Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
* src/sfnt/sfobjs.c (sfnt_init_face): While setting number of
instances to zero for `CFF' fonts table, ensure that there is no
`CFF2' present also (which gets priority).
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
* src/sfnt/sfobjs.c (sfnt_init_face): While setting number of
instances to zero for `CFF' fonts table, ensure that there is no `glyf'
present also (which gets priority).
As documented in the OpenType specification, an entry for the
default instance may be omitted in the named instance table. In
particular this means that even if there is no named instance table
in the font we actually do have a named instance, namely the default
instance.
For consistency, we always want the default instance in our list of
named instances. If it is missing, we try to synthesize it.
* src/sfnt/sfobjs.c (sfnt_init_face): Check whether the default
instance is in the table of named instances. Otherwise adjust
number of instances.
* src/truetype/ttgxvar.c: Include FT_TRUETYPE_IDS_H.
(TT_Get_MM_Var): Use `face->root.style_flags' as the number of named
instances.
Sythesize a named instance entry if necessary.
(tt_done_blend): Free `normalized_stylecoords'.
* src/sfnt/sfdriver.c (sfnt_ps_map): New array.
(sfnt_is_postscript): New function.
(char_type_func): New typedef.
(get_win_string, get_apple_string): Add argument to specify
character checking function.
Add argument whether argument checking failures should be reported.
Update callers.
(search_name_id): Fix return value.
* src/sfnt/sfdriver.c (sfnt_get_ps_name): Split off some
functionality into...
(IS_WIN, IS_APPLE): ... New macros.
(get_win_string, get_apple_string): ... New functions.
Only now I've got an OTF with an HVAR table for testing...
The code in `ftmm.c' uses `FT_FACE_LOOKUP_SERVICE' to get the
metrics variations interface. However, this didn't work with
`FT_FACE_FIND_GLOBAL_SERVICE' used in `sfnt_init_face'.
* src/cff/cffdrivr.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(cff_hadvance_adjust, cff_metrics_adjust): Wrapper functions for
metric service functions from the `truetype' module.
(cff_service_metrics_variations): New service.
(cff_services): Updated.
* src/cff/cffpic.h (CFF_SERVICE_METRICS_VAR_GET): New macro.
[FT_CONFIG_OPTION_PIC]: Synchronize code.
* src/sfnt/sfobjs.c (sfnt_init_face): Replace call to
FT_FACE_FIND_GLOBAL_SERVICE with `ft_module_get_service' to always
load the service from the `truetype' module.
* include/freetype/internal/tttypes.h (TT_LangTagRec): New
structure.
(TT_NameTableRec): Add fields `numLangTagRecords' and `langTags'.
* src/sfnt/ttload.c (tt_face_load_name): Add support for language
tags.
Reduce array size of name strings in case of invalid entries.
(tt_face_free_name): Updated.
* docs/CHANGES: Updated.
Show more macros in the reference: TT_MAC_LANGID_XXX, TT_MS_LANGID_XXX,
TT_NAME_ID_XXX, TT_UCR_XXX.
This commit is viewed best with
git diff --color-words='[^*/ ]+'
Without this patch, requesting information for face index N returned
the data for face index N+1 (or index 0).
* src/sfnt/sfobjs.c (sfnt_init_face): Correctly adjust `face_index'
for negative `face_instance_index' values.
* include/freetype/internal/tttypes.h (TT_FACE_FLAG_VAR_XXX):
New macros describing available functionality of various OpenType
tables related to font variation.
(TT_Face): New fields `variation_support' and `mvar_support',
replacing and extending `use_fvar'.
* src/sfnt/sfobjs.c (sfnt_init_face, sfnt_load_face): Use
`variation_support'.
* src/truetype/ttgxvar.c (ft_var_load_hvar): Set `variation_support'
field.
(TT_Vary_Apply_Glyph_Deltas): Updated.
This is better behaviour than exiting with an error.
* include/freetype/internal/tttypes.h (TT_Face): Add `use_fvar'
field.
* src/sfnt/sfobjs.c (sfnt_init_face): Compute `use_fvar', also
updating the validation code.
Use `use_fvar' to compute FT_FACE_FLAG_MULTIPLE_MASTERS.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Remove `fvar' validation
code.
* include/freetype/internal/tttypes.h (TT_Face): Move
`is_default_instance' into TT_CONFIG_OPTION_GX_VAR_SUPPORT
block.
* src/sfnt/sfobjs.c (sfnt_init_face): Updated.
* src/truetype/ttgload.c (IS_DEFAULT_INSTANCE): New macro.
(TT_Load_Glyph): Use it.
* src/sfnt/sfobjs.c (sfnt_init_face): If the axis count in `fvar' is
zero, set `num_instances' to zero.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Handle `fvar' table with
zero axes as invalid.
* src/truetype/ttobjs.c (tt_face_init): Improve logic of loading
`loca', `cvt', `fpgm', and `prep' table.
* src/base/ftobjs.c (FT_Open_Face): Return info on number of
available faces and numbered instances, or the indices of the
requested face and numbered instance.
* src/sfnt/sfobjs. (sfnt_open_font): Trace number of subfonts.
No effect yet; service functions will be implemented later on.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/services/svmetric.h: New file.
* include/freetype/internal/ftserv.h
(FT_SERVICE_METRICS_VARIATIONS_H): New macro.
* include/freetype/internal/tttypes.h (TT_Face): New field `var'.
* src/sfnt/sfobjs.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(sfnt_init_face): Initialize `face->var'.
* src/truetype/ttdriver.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(tt_service_metrics_variations): New service.
(tt_services): Updated.
* src/truetype/ttpic.h: Updated.
The code simply uses the MM functions from the `truetype' module.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/tttypes.h (TT_Face): New field `mm'.
* src/cff/cffdrivr.c: Include FT_SERVICE_MULTIPLE_MASTERS_H.
(cff_set_mm_blend, cff_get_mm_blend, cff_get_mm_var,
cff_set_var_design, cff_get_var_design): New functions.
(cff_service_multi_masters): New service.
(cff_services): Updated.
* src/cff/cffload.c (cff_get_var_blend, cff_done_blend): New
functions.
* src/cff/cffload.h: Updated.
* src/cff/cffpic.h (CFF_SERVICE_MULTI_MASTERS_GET): New macro.
* src/sfnt/sfobjs.c: Include FT_SERVICE_MULTIPLE_MASTERS_H.
(sfnt_init_face): Initialize `face->mm'.
CFF2 fonts will need access to those two functions.
* include/freetype/internal/sfnt.h: Include FT_SERVICE_GLYPH_DICT_H.
(SFNT_Interface): Add `get_glyph_name' and `get_name_index' members.
(FT_DEFINE_SFNT_INTERFACE): Updated.
* src/sfnt/sfdriver.c (sfnt_get_glyph_name, sfnt_get_name_index):
Fix signatures to exactly correspond to the glyph dict service
function typedefs.
(sfnt_interface): Updated.
It's unavoidable to call the PNG engine, but to get the metrics it
is sufficient to read the PNG image's header only.
* src/sfnt/pngshim.c (Load_SBit_Png): Add argument to control the
allocation of the glyph slot.
* src/sfnt/pngshim.h: Updated.
* src/sfnt/ttsbit.c (tt_sbit_decoder_load_png,
tt_face_load_sbix_image, tt_face_load_sbit_image): Updated.
This also fixes a bug introduced in 2016-10-01 which prevents
display of embedded bitmap fonts that use the `sbix' format.
* src/sfnt/ttsbit.c (tt_face_load_sbit): Store `sbix' size and
offset also in `ebdt_size' and `ebdt_start', respectively. This
makes the test for an embedded bitmap data table succeed for this
format.
(tt_face_load_strike_metrics) <TT_SBIT_TABLE_TYPE_SBIX>: Use
`ebdt_size' and `ebdt_start'
(tt_face_load_sbix_image): Ditto.
`FT_Load_Glyph' doesn't generate a bitmap for a non-bitmap glyph
until the user calls `FT_Render_Glyph'. However, it always
allocates memory for bitmaps and copies or decodes the contents of a
bitmap glyph, which can be quite slow for PNG data.
* include/freetype/freetype.h (FT_LOAD_BITMAP_METRICS_ONLY): New
macro.
* src/base/ftobjs.c (FT_Load_Glyph): Unset FT_LOAD_RENDER if
FT_LOAD_BITMAP_METRICS_ONLY is used.
* src/sfnt/ttsbit.c (tt_sbit_decoder_alloc_bitmap,
tt_sbit_decoder_load_bitmap): Add argument to control allocation of
the glyph slot.
(tt_sbit_decoder_load_image, tt_sbit_decoder_load_compound,
tt_face_load_sbit_image): Updated.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Quickly exit if
`FT_LOAD_BITMAP_METRICS_ONLY' is set.
* src/pfr/pfrsbit.c, src/pfr/pfrsbit.h (pfr_slot_load_bitmap): Add
argument to control allocation of the glyph slot.
* src/pfr/pfrobjs (pfr_slot_load): Updated.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto.
* docs/CHANGES: Updated.
Problems reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40
We now map the strike index right before accessing the physical
data, not earlier.
* src/sfnt/sfobjs.c (sfnt_load_face): Set `face->sbit_strike_map'
after creating the map so that...
* src/sfnt/ttsbit.c (tt_face_load_strike_metrics): ... this function
can be used before and after setting up `sbit_strike_map'.
(tt_face_set_sbit_strike): Revert change.
(tt_sbit_decoder_init, tt_face_load_sbix_image): Map strike index.
* src/truetype/ttdriver.c (tt_size_select): Revert change.
FreeType tries to sanitize strike header data; we now reject
completely broken ones.
* include/freetype/internal/tttypes.h (TT_FaceRec): New
`sbit_strike_map' array pointer.
* src/base/ftobjs.c (FT_Match_Size): Reject matches where either
width or height would be zero.
Add tracing message in case of error.
* src/sfnt/sfobjs.c (sfnt_load_face): Populate `sbit_strike_map',
only using (more or less) valid strike header data for
FT_Face's `available_sizes' array.
(sfnt_done_face): Updated.
* src/sfnt/ttsbit.c (tt_face_set_sbit_strike): Use
`sbit_strike_map'.
(tt_face_load_strike_metrics): Improve tracing.
* src/truetype/ttdriver.c (tt_size_select): Use `sbit_strike_map'.
