Problem reported by Markus Trippelsdorf <markus@trippelsdorf.de> and
Nikolaus Waxweiler <madigens@gmail.com>.
* src/base/ftobjs.c (FT_Request_Size): Trigger recomputation of
auto-hinter metrics. Without this change, multiple size changing
calls for a single face fail.
This mode uses fractional advance widths and doesn't scale glyphs
horizontally, only applying vertical scaling and hinting.
At the same time, the behaviour of the `light' auto-hinter gets
restored for backwards compatibility: Both vertical and horizontal
scaling is again based on rounded metrics values (this was changed
in a commit from 2017-03-30 as a side effect). To be more precise,
the behaviour is restored for TrueType fonts only; for other font
formats like Type 1, this is a new feature of the `light' hinting
mode.
* include/freetype/freetype.h (FT_LOAD_TARGET_SLIGHT): New macro.
(FT_RENDER_MODE_SLIGHT): New render mode.
* include/freetype/internal/ftobjs.h (FT_Size_InternalRec): Add
`autohint_mode' and `autohint_metrics' fields.
* src/autofit/afcjk.c (af_cjk_hints_init), src/autofit/aflatin.c
(af_latin_hints_init), src/autofit/aflatin2 (af_latin2_hints_init):
Updated.
* src/autofit/afloader.c (af_loader_embolden_glyph_in_slot): Use
`autohint_metrics'.
(af_loader_load_glyph): s/internal/slot_internal/.
Initialize `autohint_metrics' and `autohint_mode' depending on
current auto-hint mode.
Use `autohint_metrics'.
Updated.
* src/base/ftadvanc.c (LOAD_ADVANCE_FAST_CHECK): Updated.
* src/base/ftobjs.c (FT_Load_Glyph): Updated.
(FT_New_Size): Allocate `internal' object.
* src/pshinter/pshalgo.c (ps_hints_apply): Updated.
* src/smooth/ftsmooth.c (ft_smooth_render): Updated.
We are going to extend this later on.
* include/freetype/internal/ftobjs.h (FT_Size_InternalRec): New
structure with a single field `module_data'.
* src/base/ftobjs.c (FT_New_Size): Allocate `internal' field of
`FT_Size' structure.
* src/cff/cffgload.c (cff_builder_init, cff_decoder_prepare): Use
`size->internal->module_data' instead of `size->internal'.
* src/cff/cffobjs.c (cff_size_done): Deallocate `module_data'.
(cff_size_init, cff_size_select, cff_size_request): Use
`size->internal->module_data' instead of `size->internal'.
* src/cif/cidobjs.c (cid_size_done, cid_size_init,
cid_size_request): Use `size->internal->module_data' instead of
`size->internal'.
* src/psaux/psobjs.c (t1_builder_ini): Use
`size->internal->module_data' instead of `size->internal'.
* src/type1/t1objs.c (T1_Size_Done, T1_Size_Init, T1_Size_Request):
Use `size->internal->module_data' instead of `size->internal'.
This commit provides the framework, to be filled with something
useful in the next commits.
* include/freetype/freetype.h (FT_Face_Properties): Declare.
* src/base/ftobjs.c (FT_Face_Properties): New function.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=304
* src/base/ftobjs.c (FT_Open_Face): Code moved to...
(ft_open_face_internal): ... this function.
Add a parameter to control whether we try special Mac font handling
in case of failure.
(FT_Open_Face, FT_New_Face, FT_New_Memory_Face,
open_face_from_buffer): Use `ft_open_face_internal'.
* src/base/ftobjs.c (FT_Open_Face): Return info on number of
available faces and numbered instances, or the indices of the
requested face and numbered instance.
* src/sfnt/sfobjs. (sfnt_open_font): Trace number of subfonts.
It can now differentiate between local and global searches.
* src/base/ftobjs.c (ft_module_get_service): Add `global' argument.
(FT_Get_TrueType_Engine_Type): Updated.
* src/cff/cffdrivr.c (cff_get_ps_name, cff_get_cmap_info): Updated.
* include/freetype/internal/ftobjs.h: Updated.
* include/freetype/internal/ftserv.h (FT_FACE_FIND_GLOBAL_SERVICE):
Updated.
`FT_Load_Glyph' doesn't generate a bitmap for a non-bitmap glyph
until the user calls `FT_Render_Glyph'. However, it always
allocates memory for bitmaps and copies or decodes the contents of a
bitmap glyph, which can be quite slow for PNG data.
* include/freetype/freetype.h (FT_LOAD_BITMAP_METRICS_ONLY): New
macro.
* src/base/ftobjs.c (FT_Load_Glyph): Unset FT_LOAD_RENDER if
FT_LOAD_BITMAP_METRICS_ONLY is used.
* src/sfnt/ttsbit.c (tt_sbit_decoder_alloc_bitmap,
tt_sbit_decoder_load_bitmap): Add argument to control allocation of
the glyph slot.
(tt_sbit_decoder_load_image, tt_sbit_decoder_load_compound,
tt_face_load_sbit_image): Updated.
* src/pcf/pcfdrivr.c (PCF_Glyph_Load): Quickly exit if
`FT_LOAD_BITMAP_METRICS_ONLY' is set.
* src/pfr/pfrsbit.c, src/pfr/pfrsbit.h (pfr_slot_load_bitmap): Add
argument to control allocation of the glyph slot.
* src/pfr/pfrobjs (pfr_slot_load): Updated.
* src/winfonts/winfnt.c (FNT_Load_Glyph): Ditto.
* docs/CHANGES: Updated.
FreeType tries to sanitize strike header data; we now reject
completely broken ones.
* include/freetype/internal/tttypes.h (TT_FaceRec): New
`sbit_strike_map' array pointer.
* src/base/ftobjs.c (FT_Match_Size): Reject matches where either
width or height would be zero.
Add tracing message in case of error.
* src/sfnt/sfobjs.c (sfnt_load_face): Populate `sbit_strike_map',
only using (more or less) valid strike header data for
FT_Face's `available_sizes' array.
(sfnt_done_face): Updated.
* src/sfnt/ttsbit.c (tt_face_set_sbit_strike): Use
`sbit_strike_map'.
(tt_face_load_strike_metrics): Improve tracing.
* src/truetype/ttdriver.c (tt_size_select): Use `sbit_strike_map'.
* src/base/ftobjs.c (FT_Open_Face): Check whether negation was
actually successful. For example, this can fail for value
-32768 if the type is `signed short'. If there are problems,
disable the stroke.
This is a preparation for handling an `FREETYPE_PROPERTIES'
environment variable to control (some) driver properties.
No change in functionality.
* src/base/ftobjs.c (ft_property_do): Add `value_is_string'
parameter.
(ft_property_string_set): New function.
(FT_Property_Set, FT_Property_Get): Updated.
* include/freetype/internal/ftobjs.h: Updated.
* include/freetype/internal/services/svprop.h
(FT_Properties_SetFunc): Add `value_is_string' parameter.
* src/autofit/afmodule.c (af_property_set), src/cff/cffdrivr.c
(cff_property_set), src/truetype/ttdriver.c (tt_property_set):
Updated, emitting an error currently if `value_is_string' is set.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream):
`ft_lookup_PS_in_sfnt_stream' returns offset and and length from
user supplied data. Use of this these values must be checked.
Both the native CFF hinter and the auto-hinter now have a very
similar rendering style.
* include/freetype/freetype.h: Mention that FT_LOAD_TARGET_LIGHT no
longer implies FT_LOAD_FORCE_AUTOHINT.
* include/freetype/ftmodapi.h (FT_MODULE_DRIVER_HINTS_LIGHTLY): New
macro.
* include/freetype/internal/ftobjs.h (FT_DRIVER_HINTS_LIGHTLY): New
macro.
* src/cff/cffdrivr.c (cff_driver_class): Use it.
* src/base/ftobjs.c (FT_Load_Glyph): Update auto-hinter selection
logic.
open_face_from_buffer() frees passed buffer if valid font
is not found. But if copying to the buffer is failed,
the allocated buffer should be freed within the caller.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free
the buffer `sfnt_ps' if an error caused before calling
open_face_from_buffer().
(Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if
an error caused before calling open_face_from_buffer();
* src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds
glyph indices.
(FT_Get_First_Char): Updated.
* src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character
codes greater than 0xFFFF.
(tt_cmap8_char_index): Avoid integer overflow in computation of
glyph index.
(tt_cmap8_char_next): Avoid integer overflows in computation of
both next character code and glyph index.
(tt_cmap10_char_index): Fix unsigned integer logic.
(tt_cmap10_char_next): Avoid integer overflow in computation of
next character code.
(tt_cmap12_next): Avoid integer overflows in computation of both
next character code and glyph index.
(tt_cmap12_char_map_binary): Ditto.
(tt_cmap12_char_next): Simplify.
(tt_cmap13_char_map_binary): Avoid integer overflow in computation
of next character code.
(tt_cmap13_char_next): Simplify.
* src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length
of the resource fork for Mac OS. The resource fork larger
than 16 MB can be written but could not be handled
correctly, at least in Carbon routine.
See https://support.microsoft.com/en-us/kb/130437
* src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x'
for `%p' formatter.
* src/base/ftbase.c (Mac_Read_POST_Resource): Check the
fragment and total size of the concatenated POST resource
before buffer allocation.
(Mac_Read_sfnt_Resource): Check the declared size of
sfnt resource before buffer allocation.
* src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT):
Check the total resource size before buffer allocation.
For functions querying a face, bits 16-30 of the face index can hold
the named instance index if we have a GX font. The indices start
with value 1; value 0 indicates font access without GX variation
data.
* include/freetype/freetype.h (FT_FaceRec): Update documentation.
* include/freetype/internal/sfnt.h: Ditto.
* src/sfnt/sfobjs.c (sfnt_init_face)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Get number of named instances and
do argument checks.
(sfnt_load_face): Updated.
* src/truetype/ttobjs.c (tt_face_init)
[TT_CONFIG_OPTION_GX_VAR_SUPPORT]: Use named instance, overwriting
the style name.
* src/base/ftobjs.c (open_face_from_buffer,
open_face_PS_from_sfnt_stream): Updated.
* src/bdf/bdfdrivr.c (BDF_Face_Init): Updated.
* src/cff/cffload.c (cff_font_load): Updated.
* src/cff/cffobjs.c (cff_face_init): Make function exit early for
pure CFF fonts if `font_index < 0'.
Updated.
* src/cid/cidobjs.c (cid_face_init): Updated.
* src/pcf/pcfdrivr.c (PCF_Face_Init): Updated.
* src/pfr/pfrobjs.c (pfr_face_init): Updated.
* src/type1/t1objs.c (T1_Face_Init): Updated.
* src/type42/t42objs.c (T42_Face_Init): Updated.
* src/winfonts/winfnt.c (fnt_face_get_dll_font, FNT_Face_Init):
Updated.
* docs/CHANGES: Updated.
