`FT_NEW_ARRAY(p, 0)` sets `p` to `NULL`. `FT_Stream_ReadAt` with a
memory based stream uses `FT_MEM_COPY` which is `memcpy` which specifies
that it is undefined behavior for either the `src` or `dst` to be
`NULL`. Instead of forcing all callers work around calling
`FT_Stream_Read` when `buffer == NULL && count == 0` do the check in
`FT_StreamRead`. This allows any call with `count == 0` to succesfully
read zero bytes without UB.
* src/base/ftstream.c (FT_Stream_ReadAt): skip `FT_MEM_COPY` when
`count == 0`. (FT_Stream_TryRead): ditto
Fixes: #1250
The values read into `base_glyphs_offset_v1` and `layer_offset_v1` may
be in the range 0xFFFFFFFD-0xFFFFFFFF. On systems where `unsigned long`
is 32 bits adding 4 to such values will wrap and pass bounds checks but
accessing values at such offsets will be out of bounds.
On the other hand `table_size` has already been tested to be at least
`COLRV1_HEADER_SIZE` (34) so it is safe to subtract 4 from it.
* src/sfnt/ttcolr.c (tt_face_load_colr): subtract 4 from `table_size`
instead of adding 4 to font data offsets in bounds checks
Fixes: https://crbug.com/1469348
This is a fix for commit 85167dbd5, reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60615
* src/sfnt/sfwoff2.c (MAX_SFNT_SIZE): New macro.
(woff2_open_font): Use it to limit the maximum size of an uncompressed WOFF2
font.
In WOFF the `totalSfntSize` must be correct, however in WOFF2 this value
is now just a hint and a conforming implementation must not reject
otherwise valid data if the `totalSfntSize` turns out not to be exact.
* src/sfnt/sfwoff2.c (woff2_open_font): remove check that uncompressed
woff2 data would fit in the sfnt size guess.
Fixes: #1235
The CFF2 blend operator takes N default values and corresponding
sets of deltas and pushes N values specific to a designspace
location. CFF has a floating point numeric type and the FreeType
blending code was not converting those into its internal 16.16
Fixed type format.
Fixes#1243.
* src/cff/cffparse.c (do_fixed): Handle floating point numbers.
Also fix scaling overflow check for integer-to-fixed conversion.
* src/cff/cffload.c (cff_blend_doBlend): Updated.
This is a follow-up to commit 49c74ac02, which creates a new local variable
"exec = loader->exec", and shortening a lot of "loader->exec". This commit
does two more such changes missed in that first commit.
Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>
`src/gzip/rules.mk` compiles the internal zlib sources even when using the
zlib development files provided by a host system. If the internal zlib
development files are not present, FreeType fails to build from source.
This patch ensures the internal zlib development files are only
prerequisites when not using zlib development files on a host system.
* src/gzip/rules.mk (GZIP_DRV_SRCS): Define conditionally.
This is a refinement of commit 7b3ebb9.
* src/sdf/ftsdfrend.c (ft_sdf_render): Goto 'Exit' instead of directly
returning.
(fd_bsdf_render): Ditto, also taking care of setting `FT_GLYPH_OWN_BITMAP`
correctly.
`FT_Fixed` and `FT_Long` are both typedef'ed to be `signed long`. However,
`FT_Fixed` implies that the lower 16 bits are being used to express
fractional values and so these two types should not be confused.
* include/freetype/internal/services/svmm.h (FT_Set_MM_Blend_Func): Use
`FT_Fixed` for `coords`. Users are passing `FT_Fixed` and implementations
are taking `FT_Fixed`.
(FT_Get_MM_Blend_Func): Ditto.
* src/autofit/afcjk.c (af_cjk_metrics_check_digits): Use `FT_Long` for
`advance` and `old_advance`. `advance`'s address is passed as `FT_Long*` to
`af_shaper_get_elem`, which writes the advance in em units (not fixed). The
exact value is not important here as it is only compared to check whether it
has changed.
* src/autofit/aflatin.c (af_latin_metrics_check_digits): Ditto.
In C it is undefined behavior to call a function through a function pointer
of a different type. This is now detected by the Control Flow Integrity
Sanitizer. All known issues have already been fixed. Prevent any
accidental re-introduction by removing function pointer casts when defining
services. The services will call the service functions through the function
pointers on the service. As a result the functions must have the same type
so there should be no need to cast. Removing the casts allows compilers to
warn about assignment to an incompatible function pointer type.
`deltaSet` is an array of packed integers that can be 32 bits, 16 bits, or
8 bits. Before this change, these values were unpacked to 32-bit integers.
However, this can cause big heap allocations, e.g., around 500 KByte for
'NotoSansCJK'. To reduce this amount, store the packed integers and unpack
them just before passing to the calculation. At calculation time, due to
the variable length of region indices, temporary heap allocations are
necessary. This heap allocation is not negligible and visible in `ftbench`
results. So, use stack-allocated arrays for short array calculations.
Fixes#1230.
* include/freetype/internal/ftmmtypes.h (GX_ItemVarDataRec): New fields
`wordDeltaCount` and `longWords`.
* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Load packed
data.
(tt_var_get_item_delta): Unpack data before applying.
Modern color fonts often contain both an 'SVG' and 'COLR' table. FreeType
always preferred 'SVG' over 'COLR' (this was a design decision), however,
this might not be the right choice for the user. The new flags makes
FreeType ignore the 'SVG' table while loading a glyph.
Fixes#1229.
* include/freetype/freetype.h (FT_LOAD_NO_SVG): New macro.
* src/base/ftobjs.c (FT_Load_Glyph), src/cff/cffgload.c (cff_slot_load),
src/truetype/ttgload.c (TT_Load_Glyph): Use it.
Instead of counting entries relative to the middle of the hash table,
this switches to the absolute counter with the full index range mask.
As a result, some calculations become a bit simpler. The cache resizing
logic stays largely the same.
* src/cache/ftccache.h (FTC_NODE_TOP_FOR_HASH): Revised with new counter.
* src/cache/ftccache.c (ftc_get_top_node_for_hash): Ditto.
(ftc_cache_resize): Simplify reallocations and stop their zeroing.
(ftc_cache_init): Stop over-allocating but keep zeroing initially.
(FTC_Cache_Clear, FTC_Cache_RemoveFaceID): Updated accordingly.
* cidobjs.c (cid_face_init): Set FT_FACE_FLAG_CID_KEYED.
* cidriver.c (cid_get_is_cid): Comment about the case that
is_cid cannot guarantee the glyph collection specification.
* src/cache/ftcglyph.c, src/cache/ftcglyph.h (FTC_GNode_Compare): Remove
redundant function. It is equivalent to `ftc_gnode_compare` and becomes
completely meaningless with fixed signatures.
Update all callers.
* src/cache/ftcsbits.c, src/cache/ftcsbits.h (FTC_SNode_Compare): Remove
redundant function. It is equivalent to `ftc_snode_compare` and becomes
completely meaningless with fixed signatures.
Update all callers.
* src/pshinter/pshrec.c (t1_hints_close, t1_hints_apply): New wrapper
functions.
(t1_hints_funcs_init): Use them.
(t2_hints_close, t2_hints_apply): New wrapper functions.
(t2_hints_funcs_init): Use them.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
* src/sfnt/sfdriver.c (sfnt_load_table): New wrapper function.
(sfnt_service_sfnt_table): Use it.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
* include/freetype/internal/tttypes.h (TT_FaceRec): New field
`non_var_style_name`.
* src/sfnt/sfobjs.c (sfnt_load_face): Initialize `non_var_style_name`.
(sfnt_done_face): Free `non_var_style_name`.
* src/truetype/ttgxvar.c (TT_Set_Named_Instance): Restore non-VF style name
if switching back to non-VF mode.
A variation font's PostScript name of a named instance is usually different
from the PostScript name of an unnamed instance. However, if a change
between a named instance and an unnamed instance with exactly the same
design axis values happened, it was possible that the PostScript name wasn't
correctly updated.
This commit reorganizes the code to handle this issue within the top-level
API functions, using a new service to trigger recomputation of the
PostScript name.
* include/freetype/internal/services/svmm.h (FT_Construct_PS_Name_Func): New
typedef.
(FT_Service_MultiMasters): New field `construct_ps_name`.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
* src/base/ftmm.c (FT_Set_Var_Design_Coordinates,
FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Call
`mm->construct_ps_name` to handle `postscript_name`.
(FT_Set_Named_Instance): Call `mm->construct_ps_name` to handle
`postscript_name`.
Use shortcut.
* src/cff/cffdrivr.c (cff_construct_ps_name): New function.
(cff_service_multi_masters): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Don't handle `postscript_name`.
(TT_Set_MM_Blend): Simplify.
(TT_Set_Named_Instance): Return -1 if axis values haven't changed.
Don't set `face_index`.
(tt_construct_ps_name): New function.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
* src/type1/t1driver.c (t1_service_multi_masters): Updated.
* src/type1/t1load.c (T1_Set_MM_Blend): Simplify.
According to the documentation, the functions `FT_Set_Named_Instance`,
`FT_Set_MM_Design_Coordinates`, `FT_Set_Var_Design_Coordinates`, and
`FT_Set_Var_Blend_Coordinates` can unset the `FT_FACE_FLAG_VARIATION` flag.
(The same is true for `FT_Set_MM_WeightVector` but this information was
accidentally omitted from the documentation.)
However, if a call of these functions didn't change the axis values this
could fail because internal shortcuts exited too early.
This commit reorganizes the code to handle `FT_FACE_FLAG_VARIATION` in the
top-level API functions, also taking care of the issue at hand.
* src/base/ftmm.c (FT_Set_MM_Design_Coordinates, FT_Set_MM_WeightVector,
FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates,
FT_Set_Var_Blend_Coordinates): Handle `FT_FACE_FLAG_VARIATION`.
* src/truetype/ttgxvar.c (TT_Set_MM_Blend, TT_Set_Var_Design,
TT_Set_Named_Instance) Don't handle `FT_FACE_FLAG_VARIATION`.
* src/type1/t1load.c (T1_Set_MM_Blend, T1_Set_MM_WeightVector,
T1_Set_MM_Design): Ditto.
* src/cff/cffobjs.c (cff_face_init): Use `FT_Set_Named_Instance` instead of
low-level functions.
* src/truetype/ttobjs.c (tt_face_init): Ditto.
* src/cache/ftcmru.c (FTC_MruList_RemoveSelection): Use one loop to
do it.
* src/cache/ftcmanag.c (FTC_Manager_Compress, FTC_Manager_FlushN):
Streamline loops.
Update cid_get_cid_from_glyph_index() to
return an error and CID=0 in the case that
the specified glyph index points to an invalid
entry.
cidgload.h (cid_compute_fd_and_offsets):
Declare new helper function to set the
fd_select and 2 offsets to access the glyph
description data.
cidgload.c (cid_compute_fd_and_offsets):
Move the part loading fd_select and 2 offsets
from cid_load_glyph() to here. If the loaded
parameters are broken, return the Invalid_Offset
error. This function does not load the glyph
data, only fills these parameters.
(cid_load_glyph): Use new helper function in above.
cidriver.c (cid_get_cid_from_glyph_index):
Check whether the requested glyph index points
to a valid entry, by calling cid_compute_fd_and_offsets().
If it is valid, fill the cid by the glyph
index (=CID). If it is invalid, return an
error and fill the cid by 0.
The situation can happen if `FT_New_Face` (or one of its siblings) is called
with a negative index to get the number of contained faces, followed
immediately by a call to `FT_Get_Postscript_Name`. While this is not a valid
use of the FreeType library there is no need for a crash.
Fixes#1219.
The t1cid driver catches 3 types of errors in
the charstrings retrieval;
A) The invalid FD number, there are 2 subtypes;
A-1) FD number is the maximum number fitting to FDBytes.
A-2) FD number is greater than num_dicts.
B) Declared length is overrunning.
C) Declared length is invalid (its end is before its head).
Considering that some widely distributed fonts
(e.g., "CJKV" book by O'Reilly) have A-1 errors
in the unimplemented glyphs, the trace level for
A-1 is calmed to level 1.
The errors A-2, B, and C would be irregular;
their trace levels are kept at level 0, but
the updated trace messages include the CID number.
The `MetricsVariations` `FT_Size_Reset_Func` is defined to take an
`FT_Size`. Because `tt_size_reset_height` is to be used as such a
function, it must also take an `FT_Size` instead of a `TT_Size`. Even
though the pointers passed will be the same at runtime, calling a
function through a pointer of a different type from the original
function pointer type is undefined behavior. This may be caught at
runtime by Control Flow Integrity with something like clang's
`cfi-icall`.
Issue: https://crbug.com/1433651
* src/truetype/ttobjs.h (tt_size_reset_height): take `FT_Size`
* src/truetype/ttobjs.c (tt_size_reset_height): take `FT_Size` and
update documentation
This is a generalization of commit
```
commit e6699596af5c5d6f0ae0ea06e19df87dce088df8
Author: Werner Lemberg <wl@gnu.org>
Date: Thu Feb 2 11:38:04 2017 +0100
[truetype] Fix MVAR post-action handling.
```
It is also possible for plain `CFF ` style fonts to contain an `fvar` and
`MVAR` table and use `cff_metrics_adjust`. `tt_size_reset` should only be
called with `TT_Size` and never with `CFF_Size`.
Allow the "metrics-variations" service to specify the correct function (if
any) to reset `FT_Size`s after adjusting metrics.
* src/truetype/ttobjs.c (tt_size_reset): Split off some functionality
into...
(tt_size_reset_height): ... this new function.
* src/truetype/ttdriver.c (tt_service_metrics_variations): Add
`size_reset`.
(tt_size_select, tt_size_request): Updated.
* src/truetype/ttobjs.h: Updated.
* include/freetype/internal/services/svmetric.h (MetricsVariations): Add
`size_reset`.
(FT_DEFINE_SERVICE_METRICSVARIATIONSREC): Updated.
* include/freetype/internal/tttypes.h (TT_FaceRec_): Rename `var` to
`tt_var` and add `face_var`.
* src/cff/cffdrivr.c (cff_service_metrics_variations): Add `size_reset`.
(cff_hadvance_adjust, cff_metrics_adjust): Updated.
* src/cff/cffobjs.c (cff_face_init): Use `face_var`.
* src/sfnt/sfobjs.c (sfnt_init_face): Initialize `face_var`.
* src/sfnt/ttmtx.c (tt_face_get_metrics): Use `tt_var`.
* src/truetype/ttgxvar.c (tt_size_reset_iterator): Renamed to...
(ft_size_reset_iterator): ... this new function.
Call `size_reset`.
(tt_apply_mvar): Pass `size_reset` to `ft_size_reset_iterator`.
Fixes#1211
This is mostly cosmetic because FT_UInt and FT_UInt32 are likely identical.
* src/sfnt/ttcmap.c, src/cff/cffcmap.c, src/psaux/t1cmap.c,
src/psnames/psmodule.c, include/freetype/internal/service/svpcsmap.h,
src/pfr/pfrcmap.c, src/winfonts/winfnt.c (*_char_next): return FT_UInt.
This moves the charcode overflow checks upstream and turns some
while-loops into the do-while ones to avoid the uninitialized warnings.
This should slightly reduce the number of checks and jumps.
* src/sfnt/ttcmap.c (tt_cmap{4,12,13}_next,
tt_cmap{4.12.13}_char_map_linear): Remove the charcode overflow check.
(tt_cmap{4,12,13}_char_map_binary): Ditto and use do-while.
(tt_cmap{12,13}_char_next): Add the overflow check.
The deprecated POST version 2.5 can be handled using the data
structures of version 2.0. The goal is to reduce the footprint.
* include/freetype/internal/tttypes.h (TT_Post_Names): Absorb and...
(TT_Post_20, TT_Post_25): ... remove these structures.
src/sfnt/ttpost.c (load_post_names, tt_face_get_ps_name,
tt_face_free_ps_names, load_format_20): Updated accordingly.
(load_format_25): ditto and convert offsets to glyph indices.
* src/sfnt/ttpost.c (load_format_20): Decrease casts.
(load_format_25): Check the table length and impose a theoretical
glyph number limit usable with 8-bit offset. Decrease casts.
(load_post_names): Pass the mapping data length without 2 bytes.
* src/sfnt/ttpost.c (load_format_20): Co-allocate the string data and
their pointers, which makes it easier to handle and free them.
(tt_face_free_ps_names): Updated.
* include/freetype/internal/tttypes.h (TT_Post_20): Update type.
* src/cff/cffparse.c (cff_parser_run): Allocate the charstring buffers
and the list nodes together so that they can be freed at once.
(finalize_t2_strings): Removed as no longer needed.
(cff_parser_done): Updated.
The old stream limit checks, before 6986ddac1ece, were good but
pointless for the crafted t2_strings. Checking limits there is
not necessary as they are created to hold all data. By using two
conditions, we can detect the actual crossing of the stream boundary
as appropriate for the stream pointer only. The t2_strings parsing
will not be triggering these checks.
* src/cff/cffparse.c (cff_parser_within_limits): Removed.
(cff_parse_real, cff_parse_integer): Redesign the stream limit check.
(cff_parse_num, do fixed, cff_parse_fixed_dynamic): Update callers.
* src/truetype/ttgload.c (TT_Process_Composite_Glyph,
TT_Load_Simple_Glyph): Clean up old instructions regardless of
new ones, postpone setting `control_len` and `control_data` until...
(TT_Load_Glyph): ... the exit from this function.
The number of instructions is now taken from the executed context.
Technically, this means that `control_len` and `control_data`
values are no longer _used_ internally but only expose them.
Based on ideas from Jouk Jansen <joukj@hrem.nano.tudelft.nl>.
* src/tools/vms_shorten_symbol.c: New file, taken from
https://sourceforge.net/p/vms-ports/vmsshortsym/ci/default/tree/vms_shorten_symbol.c
with some minor edits to allow compilation with C++ and being included in
another source code file.
* src/tools/apinames.c: Include `vms_shorten_symbol.c`.
(PROGRAM_VERSION): Set to '0.5'.
(names_dump) [OUTPUT_VMS_OPT]: Call `vms_shorten_symbol` to get unique function
identifiers not longer than 31 characters.
* src/cff/cffparse.c (finalize_t2_strings): Fix NULL-dereferencing
in the out-of-memory situation, use `FT_FREE`.
(cff_parser_run): Use FreeType memory allocation macros and avoid
uninitialized pointers.
Technically, `strtol` can only be used with C strings terminated with
`\0`. CID data is not generally null-terminated and often does not
contain a `\0` if it is hex-encoded. AddressSanitizer with `ASAN_OPTIONS`
containing `strict_string_checks=1` verifies this by using an adversarial
`strtol` that always reads to the terminating `\0`.
To avoid undefined behavior from `strtol` in `cid_parser_new`, use the
parser to parse the tokens instead of attempting to parse them ad-hoc.
This will internally use `PS_Conv_Strtol` to parse the integer, which
respects the parser's limits and directly implements the PostScript
parsing rules for integers.
* src/cid/cidparse.c (cid_parser_new): Use the parser to parse the
tokens.
Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329
Without this patch, static linking with MS Visual Studio causes linking
errors.
* src/gzip/ftgzip.c: Set `ZEXPORT` to nothing and `ZEXTERN` to static for
all compilers.
This is unnecessary for predefined standard and expert encodings.
Even for custom encodings the arrays might be already zeroed when
CFF_FontRec is created but we keep it just in case.
Also short-circuit on `offset` to avoid checking `count` a second time when
`ft_ansi_stream_io` is used for reading.
Per ISO/IEC 9899:
If an argument to a function has an invalid value (such as a value outside
the domain of the function, or a pointer outside the address space of the
program, or a null pointer, or apointer to non-modifiable storage when the
corresponding parameter is not const-qualified) or a type (after
promotion) not expected by a function with variable number of arguments,
the behavior is undefined. If a function argument is described as being
an array, the pointer actually passed to the function shall have a value
such that all address computations and accesses to objects (that would be
valid if the pointer did point to the first element of such an array) are
in fact valid.
Per IEEE Std 1003.1:
size_t fread(void *restrict ptr, size_t size, size_t nitems,
FILE *restrict stream);
The `fread` function shall read into the array pointed to by `ptr` up to
`nitems` elements whose size is specified by `size` in bytes, from the
stream pointed to by `stream`.
Since the first argument to `fread` is described as being an array, its
behavior is undefined when that argument is a null pointer.
Per the documentation on `ft_ansi_stream_io`:
If `count' is zero (this is, the function is used for seeking), a non-zero
return value indicates an error.
Thus the intent is clear, and the call to `fread` can be skipped, avoiding
undefined behaviour.
* src/base/ftoutln.c (FT_Outline_Reverse, FT_Outline_EmboldenXY,
FT_Outline_Get_Orientation): Set the first and last indexes together.
(FT_Outline_Decompose): Ditto and check them more stringently.
* src/smooth/ftgrays.c (FT_Outline_Decompose)[STANDALONE_]: Ditto.
A cubic contour has to always start from an on-point. Therefore, we
should not swap the first with the last point, which might be off, and
obtain an invalid contour. This does not matter for conic contours.
If anything, it also saves one swap there. Fixes#1207.
The design coordinates for MM fonts were not rounded. For example,
`FT_Get_Var_Design_Coordinates` returned values with fractional part.
* src/type1/t1load.c (mm_axis_unmap): Refactor with rounding.
* include/freetype/ftmm.h (FT_Var_Axis, FT_Set_Var_Design_Coordinates,
FT_Get_Var_Design_Coordinates): Reword documentation.
==========================
Tag sources with `VER-2-13-0'.
* docs/VERSION.TXT: Add entry for version 2.13.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.12.1/2.13/, s/2121/2130/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 13.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 25:0:19.
* CMakeLists.txt (VERSION_MINOR): Set to 13.
(VERSION_PATCH): Set to 0.
* src/autofit/ft-hb.c: Decorate with `FT_LOCAL_DEF`.
Add ANSI boilerplate code for otherwise empty file.
* src/autofit/ft-hb.h: Include `compiler-macros.h` and `freetype.h`.
Use `FT_BEGIN_HEADER` and `FT_END_HEADER`.
Decorate with `FT_LOCAL`.
* src/autofit/rules.mk (AUTOF_DRV_SRC): Add `ft-hb.c`.
Modern compilers get more insistent on that...
* include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define.
* src/*: Use it instead of `/* fall through */` comments.
Otherwise we get zillions of clang 15 warnings.
* src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c,
src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c,
src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c,
src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use
`double` cast in debugging and tracing macros.
This is mandated by the C99 standard, and clang 15 produces zillions of
warnings otherwise.
* devel/ftoption.h, include/freetype/config/ftoption.h,
include/freetype/internal/ftmemory.h, src/autofit/afhints.h,
src/autofit/afmodule.c, src/autofit/aftypes.h, src/base/ftadvanc.c,
src/base/ftdbgmem.c, src/base/ftstream.c, src/bdf/bdflib.c,
src/truetype/ttinterp.c: Replace identifiers of the form `_foo` with `foo_`.
