==========================
Tag sources with `VER-2-13-0'.
* docs/VERSION.TXT: Add entry for version 2.13.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.12.1/2.13/, s/2121/2130/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 13.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 25:0:19.
* CMakeLists.txt (VERSION_MINOR): Set to 13.
(VERSION_PATCH): Set to 0.
Modern compilers get more insistent on that...
* include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define.
* src/*: Use it instead of `/* fall through */` comments.
Otherwise we get zillions of clang 15 warnings.
* src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c,
src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c,
src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c,
src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use
`double` cast in debugging and tracing macros.
This is mandated by the C99 standard, and clang 15 produces zillions of
warnings otherwise.
* devel/ftoption.h, include/freetype/config/ftoption.h,
include/freetype/internal/ftmemory.h, src/autofit/afhints.h,
src/autofit/afmodule.c, src/autofit/aftypes.h, src/base/ftadvanc.c,
src/base/ftdbgmem.c, src/base/ftstream.c, src/bdf/bdflib.c,
src/truetype/ttinterp.c: Replace identifiers of the form `_foo` with `foo_`.
In `open_face_from_buffer` it is possible that a driver is requested but
FreeType was built without the requested module. Return an error in this
case to indicate that the request could not be satisfied, rather than trying
all existing driver modules.
* src/base/ftobjs.c (open_face_from_buffer): Return `FT_Err_Missing_Module`
if a driver is specified but not found.
The documentation for `FT_StreamRec::memory` states that it 'shouldn't be
touched by stream implementations'. This is true even for internal
implementations of the 'close' callback, since it is not guaranteed that
`memory` will even be set when the 'close' callback occurs.
* src/base/ftobjs.c (new_memory_stream): stash current `memory` in
`stream->descriptor`.
(memory_stream_close): Use it.
The `FT_Open_Face` documentation states
> If `FT_OPEN_STREAM` is set in `args->flags`, the stream in `args->stream`
> is automatically closed before this function returns any error (including
> `FT_Err_Invalid_Argument`).
However, if the user provides a stream in `args.stream` with
`FT_OPEN_STREAM` set and a `close` function, but then for some reason passes
NULL for `aface` and a non-negative `face_index`, the error
`Invalid_Argument` is returned but the `close` callback will not be called
on the user-provided stream. This may cause resource leaks if the caller is
depending on the `close` callback to free resources.
The difficulty is that a user may fill out a `FT_StreamRec` and pass its
address as `args.stream`, but the stream isn't really 'live' until
`FT_Stream_New` is called on it (and `memory` is set). In particular, it
cannot really be cleaned up properly in `ft_open_face_internal` until the
stream pointer has been copied into the `stream` local variable.
* src/base/ftobj.c (ft_open_face_internal): Ensure that user-provided
`args.stream.close` is called even with early errors.
`open_face_from_buffer` allocates a new `FT_Stream` to pass to
`ft_open_face_internal`. Because this is an `FT_OPEN_STREAM`,
`ft_open_face_internal` will mark this as an 'external stream', which the
caller must free. However, `open_face_from_buffer` cannot directly free it
because the stream must last as long as the face. There is currently an
attempt at this by clearing the 'external stream' bit after
`open_face_from_buffer` returns successfully. However, this is too late as
the original stream may have already been closed and the stream on the face
may not be the same stream as originally passed.
It is tempting to use `FT_OPEN_MEMORY` and let `ft_open_face_internal`
create the stream internally. However, with this method there is no means
to pass through a 'close' function to the created stream to free the
underlying data, which must be owned by the stream.
A possibility is to check on success if the stream of the face is the same
as the original stream. If it is then unset the external flag. If not,
then free the original stream. Unfortunately, while no current
implementation does so, it is possible that the face still has the original
stream somewhere other than as the `FT_FaceRec::stream`. The stream needs
to remain available for the life of the face or until it is closed,
whichever comes earlier.
The approach taken here is to let the stream own itself. When the stream is
closed it will free itself.
* src/base/ftobjs.c (memory_stream_close): Free `stream`.
(open_face_from_buffer): Simplify error handling, since
`ft_open_face_internal` always closes `args.stream` on any error.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54930
In `open_face` the initial stream is set on the face, along with the
information about if FreeType is the owner of the stream object itself. The
loaders may in the course of their work replace this stream with a new
stream (as is the case for 'woff' and 'woff2'), which may have a different
ownership than the initial stream object (likely the original stream object
is owned by the user and is external, while the new stream object is created
internally to FreeType and is internal). When the stream is replaced, the
face's flags are updated with the new ownership status.
However, `open_face` cannot itself free this stream as its caller
`ft_open_face_internal` is responsible for this. In addition, in the case
of an error `open_face` cannot return an actual face with the new stream and
its ownership status to the caller. As a result, it must pass this
information back to the caller as a sort of "failed face" so that the caller
can clean up.
`open_face` was already passing back the new stream but was not passing back
the stream ownership information. As a result the stream may not have been
free'd when needed.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700
* src/base/ftobjs.c (open_face): Pass back the ownership information as
well.
(ft_open_face_internal): Updated.
The division-by-zero might happen in broken fonts (see #1194).
Instead of returning a huge number from FT_DivFix and failing
to scale later, we now bail immediately.
Fix "make multi" by MR !223
* include/freetype/internal/services/svmm.h: include ftmm.h to define FT_Get_MM_Func.
* src/truetype/ttgxvar.h: include ftmmtypes.h to use GX_AVarTable properly.
* src/base/ftmac.c: include ftdebug.h to use FT_THROW() properly.
* src/base/ftbitmap.c (FT_Bitmap_Copy): Flip the copy if its pitch
is trully opposite, zero is not a positive value.
(FT_Bitmap_Convert): Set negative pitch as needed, accept negative
alignment values.
Reusing target bitmaps for copying and converting is permitted. It is,
however, pointless to preserve their content before overwriting. Free-
malloc might be faster than realloc.
* src/base/ftbitmap.c (FT_Bitmap_Copy, FT_Bitmap_Convert): Free
an old buffer and create a new one.
This follows similar code in `cff_slot_done`.
* src/base/ftobjs.c (ft_glyphslot_done), src/type1/t1objs.c
(T1_GlyphSlot_Done): Check `internal` pointer.
The Type1 problems was reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50057.
When resizing the loader's points and contours, resize them to at least 1.5
times their current size. The code currently only reserves as much space as
is currently required, leading to O(n^2) runtime when adding points one at a
time.
This change does not attempt to ever shrink the loader's point and contour
storage since this was not attempted previously either. The 1.5 multiple
was chosen as a trade-off between potentially unused space and the runtime.
* src/base/ftgloader.c (FT_GlyphLoader_CheckPoints): Implement it.
Fixes#1173.
If `FT_GlyphLoader_CreateExtra` returns an error (and a couple of other
places), `FT_GlyphLoader_CheckPoints` would propagate the error immediately,
rather than cleaning up the partially set up `FT_GlyphLoader`. As a
consequence, a subsequent attempt to create a glyph could result in a crash.
* src/base/ftgloadr.c (FT_GlyphLoader_CheckPoints): Ensure all the error
conditions exits are consistent, eventually calling `FT_GlyphLoader_Reset`.
This avoids regressing Blink layout tests and makes `FT_MulAdd_Fix` delta
retrieval implementation consistent with the previous implementation, which
used `FT_fixedToInt` and included rounding.
* src/base/ftcalc.c (FT_MulAdd_Fix): Implement it.
Also fix remaining `temp` initialization compilation issue.
Fixes#1169.
This function, based on the code of `FT_MulFix`, uses 64-bit precision
internally for intermediate computations.
* include/freetype/internal/ftcalc.h, base/ftcalc.c (FT_MulAddFix):
Implement it.
`FT_READ_LONG`, `FT_GET_LONG`, and related macros did not return
negative values when `long` is more than 32 bits. `FT_Stream_ReadULong`
would read four bytes into the LSB of an `FT_ULong` and return that.
Since this can never set the MSb of the `FT_ULong` when `FT_ULong` is
more than 32 bits the cast to `FT_Long` never resulted in a negative
value.
Fix this by modifying `FT_Stream_Read*` to return a type of the same
size as the bytes it is reading and changing the `FT_READ_*` and
`FT_GET_*` macros to cast to the same type returned by `FT_Stream_Read*`
but with the correctly signed type (instead of casting to what is
assumed to be the type of `var` which will happen automatically anyway).
There exist a few cases like with the `OFF3` variants where there isn't
generally a type with the correct size. `FT_PEEK_OFF3` works around this
loading the bytes into the three most significant bits and then doing a
signed shift down. `FT_NEXT_OFF3` also already worked correctly by
casting this signed value to another signed type. `FT_Stream_GetUOffset`
works correctly but one must be careful not to attempt to cast the
returned value to a signed type. Fortunately there is only
`FT_GET_UOFF3` and no `FT_GET_OFF3`.
All of these cases are handled correctly when reading values through
`FT_Stream_ReadFields` since it generically computes the signed value
through an `FT_Int32`. This change is essentially doing the same for
these macros.
* include/freetype/internal/ftstream.h (FT_NEXT_*, FT_GET_*, FT_READ*):
Update macros and return types to use fixed size types for fixed size
values.
* src/base/ftstream.c (FT_StreamGet*, FT_StreamRead*): Dito.
Issue: #1161
This issue was discovered with an SVG based font with some documents
compressed and other uncompressed. After loading the first compressed
document the ownership flag on the glyph slot was set to true but never
set to false. As a result after loading a compressed document a glyph
from an uncompressed document would load fine, but when this glyph slot
was cleared it would try to free its document resulting in a wild free.
* src/base/ftobjs.c (ft_glyphslot_clear): clear correct flags
Fixes: #1162
==========================
Tag sources with `VER-2-12-1'.
* docs/VERSION.TXT: Add entry for version 2.12.1.
* docs/CHANGES, docs/release: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.12.0/2.12.1/, s/2120/2121/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 24:3:18.
* CMakeLists.txt (VERSION_PATCH): Set to 1.
==========================
Tag sources with `VER-2-12-0'.
* docs/VERSION.TXT: Add entry for version 2.12.0.
* docs/CHANGES, docs/release: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.11.1/2.12.0/, s/2111/2120/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 12.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 24:2:18.
* CMakeLists.txt (VERSION_MINOR): Set to 12.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (do-dist): Generate `ChangeLog` entries for all commits
since version 2.11.0 (when we stopped creating this file manually).
* src/base/ftrfork.c (raccess_make_file_name): Do not set error.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string): Ditto.
* src/cff/cffobjs.c (cff_strcpy): Do not confuse about error.
* src/psaux/psobjs.c (ps_table_done): Ditto.
* src/truetype/ttgxvar.c (ft_var_readpacked*, ft_var_load_avar): Ditto.
* include/freetype/config/ftheader.h (FT_OTSVG_H): New macro.
* include/freetype/freetype.h (FT_FACE_FLAG_SVG, FT_HAS_SVG): New macros.
(FT_LOAD_SVG_ONLY): New internal macro.
* include/freetype/ftimage.h (FT_Glyph_Format): New enumeration value
`FT_GLYPH_FORMAT_SVG`.
* include/freetype/internal/ftobjs.h (FT_GLYPH_OWN_GZIP_SVG): New macro.
* include/freetype/internal/fttrace.h: Add `ttsvg` for `ttsvg.c`.
* include/freetype/internal/sfnt.h(load_svg, free_svg, load_svg_doc): New
functions.
* include/freetype/internal/tttypes.h (TT_FaceRec): Add `svg` for
the SVG table.
* include/freetype/otsvg.h (FT_SVG_DocumentRec): New structure to hold the
SVG document and other necessary information of an OT-SVG glyph in a glyph
slot.
* include/freetype/tttags.h (TTAG_SVG): New macro.
* src/base/ftobjs.c: Include `otsvg.h`.
(ft_glyphslot_init): Allocate `FT_SVG_DocumentRec` in `slot->other`
if the SVG table exists.
(ft_glyphslot_clear): Free it upon clean-up if it is a GZIP compressed
glyph.
(ft_glyphslot_done): Free the document data if it is a GZIP compressed
glyph.
(FT_Load_Glyph): Don't auto-hint SVG documents.
* src/cache/ftcbasic.c (ftc_basic_family_load_glyph): Add support for
FT_GLYPH_FORMAT_SVG.
* src/sfnt/rules.mk (SFNT_DRV_SRC): Add `ttsvg.c`.
* src/sfnt/sfdriver.c: Include `ttsvg.h`.
(sfnt_interface): Add `tt_face_load_svg`, `tt_face_free_svg` and
`tt_face_load_svg_doc`.
* src/sfnt/sfnt.c: Include `ttsvg.c`.
* src/sfnt/sfobjs.c (sfnt_load_face, sfnt_done_face): Add code to load and
free data of the the SVG table.
* src/sfnt/ttsvg.c: New file, implementing `tt_face_load_svg`,
`tt_face_free_svg` and `tt_face_load_svg_doc`.
* src/sfnt/ttsvg.h: Declarations of the SVG functions in
`ttsvg.c`.
It might be surprising that FreeType does not have default ppem and
the size has to be set explicitly or face undefined behavior with
undefined variables and errors. This offers an alternative to
missing or zero scale by simply setting FT_LOAD_NO_SCALE. Defined
behavior is bettr than undefined one.
This is alternative to !132 and discussed in
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43708
* src/base/ftobjs.c (FT_Load_Glyph): Deal with zero scale.
* include/freetype/freetype.h: Document it.
