Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10080
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use modulo for loop count, as
documented in the specification.
Triggered by
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10054
* src/truetype/ttgload.c (load_truetype_glyph): Don't use variable
`opened_frame' to trace whether a frame must be closed at the end of
function: This fails because `TT_Vary_Apply_Glyph_Deltas' (which
gets called for space glyphs) uses a frame by itself. Instead,
close the frame after loading the header, then use another frame for
the remaining part of the glyph later on.
Also avoid calling `tt_get_metrics' twice under some circumstances.
* include/freetype/internal/ftcalc.h (ADD_INT64, SUB_INT64,
MUL_INT64, DIV_INT64) [FT_LONG64]: New macros.
* src/base/ftcalc.c (ft_corner_orientation) [FT_LONG64]: Use
`SUB_INT64' and `MUL_INT64'.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10028
* src/truetype/ttgload.c (ON_CURVE_POINT, X_SHORT_VECTOR,
Y_SHORT_VECTOR, REPEAT_FLAG, X_POSITIVE, SAME_X, Y_POSITIVE, SAME_Y,
OVERLAP_SIMPLE): New macros.
(TT_Load_Simple_Glyph): Use new macros to make code more readable.
Remove useless adjustment of `outline->tags' elements.
There is no harm except some umbiguity in broken fonts with duplicate
encodings.
* src/bdf/bdflib.c (_bdf_parse_glyphs): Remove duplicate tracking.
(_bdf_parse_t): Remove large `have' bitfield.
* src/bdf/bdf.h (bdf_font_t): Remove `nmod', `umod', and `modified',
which were set but never used.
* src/bdf/bdflib.c (_bdf_parse_{glyphs,properties}, bdf_load_font):
Updated accordingly.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9864
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_random> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use top dict's
`random' field directly if parsing dictionaries.
It sometimes makes sense to suppress tracing informations, for
example, if it outputs identical messages again and again.
* include/freetype/internal/ftdebug.h: Make `ft_trace_levels' a
pointer.
(FT_Trace_Disable, FT_Trace_Enable): New declarations.
* src/base/ftdebug.c (ft_trace_levels): Rename to...
(ft_trace_levels_enabled): ... this.
(ft_trace_levels_disabled): New array.
(ft_trace_levels): New pointer.
(FT_Trace_Disable, FT_Trace_Enable): Implement.
(ft_debug_init): Updated.
* src/base/ftobjs.c (pixel_modes): Move this array to top level
from ...
(FT_Load_Glyph): ... here.
(FT_Render_Glyph_Internal): Use `width' x `height' in trace message.
Use `pixel_modes'.
Treat all size related properties as unsigned values.
* src/pcf/pcf.h (PCF_ParsePropertyRec): Use unsigned `name' and
`value'.
* src/pcf/pcfread.c (pcf_get_propeerties, pcf_load_font): Updated
parsing code and handling of AVERAGE_WIDTH, POINT_SIZE, PIXEL_SIZE,
RESOLUTION_X and RESOLUTION_Y.
Unofficial specifications hesitate to use unsigned 32-bit integers.
Negative values caused a lot of trouble in the past and it is safer
and easier to treat some properties as unsigned.
* src/pcf/pcf.h (PCF_AccelRec): Use unsigned values for `fontAscent',
`fontDescent', and `maxOverlap'.
* src/pcf/pcfread.c (pcf_load_font, pcf_get_accel): Updated.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load, PCF_Size_Select,
PCF_Size_Request): Updated.
* src/cid/cidload.c: Include FT_INTERNAL_POSTSCRIPT_AUX_H
(cid_load_keyword, cid_parse_font_matrix, parse_fd_array,
parse_expansion_factor, cid_parse_dict): Add tracing calls.
(parse_font_name): New function to trace `/FontName' keywords in
/FDArray dict.
(cid_field_records): Register `parse_font_name'.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Correctly set
`face->doblend' if the current call to the function yields the same
blend coordinates as the previous call.
* src/base/ftutil.c (ft_mem_alloc, ft_mem_realloc): Only call
`FT_MEM_ZERO' if we actually have a buffer.
(ft_mem_dup): Only call `ft_memcpy' if we actually have a buffer.
We no longer use predefined _DLL, which can be defined for static
builds too with /MD. We use DLL_EXPORT and DLL_IMPORT instead,
following libtool convention.
* CMakeLists.txt [WIN32], builds/windows/vc2010/freetype.vcxproj:
Define DLL_EXPORT manually.
* include/freetype/config/ftconfig.h, builds/unix/ftconfig.in,
builds/vms/ftconfig.h, builds/windows/vc2010/index.html,
src/base/ftver.rc: /_DLL/d, s/FT2_DLLIMPORT/DLL_IMPORT/.
For Multiple Masters fonts We don't support intermediate designs;
this implies that
number_of_designs == 2 ^^ number_of_axes
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9557
* src/type1/t1load.c (T1_Open_Face): Ensure above constraint.
(T1_Get_MM_Var): Remove now redundant test.
This code is taken from the type1 module.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9510
* src/cid/cidload.c (parse_fd_array): Set some private dict default
values.
(cid_face_open): Do the sanitizing.
Fix some tracing messages.
This change makes the driver use the `defaultChar' property of PCF
files.
* src/pcf/pcf.h (PCF_FaceRec): Change type of `defaultChar' to
unsigned.
* src/pcf/pcfread.c (pcf_get_encodings): Read `defaultChar' as
unsigned.
Validate `defaultChar'.
If `defaultChar' doesn't point to glyph index zero, swap glyphs with
index zero and index `defaultChar' and adjust the encodings
accordingly.
* src/pcf/pcfdrivr.c (pcf_cmap_char_index, pcf_cmap_char_next,
PCF_Glyph_Load): Undo change from 2002-06-16 which always enforced
the first character in the font to be the default character.
This is a valid encoding tag for BDF, PCF, and Windows FNT, and
there is no reason to disallow it for these formats.
* src/base/ftobjs.c (FT_Select_Charmap): Implement it.
Taken from patch #9667, written by Steve Langasek
<vorlon@debian.org>.
This fixes a build failure (most probably a bug in gcc) on ppc64el
when building with -O3.
It turned out that we incorrectly round CVT and glyph point deltas
before accumulation, leading to severe positioning errors if there
are many delta values to sum up.
Problem reported by Akiem Helmling <akiem@underware.nl> and analyzed
by Behdad.
* src/truetype/ttgxvar.c (ft_var_readpackeddelta): Return deltas in
16.16 format.
(tt_face_var_cvt): Collect deltas in `cvt_deltas', which is a 16.16
format array, and add the accumulated values to the CVT at the end
of the function.
(TT_Vary_Apply_Glyph_Deltas): Store data in `points_org' and
`points_out' in 16.16 format.
Collect deltas in `point_deltas_x' and `point_deltas_y', which are
16.16 format arrays, and add the accumulated values to the glyph
coordinates at the end of the function.
* src/base/ftcalc.c (FT_Matrix_Check): New base function to properly
reject degenerate font matrices.
* include/freetype/internal/ftcalc.h: Updated.
* src/cff/cffparse.c (cff_parse_font_matrix), src/cid/cidload.c
(cid_parse_font_matrix), src/type1/t1load.c (t1_parse_font_matrix),
src/type42/t42parse.c (t42_parse_font_matrix): Use
`FT_Matrix_Check'.
Reported by Alexei.
* src/sfnt/ttcolr.c (tt_face_get_colr_layer): Return immediately if
`colr' is NULL.
* src/sfnt/ttcpal.c (tt_face_palette_set): Return immediately, if
`cpal' is NULL.
This function facilitates access to full capabilities of FreeType
rendering engine for custom glyphs. This can be quite useful for
consistent rendering of mathematical and chemical formulas, e.g.
https://bugs.chromium.org/p/chromium/issues/detail?id=757078
* include/freetype/ftglyph.h, src/base/ftglyph.c (FT_New_Glyph): New
function.
bdflib.c:1562 could be reached with `font->glyphs_used == 0'. That
caused an underflow of the unsigned value which results in undefined
behaviour.
* src/bdf/bdflib.c (src/bdf/bdflib.c): Bail out earlier than before
if the `ENCODING' keyword cannot be found.
Still missing: Support for negative bitmap pitch and subpixel offset
of source bitmap.
* include/freetype/ftbitmap.h, src/base/ftbitmap.c
(FT_Bitmap_Blend): New function.
This solution doesn't store any data in an `FT_GlyphSlot' object.
* include/freetype/freetype.h (FT_LayerIterator): New structure.
(FT_Get_Color_Glyph_Layer): New function.
* include/freetype/internal/sfnt.h (TT_Get_Colr_Layer_Func): New
function type.
(SFNT_Interface, FT_DEFINE_SFNT_INTERFACE): Add it.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Layer): Implement it.
* src/sfnt/ttcolr.c (tt_face_get_colr_layer): New function.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/sfdriver.c (sfnt_interface): Updated.
* src/sfnt/sfdriver.c: Include `ttcpal.h'.
* src/sfnt/sfnt.c: Include `ttcpal.c'.
* src/sfnt/ttcolr.c, src/sfnt/ttcolr.h: Move CPAL stuff to ...
* src/sfnt/ttcpal.c, src/sfnt/ttcpal.c: ... these new files.
* src/sfnt/Jamfile (_sources), src/sfnt/rules.mk (SFNT_DRV_SRC):
Updated.
* include/freetype/internal/fttrace.h: Add support for `colr' and
`cpal'.
Sort entries.
* src/sfnt/ttcolr.c (tt_face_find_color): Removed.
(tt_face_colr_blend_layer): Use `face->palette' instead of calling
`tt_face_find_color'.
Use and set text foreground color.
* src/sfnt/ttcolr.c (tt_face_palette_set): New function.
(tt_face_load_colr): Allocate `face->palette' and call
`tt_face_palette_set'.
Adjust return error code in case of error.
* src/sfnt/ttcolr.h: Updated.
* include/freetype/internal/sfnt.h (TT_Set_Palette_Func): New
function type.
(SFNT_Interface, FT_DEFINE_SFNT_INTERFACE): Add it.
* src/sfnt/sfdriver.c (sfnt_interface), src/sfnt/sfobjs.c
(sfnt_done_face): Updated.
* src/raster/ftraster.c (black_TWorker, SCALED, Set_High_Precision):
Clean up after 5-level gray removal (8dc8635874).
(Vertical_Sweep_Span): Be brief.
This might be needed to build FreeType for the iOS simulator. See
https://savannah.nongnu.org/bugs/index.php?54048. Patch contributed
by Steve Robinson.
* CMakeLists.txt: Accept IOS_PLATFORM=SIMULATOR64
* include/freetype/internal.tttypes.h: Include FT_COLOR_H.
(TT_FaceRec): Add `palette' field.
* src/sfnt/ttcolr.c: Include FT_COLOR_H.
(Cpal): Remove all data covered by the new `palette' field in
`TT_FaceRec'.
(tt_face_load_colr): Updated.
Read `CPAL' version 1 data.
(tt_face_load_colr_layers, tt_face_find_color): Updated.
* src/sfnt/sfobjs.c (sfnt_done_face): Free glyph color palette data.
This introduces `FT_Library_SetLcdGeometry' for setting up arbitrary
LCD subpixel geometry including non-striped patterns.
* src/base/ftlcdfil.c (FT_Library_SetLcdGeometry): New function.
* include/freetype/ftlcdfil.h: Document it.
* include/freetype/freetype.h: Minor.
* include/freetype/ftchapters.h: Minor.
While going to implement it I noticed that I need access to most of
the `CPAL' elements; I thus plan to add a `cpal' field to
`TT_FaceRec', which makes most of the previously suggested API
functions obsolete because the fields will be directly accessable.
* src/raster/ftraster.c [STANDALONE] (FT_Outline_Get_CBox): Add
function.
[!STANDALONE]: Include FT_OUTLINE_H.
(ft_black_render): Compute CBox and reject glyphs larger than
0xFFFF x 0xFFFF.
* src/smooth/ftgrays.c (gray_raster_render): Reject glyphs larger
than 0xFFFF x 0xFFFF.
The robust rendering of estra large glyphs came with unbearable cost.
The old way of bisecting should fail but fail faster.
* src/smooth/ftgrays.c (gray_convert_glyph): Switch back to bisecting
in y-direction.
The declaration of `edge2' can be reached with `edge1 == NULL' and
`axis->edges == 0' which results in undefined behaviour.
* src/autofit/afloader.c (af_loader_load_glyph): Initialise `edge2'
after checking `axis->num_edges > 1'. `edge1 != NULL' can be assumed.
* include/freetype/config/ftheader.h (FT_COLOR_H): New macro.
* include/freetype/internal/ftobjs.h (FT_Colr_Internal): Change
type of `load_flags' to `FT_Int32'.
* include/freetype/internal/sfnt.h (TT_Load_Colr_Layer_Func): Change
type of `idx' to `FT_UInt'.
(TT_Blend_Colr_Func): Change type of `color_index' to `FT_UInt'.
* src/base/ftobjs.c (FT_Render_Glyph_Internal): Change type of
`load_flags' to `FT_Int32'.
* src/sfnt/ttcolr.c (find_base_glyph_record,
tt_face_load_colr_layers): Change type of `glyph_id' to `FT_UInt'.
(tt_face_find_color, tt_face_colr_blend_layer): Change type of
`color_index' to `FT_UInt'.
Fix signedness and type issues.
* src/sfnt/ttcolr.h: Updated.
This platform uses backslashes for paths, which docmaker didn't
understand correctly.
* src/tools/docmaker/tohtml.py (HtmlFormatter::blockEnter): Use
`os.path.normpath' to normalize the path for the platform being
used.
This generalizes magic outline shifts that make Harmony LCD
rendering work in terms of precise two-dimensional RGB subpixel
positions. These coordinates are now set in time of the `smooth'
module initialization and later used to shift a glyph outline for
rendering. FT_RENDER_MODE_LCD and FT_RENDER_MODE_LCD_V use the same
coordinates. The letter, however, rotates them before using.
The LCD bitmap padding is also calculated using these coordinates.
* include/freetype/internal/ftobjs.h (FT_LibraryRec): New array field
`lcd_geometry'.
* src/base/ftlcdfil.c (ft_lcd_padding): Reworked.
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): Updated accordingly.
* src/smooth/ftsmooth.c [!FT_CONFIG_OPTION_SUBPIXEL_RENDERING]
(ft_smooth_init): Initialize `lcd_geometry'.
(ft_smooth_render_generic): Formalize outline shifts.
* include/freetype/internal/ftobjs.h (FT_Glyph_LayerRec): Move this
structure to...
* include/freetype/freetype.h (FT_Glyph_LayerRec): ... this
header file.
(FT_Glyph_Layer): New typedef.
Update code to use it where appropriate.
* src/base/ftobjs.c (FT_Get_GlyphLayers): New function.
It is rather fundamental to set monochrome bitmap based on rounded
CBox because the b/w rasterizer turns on pixels when their centers are
inside the glyph outline. The dropout control is unpredictable and can
distort narrow glyphs if the bitmap is too wide.
Reported by Chris Liddell.
* src/base/ftobjs.c (ft_glyphslot_preset_bitmap): If BBox boundaries
are too close, adjust them before rounding.
* src/truetype/ttgload.c (TT_Load_Glyph): Free old `layers' array
before reassigning allocated memory.
Only allocate `color_layers' if we don't have one already.
* src/sfnt/ttcolr.c (tt_face_load_colr_layers): Return FT_Err_Ok if
current glyph is not a `COLR' base glyph.
* src/truetype/ttgload.c (TT_Load_Glyph): Don't allocate
`color_layers' if there are no color layers.