* src/cff/cffobjs.c (remove_style): Rewrite using pointers.
(remove_subset_prefix): Unwrap loop and use `memmove`.
* src/truetype/ttobjs.c (tt_skip_pdffont_random_tag): Unwrap loop
and avoid `strlen`.
This is a follow-up to commit 49c74ac02, which creates a new local variable
"exec = loader->exec", and shortening a lot of "loader->exec". This commit
does two more such changes missed in that first commit.
Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>
In C it is undefined behavior to call a function through a function pointer
of a different type. This is now detected by the Control Flow Integrity
Sanitizer. All known issues have already been fixed. Prevent any
accidental re-introduction by removing function pointer casts when defining
services. The services will call the service functions through the function
pointers on the service. As a result the functions must have the same type
so there should be no need to cast. Removing the casts allows compilers to
warn about assignment to an incompatible function pointer type.
`deltaSet` is an array of packed integers that can be 32 bits, 16 bits, or
8 bits. Before this change, these values were unpacked to 32-bit integers.
However, this can cause big heap allocations, e.g., around 500 KByte for
'NotoSansCJK'. To reduce this amount, store the packed integers and unpack
them just before passing to the calculation. At calculation time, due to
the variable length of region indices, temporary heap allocations are
necessary. This heap allocation is not negligible and visible in `ftbench`
results. So, use stack-allocated arrays for short array calculations.
Fixes#1230.
* include/freetype/internal/ftmmtypes.h (GX_ItemVarDataRec): New fields
`wordDeltaCount` and `longWords`.
* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Load packed
data.
(tt_var_get_item_delta): Unpack data before applying.
Modern color fonts often contain both an 'SVG' and 'COLR' table. FreeType
always preferred 'SVG' over 'COLR' (this was a design decision), however,
this might not be the right choice for the user. The new flags makes
FreeType ignore the 'SVG' table while loading a glyph.
Fixes#1229.
* include/freetype/freetype.h (FT_LOAD_NO_SVG): New macro.
* src/base/ftobjs.c (FT_Load_Glyph), src/cff/cffgload.c (cff_slot_load),
src/truetype/ttgload.c (TT_Load_Glyph): Use it.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
* include/freetype/internal/tttypes.h (TT_FaceRec): New field
`non_var_style_name`.
* src/sfnt/sfobjs.c (sfnt_load_face): Initialize `non_var_style_name`.
(sfnt_done_face): Free `non_var_style_name`.
* src/truetype/ttgxvar.c (TT_Set_Named_Instance): Restore non-VF style name
if switching back to non-VF mode.
A variation font's PostScript name of a named instance is usually different
from the PostScript name of an unnamed instance. However, if a change
between a named instance and an unnamed instance with exactly the same
design axis values happened, it was possible that the PostScript name wasn't
correctly updated.
This commit reorganizes the code to handle this issue within the top-level
API functions, using a new service to trigger recomputation of the
PostScript name.
* include/freetype/internal/services/svmm.h (FT_Construct_PS_Name_Func): New
typedef.
(FT_Service_MultiMasters): New field `construct_ps_name`.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
* src/base/ftmm.c (FT_Set_Var_Design_Coordinates,
FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Call
`mm->construct_ps_name` to handle `postscript_name`.
(FT_Set_Named_Instance): Call `mm->construct_ps_name` to handle
`postscript_name`.
Use shortcut.
* src/cff/cffdrivr.c (cff_construct_ps_name): New function.
(cff_service_multi_masters): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Don't handle `postscript_name`.
(TT_Set_MM_Blend): Simplify.
(TT_Set_Named_Instance): Return -1 if axis values haven't changed.
Don't set `face_index`.
(tt_construct_ps_name): New function.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
* src/type1/t1driver.c (t1_service_multi_masters): Updated.
* src/type1/t1load.c (T1_Set_MM_Blend): Simplify.
According to the documentation, the functions `FT_Set_Named_Instance`,
`FT_Set_MM_Design_Coordinates`, `FT_Set_Var_Design_Coordinates`, and
`FT_Set_Var_Blend_Coordinates` can unset the `FT_FACE_FLAG_VARIATION` flag.
(The same is true for `FT_Set_MM_WeightVector` but this information was
accidentally omitted from the documentation.)
However, if a call of these functions didn't change the axis values this
could fail because internal shortcuts exited too early.
This commit reorganizes the code to handle `FT_FACE_FLAG_VARIATION` in the
top-level API functions, also taking care of the issue at hand.
* src/base/ftmm.c (FT_Set_MM_Design_Coordinates, FT_Set_MM_WeightVector,
FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates,
FT_Set_Var_Blend_Coordinates): Handle `FT_FACE_FLAG_VARIATION`.
* src/truetype/ttgxvar.c (TT_Set_MM_Blend, TT_Set_Var_Design,
TT_Set_Named_Instance) Don't handle `FT_FACE_FLAG_VARIATION`.
* src/type1/t1load.c (T1_Set_MM_Blend, T1_Set_MM_WeightVector,
T1_Set_MM_Design): Ditto.
* src/cff/cffobjs.c (cff_face_init): Use `FT_Set_Named_Instance` instead of
low-level functions.
* src/truetype/ttobjs.c (tt_face_init): Ditto.
The `MetricsVariations` `FT_Size_Reset_Func` is defined to take an
`FT_Size`. Because `tt_size_reset_height` is to be used as such a
function, it must also take an `FT_Size` instead of a `TT_Size`. Even
though the pointers passed will be the same at runtime, calling a
function through a pointer of a different type from the original
function pointer type is undefined behavior. This may be caught at
runtime by Control Flow Integrity with something like clang's
`cfi-icall`.
Issue: https://crbug.com/1433651
* src/truetype/ttobjs.h (tt_size_reset_height): take `FT_Size`
* src/truetype/ttobjs.c (tt_size_reset_height): take `FT_Size` and
update documentation
This is a generalization of commit
```
commit e6699596af5c5d6f0ae0ea06e19df87dce088df8
Author: Werner Lemberg <wl@gnu.org>
Date: Thu Feb 2 11:38:04 2017 +0100
[truetype] Fix MVAR post-action handling.
```
It is also possible for plain `CFF ` style fonts to contain an `fvar` and
`MVAR` table and use `cff_metrics_adjust`. `tt_size_reset` should only be
called with `TT_Size` and never with `CFF_Size`.
Allow the "metrics-variations" service to specify the correct function (if
any) to reset `FT_Size`s after adjusting metrics.
* src/truetype/ttobjs.c (tt_size_reset): Split off some functionality
into...
(tt_size_reset_height): ... this new function.
* src/truetype/ttdriver.c (tt_service_metrics_variations): Add
`size_reset`.
(tt_size_select, tt_size_request): Updated.
* src/truetype/ttobjs.h: Updated.
* include/freetype/internal/services/svmetric.h (MetricsVariations): Add
`size_reset`.
(FT_DEFINE_SERVICE_METRICSVARIATIONSREC): Updated.
* include/freetype/internal/tttypes.h (TT_FaceRec_): Rename `var` to
`tt_var` and add `face_var`.
* src/cff/cffdrivr.c (cff_service_metrics_variations): Add `size_reset`.
(cff_hadvance_adjust, cff_metrics_adjust): Updated.
* src/cff/cffobjs.c (cff_face_init): Use `face_var`.
* src/sfnt/sfobjs.c (sfnt_init_face): Initialize `face_var`.
* src/sfnt/ttmtx.c (tt_face_get_metrics): Use `tt_var`.
* src/truetype/ttgxvar.c (tt_size_reset_iterator): Renamed to...
(ft_size_reset_iterator): ... this new function.
Call `size_reset`.
(tt_apply_mvar): Pass `size_reset` to `ft_size_reset_iterator`.
Fixes#1211
* src/truetype/ttgload.c (TT_Process_Composite_Glyph,
TT_Load_Simple_Glyph): Clean up old instructions regardless of
new ones, postpone setting `control_len` and `control_data` until...
(TT_Load_Glyph): ... the exit from this function.
The number of instructions is now taken from the executed context.
Technically, this means that `control_len` and `control_data`
values are no longer _used_ internally but only expose them.
Otherwise we get zillions of clang 15 warnings.
* src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c,
src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c,
src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c,
src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use
`double` cast in debugging and tracing macros.
This is mandated by the C99 standard, and clang 15 produces zillions of
warnings otherwise.
* devel/ftoption.h, include/freetype/config/ftoption.h,
include/freetype/internal/ftmemory.h, src/autofit/afhints.h,
src/autofit/afmodule.c, src/autofit/aftypes.h, src/base/ftadvanc.c,
src/base/ftdbgmem.c, src/base/ftstream.c, src/bdf/bdflib.c,
src/truetype/ttinterp.c: Replace identifiers of the form `_foo` with `foo_`.
Currently the cvt and storage are saved and restored in `TT_RunIns`.
However, this is too granular as the cvt and storage area should be set to
the original cvt and storage area only when setting up the hinting context.
This allows for the cvt and storage area to be modified while parsing
multiple glyphs, as is the case with composite glyphs.
* src/truetype/ttinterp.h (TT_ExecContextRec): Remove `origCvt` and
`origStorage`.
* src/truetype/ttinterp.c (TT_RunIns): Don't save and restore the cvt and
storage area.
(Modify_CVT_Check, Ins_WS): Switch from "if in glyph and using original data
do copy on write" to "if in glyph and not using glyph specific data do copy
on write".
`tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`. While it
may return an error, the item store must be left in a consistent state so
that any use or destruction of the item store can properly use or free the
data in it. Before this change the counts from the font data were read
directly into the item store before the actual allocation of the arrays to
which they referred. There exist many opportunities between the time the
counts are read and the arrays are allocated to return early due to invalid
data. When this happened the item store claimed to have entires it actually
did not, leading to crashes later when it was used.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449
* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts
into local variables and store them in the item store only after the related
arrays are actually created on the item store.
This gives users a possibility to deactivate new features not (yet) in the
OpenType standard.
* include/freetype/config/ftoption.h, devel/ftoption.h
(TT_CONFIG_OPTION_NO_BORING_EXPANSION): New macro.
* src/truetype/ttgxvar.c (ft_var_load_avar): Use it to disable 'avar'
version 2.0 support.
* src/truetype/ttgxvar.c (tt_hvadvance_adjust): Move bounds check ...
(tt_var_get_item_delta): ... to this function, because it is safer. For
example, the 'avar' table 2.0 codepath was not performing a bounds check at
all.
