Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10317
* src/truetype/ttgxvar.c (ft_var_load_gvar): Properly exit memory
frame if we have invalid glyph variation data offsets.
(tt_face_vary_cvt): Protect against missing `tuplecoords' array.
Fix typo.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Correctly set
`face->doblend' if the current call to the function yields the same
blend coordinates as the previous call.
It turned out that we incorrectly round CVT and glyph point deltas
before accumulation, leading to severe positioning errors if there
are many delta values to sum up.
Problem reported by Akiem Helmling <akiem@underware.nl> and analyzed
by Behdad.
* src/truetype/ttgxvar.c (ft_var_readpackeddelta): Return deltas in
16.16 format.
(tt_face_var_cvt): Collect deltas in `cvt_deltas', which is a 16.16
format array, and add the accumulated values to the CVT at the end
of the function.
(TT_Vary_Apply_Glyph_Deltas): Store data in `points_org' and
`points_out' in 16.16 format.
Collect deltas in `point_deltas_x' and `point_deltas_y', which are
16.16 format arrays, and add the accumulated values to the glyph
coordinates at the end of the function.
This monster commit was created by applying Nikhil's scripts
`docconverter.py' and `markify.py' to all C header and source files,
followed up by minor manual clean-up.
No change in functionality, of course.
I used commit f7419907bc6044b9b7057f9789866426c804ba82 from
https://github.com/nikramakrishnan/freetype-docs.git.
* src/truetype/ttgxvar.c (ft_var_to_normalized): Don't emit number
of coordinates.
(TT_Get_MM_Var): Trace instance indices names.
(TT_Set_Var_Design): Updated.
Behdad reported that setting blend coordinates, then getting design
coordinates did incorrectly return the default instance's
coordinates.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Fix it.
We exit early if the current design or blend coordinates are
identical to the new ones.
* src/truetype/ttgxvar.c (tt_set_mm_blend, TT_Set_Var_Design):
Implement it, returning internal error code -1 if there will be no
variation change.
* src/type1/t1load.c (t1_set_mm_blend): Ditto.
* src/base/ftmm.c (FT_Set_Var_Design_Coordinates,
FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Updated.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Always adjust
`pp1' to `pp4', except if we have an HVAR and/or VVAR table.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Handle
alternative code branch identically w.r.t. presence of an HVAR
and/or VVAR table.
This commit completely separates the interaction between named
instances and variation functions. In particular, resetting the
variation returns to the current named instance (if set) and not to
the base font.
As a side effect, variation functions no longer change the named
instance index.
* src/cff/cffobjs.c (cff_face_init): Use MM service's `set_instance'
function.
Also apply `MVAR' table to named instances.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Add cast.
(tt_set_mm_blend): No longer check whether requested variation
coincides with a named instance.
(TT_Set_Var_Design): Use current named instance for default
coordinates.
* src/truetype/ttobjs.c (tt_face_init): Use `TT_Set_Named_Instance'.
Without this change, clang's AddressSanitizer reports many runtime
errors due to misaligned addresses.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Use multiples of pointer
size for sub-array offsets into `mmvar'.
The reserved `flags' field got a value in OpenType version 1.8.2;
unfortunately, the public `FT_Var_Axis' structure misses the
corresponding element. Since we can't add a new field, we add an
access function.
* src/base/ftmm.c (FT_Get_Var_Axis_Flags): New function.
* include/freetype/ftmm.h (FT_VAR_AXIS_FLAG_HIDDEN): New macro.
Updated.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Increase allocated memory
of `mmvar' to hold axis flags.
Fill the axis flags array.
* docs/CHANGES: Updated.
Reported by Nikolaus Waxweiler <madigens@gmail.com>.
* src/truetype/ttgxvar.c (TT_Set_Var_Design): Correctly handle the
case where we have less input coordinates than axes.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Compute all design
coordinates if we have to create the `blends->coord' array.
(TT_Get_MM_Blend, TT_Get_Var_Design): Select default instance
coordinates if no instance is selected yet.
When points are not touched by gvar interpolation deltas, FreeType
gave a slightly different result than Apple's CoreText.
The OpenType working group will update the specification to document
the following behaviour: If the two points with deltas to the `left'
and `right' of the untouched point have the same coordinate, then
the inferred delta for the untouched point should be zero.
* src/truetype/ttgxvar.c (tt_delta_interpolate): Implement new
behaviour.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* include/freetype/internal/tttypes.h (TT_FaceRec): New fields
`var_postscript_prefix' and `var_postscript_prefix_len'.
* src/sfnt/sfdriver.c: Include FT_TRUETYPE_IDS_H.
(sfnt_is_alphanumeric): New wrapperfunction for `ft_isalnum'.
(get_win_string, get_apple_string): Remove `const' from return
value.
(MAX_VALUE_DESCRIPTOR_LEN, MAX_PS_NAME_LEN): New macros.
(hexdigits): New array.
(sfnt_get_var_ps_name): New function, implementing Adobe TechNote
5902 to construct a PS name for a variation font instance.
(sfnt_get_ps_name): Call `sfnt_get_var_ps_name' for font instances.
* src/sfnt/sfobjs.c (sfnt_done_face): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Reset
`face->postscript_name' to trigger recalculation for new instance
parameters.
* include/freetype/internal/services/svmm.h (FT_Get_Var_Blend_Func):
Add `normalizedcoords' argument.
* src/truetype/ttgxvar.h (GX_BlendRec): Add `coords' field to store
the design coordinates of the current instance.
Updated.
* src/truetype/ttgxvar.c (TT_Set_MM_Blend): Move functionality to...
(tt_set_mm_blend): ... New function.
Convert data in `normalizedcoords' array to `coords' array on
demand.
(TT_Set_Var_Design): Store argument data in `coords' array.
(TT_Get_Var_Design): Get data from `coords' array.
(tt_get_var_blend): Updated.
(tt_done_blend): Updated.
* src/cff/cffload.c, src/cff/cffload.h (cff_get_var_blend): Updated.
* src/cff/cf2ft.c (cf2_getNormalizedVector): Updated.
* src/cff/cffobjs.c (cff_face_init): Updated.
