): New enumeration value
`FT_GLYPH_FORMAT_SVG`.
* include/freetype/internal/ftobjs.h (FT_GLYPH_OWN_GZIP_SVG): New macro.
* include/freetype/internal/fttrace.h: Add `ttsvg` for `ttsvg.c`.
* include/freetype/internal/sfnt.h(load_svg, free_svg, load_svg_doc): New
functions.
* include/freetype/internal/tttypes.h (TT_FaceRec): Add `svg` for
the SVG table.
* include/freetype/otsvg.h (FT_SVG_DocumentRec): New structure to hold the
SVG document and other necessary information of an OT-SVG glyph in a glyph
slot.
* include/freetype/tttags.h (TTAG_SVG): New macro.
* src/base/ftobjs.c: Include `otsvg.h`.
(ft_glyphslot_init): Allocate `FT_SVG_DocumentRec` in `slot->other`
if the SVG table exists.
(ft_glyphslot_clear): Free it upon clean-up if it is a GZIP compressed
glyph.
(ft_glyphslot_done): Free the document data if it is a GZIP compressed
glyph.
(FT_Load_Glyph): Don't auto-hint SVG documents.
* src/cache/ftcbasic.c (ftc_basic_family_load_glyph): Add support for
FT_GLYPH_FORMAT_SVG.
* src/sfnt/rules.mk (SFNT_DRV_SRC): Add `ttsvg.c`.
* src/sfnt/sfdriver.c: Include `ttsvg.h`.
(sfnt_interface): Add `tt_face_load_svg`, `tt_face_free_svg` and
`tt_face_load_svg_doc`.
* src/sfnt/sfnt.c: Include `ttsvg.c`.
* src/sfnt/sfobjs.c (sfnt_load_face, sfnt_done_face): Add code to load and
free data of the the SVG table.
* src/sfnt/ttsvg.c: New file, implementing `tt_face_load_svg`,
`tt_face_free_svg` and `tt_face_load_svg_doc`.
* src/sfnt/ttsvg.h: Declarations of the SVG functions in
`ttsvg.c`.
It might be surprising that FreeType does not have default ppem and
the size has to be set explicitly or face undefined behavior with
undefined variables and errors. This offers an alternative to
missing or zero scale by simply setting FT_LOAD_NO_SCALE. Defined
behavior is bettr than undefined one.
This is alternative to !132 and discussed in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43708
* src/base/ftobjs.c (FT_Load_Glyph): Deal with zero scale.
* include/freetype/freetype.h: Document it.
The `normal_top.count` may be 0, implying no `normal_top.zones` exist.
The code must not access these (non-existent) `normal_top.zones`.
* src/pshinter/pshalgo.c (ps_hints_apply): Do not assume that
`normal_top.zones[0]` is initialized. Test `normal_top.count`
before using `normal_top.zones[0]`. Do not rescale if there are no
`zones`.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43675
According to the bzip documentation it is undefined what will happen if
`BZ2_bzDecompress` is called on a `bz_stream` it has previously returned an
error against. If `BZ2_bzDecompress` returns anything other than `BZ_OK`
the only valid next action is `BZ2_bzDecompressEnd`.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43564
* src/bzip2/ftbzip2.c (FT_BZip2FileRec_): Add `reset` to track the need to
reset the stream.
(ft_bzip2_file_init): Initialize `reset` to 0.
(ft_bzip2_file_reset): Set `reset` to 0 after resetting.
(ft_bzip2_file_fill_output): Set `reset` to 1 when `BZ2_bzDecompress`
returns anything other than `BZ_OK`.
This reverts commit d276bcb7f0c02c20d3585b2e5626702df6d140a6.
The original commit did avoid the use of uninitialized memory. However,
it appears that the original commit is no longer required. The
underlying issue was resolved by a change in freetype2-testing "Build
bzip2 correctly." [0]. Prior to [0] bzip2 was built without msan, so
bzip2 writes were not tracked or considered initialized. Clearing
`buffer` in the original commit allowed msan to see the `buffer` content
initialized once in FreeType code, but msan saw no writes into buffer
from bzip2. With bzip2 now built with msan, the bzip2 writes are
properly instrumented and msan sees the bzip2 writes into the buffer. As
a result the original commit can be safely reverted to allow for better
detection of other uninitialized data scenarios.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Revert to using `FT_QNEW`.
[0] 3c052a837a
Currently `T42_Open_Face` eagerly allocates 12 bytes for the ttf header
data which it expects `t42_parse_sfnts` to fill out from /sfnts data.
However, there is no guarantee that `t42_parse_sfnts` will actually be
called while parsing the type42 data as the /sfnts array may be missing
or very short. This is also confusing behavior as it means
`T42_Open_Face` is tightly coupled to the implementation of the very
distant `t42_parse_sfnts` code which requires at least 12 bytes to
already be reserved in `face->ttf_data`.
`t42_parse_sfnts` itself eagerly updates `face->ttf_size` to track how
much space is reserved for ttf data instead of traking how much data has
actually been written into `face->ttf_data`. It will also act strangely
in the presense of multiple /sfnts arrays.
* src/type42/t42objs.c (T42_Open_Face): ensure `ttf_data` is initialized
to NULL. Free `ttf_data` on error.
* src/type42/t42parse.c (t42_parse_sfnts): delay setting `ttf_size` and
set it to the actual number of bytes read. Ensure `ttf_data` is freed
if there are multiple /sfnts arrays or there are any errors.
While using zlib in 'solo' mode (via the `Z_SOLO` macro), we actually
include some standard header files, making the typedef fail on systems where
the native `ptrdiff_t` type differs.
Fixes#1124.
* src/zlib/zutil.h: Comment out definition; it doesn't work on Windows.
* src/zlib/patches/freetype-zlib.diff: Updated.
We now first apply zlib's `zlib2ansi` script, then FreeType's patch file.
* src/gzip/README.freetype: Updated.
* patches/0001-zlib-Fix-zlib-sources-to-compile-for-FreeType.patch: Renamed
to...
* patches/freetype-zlib.diff: This.
Clean up description, then regenerate it as follows:
- Copy unmodified files from `zlib` repository.
- Run `zlib2ansi` script.
- Run `git diff -R > patches/freetype-zlib.diff.new`.
- Insert patch description of old diff file, then replace old diff with
new diff file.
This can be tested by building with the Unix development build
make setup devel
make
or by building the freetype-demos programs with
meson setup build -Dfreetype2:zlib=internal
meson compile -C out
and trying to run `ftview` with a `.pcf.gz` font file.
* src/gzip/ftgzip.c, src/gzip/rules.mk: Update for new zlib sources. Also
remove the temporary fix introduced in commit 6a431038 to work around the
fact that the internal sources were too old.
* src/gzip/README.freetype: New file describing the origin of the sources
and how they were modified.
* src/gzip/patches/*: Patch files applied to original sources.
* src/gzip/*: Updated zlib sources with the patch file(s) from
`src/gzip/patches/` applied, followed by a conversion with zlib's
`zlib2ansi` script.
* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
`FT_NEW` for setting up `zip` to avoid uninitialized memory access while
handling malformed PCF fonts later on.
Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
The 0-base index is equal to the number of previosly parsed entries.
It is an error to adjust it by one to get the number truncated by
a stream error. This is probably inconsequential because valid
entries are correctly accounted for.
* src/sfnt/ttload.c (check_table_dir): Do not adjust the truncated
number of tables.
Really fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42773.
* src/sfnt/ttload.c (check_table_dir): Revert change.
* src/type42/t42.parse.c (t42_parse_sfnts): Don't use `FT_QREALLOC` but
`FT_REALLOC` for setting up `ttf_data` to avoid uninitialized memory access
while handling malformed TrueType fonts later on.
