Use the `gvar' table size instead of the remaining bytes in the
stream.
* src/truetype/ttgxvar.h (GX_BlendRec): New field `gvar_size'.
* src/truetype/ttgxvar.c (ft_var_load_gvar): Set `gvar_size'.
(ft_var_readpackedpoints, ft_var_readpackeddeltas: New argument
`size'.
(tt_face_vary_cvt, TT_Vary_Apply_Glyph_Deltas): Updated.
These tests should mainly help avoid unnecessarily large memory
allocations in case of malformed fonts.
* src/truetype/ttgxvar.c (ft_var_readpackedpoints,
ft_var_readpackeddeltas): Check number of points against stream
size.
(ft_var_load_avar): Check `pairCount' against table length.
(ft_var_load_gvar): Check `globalCoordCount' and `glyphCount'
against table length.
(tt_face_vary_cvt): Check `tupleCount' and `offsetToData'.
Fix trace.
(TT_Vary_Apply_Glyph_Deltas): Fix trace.
Free `sharedpoints' to avoid memory leak.
* src/pfr/pfrgload.c (pfr_glyph_load_compound): Use multiplication,
not left-shift.
* src/truetype/ttgxvar.c (ft_var_load_avar, ft_var_load_gvar,
tt_face_vary_cvt, TT_Vary_Apply_Glyph_Deltas): Use multiplication,
not left-shift.
This is completely missing in Apple's documentation: If a `gvar'
tuple uses private point numbers (this is, deltas are specified for
some points only), the uncovered points must be interpolated for
this tuple similar to the IUP bytecode instruction. Examples that
need this functionality are glyphs `Oslash' and `Q' in Skia.ttf.
* src/truetype/ttgxvar.c (tt_delta_shift, tt_delta_interpolate,
tt_handle_deltas): New functions.
(TT_Vary_Get_Glyph_Deltas): Renamed to...
(TT_Vary_Apply_Glyph_Deltas): ... this; it directly processes the
points and does no longer return an array of deltas.
Add tracing information.
Call `tt_handle_deltas' to interpolate missing deltas.
Also fix a minor memory leak in case of error.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Updated.
This commit allows `num_coords' to be larger or smaller than the
number of available axes while selecting a design instance, either
ignoring excess data or using defaults if data is missing.
* src/truetype/ttgxvar.c (TT_Set_MM_Blend, TT_Set_Var_Design):
Implement it.
* src/type1/t1load.c (T1_Set_MM_Blend, T1_Set_MM_Design,
T1_Set_Var_Design): Ditto.
* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Correctly handle
single-element runs. Cf. glyph `Q' in Skia.ttf with weights larger
than the default.
* src/truetype/ttgxvar.c (ft_var_readpackedpoints): Fix return value
of `point_cnt' if two bytes are read.
Use a more vertical coding style.
(ft_var_readpackeddeltas): Use FT_UInt for `delta_cnt' parameter.
Use a more vertical coding style.
This is hard-coded to value 2 in `fvar' version 1.0 (and no newer
version exists), but some fonts set it incorrectly.
Problem reported by Adam Twardoch <adam@fontlab.com>.
The functions in this patch *do* return non-trivial errors that must
be taken care of.
* src/autofit/afloader.c (af_loader_load_g), src/base/ftobjs.c
(FT_Render_Glyph_Internal), src/base/ftoutln.c (FT_Outline_Render),
src/cff/cffgload.c (cff_decoder_parse_charstrings) <cff_op_endchar>,
src/psaux/psobjs.c (ps_parser_load_field_table), src/psaux/t1decode
(t1_decoder_parse_charstrings) <op_endchar>, src/truetype/ttgload.c
(load_truetype_glyph <subglyph loop>, tt_loader_init,
TT_Load_Glyph), src/truetype/ttgxvar.c (TT_Set_MM_Blend),
src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Do it.
This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
* include/freetype/internal/ftserv.h (FT_SERVICE_UNAVAILABLE): Use
`logical not' operator instead of negation. The idea is that `~'
returns exactly the data type enforced by the cast to a pointer (be
it 32bit or 64bit or whatever), while a negative integer has not
this flexibility.
* src/cache/ftccmap.c (FTC_CMAP_UNKNOWN): Ditto.
* src/truetype/ttgxvar.c (ALL_POINTS, TT_Get_MM_Var): Ditto.
* src/type/t1load.c (T1_Get_MM_Var): Ditto.
(parse_blend_axis_types): Use cast.
* src/bdf/bdflib.c (_bdf_readstream): Use cast.
* include/freetype/config/ftstdlib.h (FT_USHORT_MAX): New macro.
* src/base/ftbitmap.c (FT_Bitmap_Convert): Protect against invalid
value of `target->rows'.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Add check for
flex start.
* src/raster/ftrend1.c (ft_raster1_render): Check `width' and
`height'.
* src/truetype/ttgxvar.c (TT_Vary_Get_Glyph_Deltas): Protect against
invalid values in `localpoints' array.
src/base/ftmac.c, src/base/ftrfork.c, src/lzw/ftzopen.c,
src/raster/ftrend1.c, src/sfnt/ttpost.c, src/truetype/ttgxvar.c,
src/type42/t42parse.c, src/winfonts/winfnt.c: hardening the code
against out-of-bounds conditions when allocating arrays. This is
for the cases where FT_NEW_ARRAY and FT_RENEW_ARRAY are not used
already. Introducing the new FT_ALLOC_MULT and FT_REALLOC_MULT
macros.