* src/base/ftoutln.c (FT_Outline_Transform): Bail on empty points.
* src/cff/cffload.c (cff_subfont_load): Use `FT_OFFSET'.
* src/psaux/psft.c (cf2_decoder_parse_substrings): Early out if
`charstring_base' or `charstring_len' are null.
* src/sfnt/ttload.c (tt_face_load_name): Use `FT_OFFSET'.
* src/base/ftgloadr.c (FT_GlyphLoader_Adjust_Points,
FT_GlyphLoader_Adjust_Subglyphs): Use `FT_OFFSET'.
(FT_GlyphLoader_CreateExtra): Add short cut if some values are zero.
Use this for `base + offset' pointer calculations where `base' can
be NULL (triggering a sanitizer warning even if the resulting
pointer gets never dereferenced since it is undefined behaviour
in C).
Suggested by Ben Wagner.
Also reduce number of SFNT table lookups.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18065
* include/freetype/internal/wofftypes.h (WOFF2_InfoRec): Add fields
`glyf_table', `loca_table', and `head_table'.
* src/sfnt/sfwoff2.c (reconstruct_glyf): Update signature.
Use table pointers in `info' parameter.
(get_x_mins): Check `maxp_table'
Use table pointers in `info' parameter.
(reconstruct_font): Use and set table pointers in `info' parameter.
Fix check for `glyf' and `loca' tables.
Update call to `reconstruct_glyf'.
(woff2_open_font): Updated.
* include/freetype/internal/ftmemory.h (FT_MEM_FREE): Use
`FT_DEBUG_INNER' to set source code file name and line.
* src/base/ftdbgmem.c (ft_mem_table_remove): Better formatting of
tracing message.
Also fix memory deallocation in case of error.
`head' problem reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17820
* src/sfnt/sfwoff2.c (reconstruct_glyf): Don't use `stream_close'.
Abort if `head_table' is NULL.
Don't free `transformed_buf' in case of error.
(woff2_open_font): Don't set `uncompressed_buf' to NULL.
The libs which cmake controls are commented out at
include/freetype/config/ftoption.h
and cmake un-comment each enabled library, but the brotli option was
not commented out, therefore `FT_CONFIG_OPTION_USE_BROTLI' remained
defined even if brotli was missing/disabled/etc.
Comment it such that cmake can control it, which means leaving it
undefined if brotli is missing.
* include/freetype/config/ftoption.h: Fix typo.
Extract `version_info' variable from `builds/unix/configure.raw' and
use the data to correctly set `LIBRARY_VERSION' and
`LIBRARY_SOVERSION'.
Also use the data to set `ft_version' field in `freetype2.pc'.
Also fix the needed minimum version of HarfBuzz in `freetype2.pc'.
* src/sfnt/sfwoff2.c (woff2_open_font): Use `FT_UInt32' for
`file_offset'. This fixes builds on platforms where `FT_LONG64' is
not defined while still being sufficient to store a file offset.
If table tag is not 0x3f, we expect a value between 0 and 62. If
this is not the case, exit with errors.
* src/sfnt/sfwoff2/c: Check whether table tag makes sense.
* src/sfnt/woff2tags.c: Return 0 if tag is out of bounds.
`reconstruct_hmtx' requires `info->x_mins' and `info->num_glyphs' to
reconstruct the hmtx table. In case glyf is not transformed, we
call `get_x_mins' which does the necessary work.
* src/sfnt/sfwoff2.c (get_x_mins): New function.
(reconstruct_font): Call get_x_mins.
Set correct value of `face->num_faces' for WOFF2 fonts. This is
being handled separately because we only load the tables for the
requested font face in `woff2_open_font' and create a single-face
sfnt stream.
The full discussion is at:
https://lists.gnu.org/archive/html/freetype-devel/2019-08/msg00000.html
* src/sfnt/sfobjs.c (sfnt_open_font): Add parameter
`woff2_num_faces'.
(sfnt_init_face): Introduce variable `woff2_num_faces', and change
`face->root.num_faces' if `woff2_num_faces' is set.
* src/sfnt/sfwoff2.c (woff2_open_font): Validate requested face
index and handle negative face indices.
* src/sfnt/sfwoff2.h (woff2_open_font): Add parameter `num_faces' to
declaration.
We do this by using `totalSfntSize' as an initial reference, and
extending the buffer when required. This reduces rendering time
considerably.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add
`totalSfntSize', rename `total_sfnt_size' to `actual_sfnt_size'.
* src/sfnt/sfwoff2.c (write_buf): Add parameter `dst_size' to keep
track of and update total size of stream.
(WRITE_SFNT_BUF, WRITE_SFNT_BUF_AT): Modify macros accordingly.
(pad4, store_loca, reconstruct_glyf, reconstruct_hmtx,
reconstruct_font): Update parameters to accept `sfnt_size'.
(woff2_open_font): Add variable `sfnt_size'. Use WOFF2 header field
`totalSfntSize' as initial reference (if value makes sense) and
allocate `totalSfntSize' bytes for the sfnt stream. `write_buf'
handles reallocation if and when required. Also resize the stream
to `actual_sfnt_size' after reconstruction.
Add necessary functions to reconstruct loca and hmtx tables (the two
remaining tables that can have a transform). `woff2_open_font' is
now capable of loading a woff2 font face. This code may still need
more refining and better memory management.
* include/freetype/internal/wofftypes.h (WOFF2_HeaderRec): Add total
(final) size of sfnt stream.
(WOFF2_InfoRec): Add header checksum value.
* src/sfnt/sfobjs.c (sfnt_open_font): Change `face_instance_index'
parameter to its pointer so its value can be modified by
`woff2_open_font'.
* src/sfnt/sfwoff2.c: (WRITE_SFNT_BUF_AT): New macro to write into
sfnt buffer at given position.
(write_buf): Add parameter `extend_buf' which allows caller to
specify whether buffer should be reallocated before copying data.
(WRITE_SFNT_BUF): Updated.
(pad4, store_loca, reconstruct_htmx): New functions.
(reconstruct_glyf): Calculate loca values and store them.
(reconstruct_font): Call `reconstruct_hmtx', write table record
entries, and calculate table checksums. Also calculate font
checksum and update `checksumAdjustment' entry in head table.
(woff2_open_font): Open stream for sfnt buffer, swap out input
stream and return.
* src/sfnt/sfwoff2.h (woff2_open_font): Modify parameter to accept
pointer to `face_index'.