* src/sfnt/ttcolr.c (read_paint): Implement spec change where
affine transform matrix is now referenced by offset instead of
being placed inline in the PaintTransform table.
* src/sfnt/ttcolr.c (read_paint): Implement spec changes around
PaintSkew, PaintSkewAroundCenter. Update parsing to read shorter
values as changed in the spec.
* include/freetype/ftcolor.h (FT_PaintSkew): Update documentation.
* src/sfnt/ttcolr.c (read_paint): Implement spec change where
PaintRotate and PaintRotateAroundCenter were split for a more
compact format definition. Update parsing to read shorter values
as changed in the spec.
* include/freetype/ftcolor.h (FT_PaintRotate): Update documentation.
==========================
Tag sources with `VER-2-11-0'.
* docs/VERSION.TXT: Add entry for version 2.11.0.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/index.html, docs/freetype-config.1:
s/2.10.4/2.11.0/, s/2104/2110/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 11.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:0:18.
* CMakeLists.txt (VERSION_MINOR): Set to 11.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (dist): Ignore more git-related files.
'COLR' v1 fonts do not necessarily need to have a layer list; for
this reason, 'fontTools' recently started generating fonts in a way
that drops the layer list if there are no layers in it. This
results in the layer list offset becoming zero, which FreeType
treated as an invalid table. Fix that and handle the case for layer
list offset being 0. This slightly changes how we need to calculate
the starting offset for paints.
* src/sfnt/ttcolr.c (tt_face_load_colr): Handle case of layer list
offset being zero without outright rejecting table.
Paint tables can appear before the `base_glyphs_v1` offset if the
font is produced with the layer list before the base glyph list. In
this case paint tables can occur after the layer list but before the
base glyph list. Checks in the 'COLR' v1 code were rejecting fonts
with this layout. Improve these checks by calculating a minimum
offset after which paint tables can occur and use that in safety
checks.
* src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare
`paint_start_v1` and calculate that as the minimum of the end of
layer list and base glyph list.
(get_child_table_pointer, read_paint, tt_face_get_paint_layers):
Use that in safety checks.
* include/freetype/ftcolor.h (FT_PaintTransformed, FT_PaintFormat,
FT_COLR_Paint): Do it to make it harmonize with other names such as
'PaintTranslate'.
* src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the
existing sanity checks, ensure that the pointer to the layer to be
read is within the 'COLR' v1 table.
Fixes timeout (#1055) analyzed by Ben Wagner, reported as
https://crbug.com/1194092
* src/sfnt/ttload.c (tt_face_load_post): Check POST format.
* src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode
charmap only if the glyph names exist.
* src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and
".null".
To reduce memory allocations, we read an entire Pascal-string buffer
and convert it to a C-string buffer. We also reject tables with
Postscript glyph names exceeding 63 bytes.
* src/sfnt/ttpost.c (load_format20): Implement it.
(load_post_names): Check the minimal POST table size.
(load_format25, tt_face_free_ps_names): Updated accordingly.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string,
sfnt_get_var_ps_name): Do not zero out the buffer.
* src/sfnt/sfobjs.c (sfnt_init_face): Ditto.
* src/sfnt/sfwoff.c (woff_open_font): Ditto.
* src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): Do not output
layer pointer to iterator if it is outside the 'COLR' table.
(read_paint): Do not attempt to read layers that are outside the
table.
* src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch
child table pointer early for all paint formats that compute a child
table pointer.
(read_color_line, read_paint): Updated.
(tt_face_get_colorline_stops): Check `colr->table`.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
Memory is allocated and the pointer assigned to `rows` inside a
'setjmp' scope. This memory must be freed outside the 'setjmp'
scope after a 'longjmp'. Since `rows` is a local and modified
inside the 'setjmp' scope it must be marked volatile or it will have
an indeterminate value after the 'longjmp'.
* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
This change fixes a crash that occurs in `Load_SBit_Png` when
running on a 64-bit Windows OS. A memory access violation exception
would be raised by `setjmp` if the `jmp_buf` is not aligned to a
16-byte memory boundary. This is due to setjmp executing `movdqa`
instructions to store 128-bit XMM registers to memory, which require
correct memory alignment. This problem occurs because
`png_create_read_struct` uses `malloc` and `free` for memory
management, which only guarantees 8-byte alignment on Windows.
Instead, to fix the problem, `png_create_read_struct_2` is used on
64-bit Windows, which allows for user-defined memory allocation and
deallocation callbacks to be specified. These callbacks forward the
allocation and deallocation requests to `_aligned_alloc` and
`_aligned_free`, ensuring that the allocated `png_struct` and
internal `jmp_buf` have the requisite 16-byte alignment.
* src/sfnt/pngshim.c <_WIN64>: Include `malloc.h`.
(malloc_callback, free_callback) <_WIN64>: New functions.
(Load_SBit_Png) <_WIN64>: Use `png_create_read_struct_2` instead of
`png_create_read_struct`
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28148
* src/sfnt/sfwoff2.c (woff2_open_font): Reject fonts that have
multiple tables with the same tag. While not explicitly forbidden
in the OpenType specification, it is implicitly forbidden by
describing a binary search algorithm for tables that only works
reliably if table tags are unique.
* freetype.h (FT_PaintFormat): Update paint format identifiers after
a specification change. The specification was updated to have
sibling formats, variable and non-variable variants for each.
Reflect that here.
* sfnt/ttcolr.c (read_paint): Remove parsing of variable indices as
the non-variable formats no longer have them.
* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Add new macro.
* src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c,
src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c,
src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks.
Fixes#1026 when compiling FreeType with an unusual calling convention
while the C library qsort still expects cdecl.
* include/freetype/freetype.h (FT_Get_Color_Glyph_Paint):
Additional function argument root_transform to control whether
root transform should be returned.
(FT_OpaquePaint): Additional tracking field to denote whether
root transform is to be returned.
* include/freetype/internal/sfnt.h
(TT_Get_Color_Glyph_Paint_Func): Propagate additional argument.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Paint): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_colr_glyph_paint): Return root
transform reflecting the size and tranform configured on
FT_Face.
(read_paint): Initialize and track status of insert_root_transform
flag.
This ensures good logging output, with all lines having a proper
prefix (if requested).
This is a continuation of a similar patch from 2020-12-02, which
missed some locations.
* sfnt/ttcolr.c (tt_face_get_colr_glyph_paint,
tt_face_get_colorline_stops, tt_face_get_paint): Additional checks
for whether colr table is present. Prevents crashes when these
methods are called on non-COLR fonts.
* include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_Paint_Func,
TT_Get_Paint_Layers_Func, TT_Get_Colorline_Stops_Func,
TT_Get_Paint_Func): New function pointer types.
(SFNT_Interface): Add them.
(FT_DEFINE_SFNT_INTERFACE): Updated.
* src/sfnt/sfdriver.c (PUT_COLOR_LAYERS_V1): New macro.
(sfnt_interface): Add new function pointers.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): New function to get
the layers of a `PaintColrLayers` table in the font, using an
`FT_LayerIterator` from an `FT_PaintColrLayers` object retrieved via
`tt_face_get_paint`.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_colorline_stops): New function to
return the current `FT_ColorStop` object from `FT_ColorStopIterator`.
Also increment the iterator.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_paint): New function to resolve an
`FT_OpaquePaint` paint reference into an `FT_COLR_Paint` object of a
certain format, which contains the detailed information stored in a
paint of the respective format.
(read_paint): New function to provide the format specific parsing
and to populate the data members of each specific `FT_COLR_Paint`
subtype.
(read_color_line): New function to parse retrieved color line
information into an `FT_ColorLine` object, which has information
about the color line extend mode as well as an
`FT_ColorStopIterator` object.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (BaseGlyphV1Record): New structure.
(tt_face_load_colr): Handle version 1 table header.
(find_base_glyph_v1_record): New auxiliary function.
(tt_face_get_colr_glyph_paint): New function to find the root
`FT_OpaquePaint` object for a given glyph ID.
* src/sfnt/ttcolr.h: Updated.
