* src/raster/ftraster.c (black_TWorker): Move `band_stack' from here..
(Render_Single_Pass): ... to here and accept limit arguments.
(Render_Glyph): Updated.
* src/raster/ftraster.c (black_TWorker): Move `arcs' from here...
(Conic_To, Cubic_To): ... to here to tighten their scope.
(Bezier_Up, Bezier_Down): ... Take the current `arc' argument.
Paint tables can appear before the `base_glyphs_v1` offset if the
font is produced with the layer list before the base glyph list. In
this case paint tables can occur after the layer list but before the
base glyph list. Checks in the 'COLR' v1 code were rejecting fonts
with this layout. Improve these checks by calculating a minimum
offset after which paint tables can occur and use that in safety
checks.
* src/sfnt/ttcolr.c (Colr, tt_face_load_colr): Declare
`paint_start_v1` and calculate that as the minimum of the end of
layer list and base glyph list.
(get_child_table_pointer, read_paint, tt_face_get_paint_layers):
Use that in safety checks.
* src/raster/ftraster.c (black_TWorker): Replace the current line
offset with the pointer and drop the increment.
(Function_Sweep_Init): Take values as arguments instead of pointers.
(Vertical_Sweep_*, Horizontal_Sweep_Init, Draw_Sweep): Updated.
We can bisect a band until it is just a single scan line. This might
be slow and cause time-outs but if we need to impose limits it should
be elsewhere.
* src/raster/ftraster.c (Render_Single_Pass): Tweak sub-banding.
FT_Render_Glyph picked up FAILURE or 1 returned from the raster
function, which became a confusing error code. Instead, return
Raster_Overflow in the unlikely event that banding does not help or
another meaningful error.
* src/smooth/ftgrays.c (gray_convert_glyph_inner, gray_convert_glyph):
Use Raster_Overflow when the rendering pool is exhausted and return it
if banding does not help.
(gray_raster_render): Use Smooth_Err_Ok.
* src/raster/ftraster.c (Render_Single_Pass): Return Raster_Overflow
if banding does not help or another error code.
* include/freetype/ftcolor.h (FT_PaintTransformed, FT_PaintFormat,
FT_COLR_Paint): Do it to make it harmonize with other names such as
'PaintTranslate'.
* src/sfnt/ttcolr.c (read_paint, tt_face_get_paint): Ditto.
We need to inverse inheritance of FT_GlyphSlot_Internal so that we
have a chance to free the rendered bitmap from the parent slot.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of the child `ttslot' and replace it with the parent structure.
(T42_GlyphSlot_Done): Updated accordingly.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Convert assertion into error, since the
problem can happen with invalid user input.
Test case is file
fuzzing/corpora/legacy/oss-fuzz/5754332360212480-unknown-read
in the `freetype2-testing` repository.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): In addition to the
existing sanity checks, ensure that the pointer to the layer to be
read is within the 'COLR' v1 table.
* src/sdf/ftsdf.c: Include `ftbitmap.h`.
* src/sdf/ftsdfcommon.h: Move function bodies to `ftsdfcommon.c`.
Include `ftobjs.h` to get definitions of `FT_LOCAL` and friends.
* src/sdf/ftsdfcommon.c: New file.
* src/sdf/rules.mk, src/sdf/sdf.c: Updated.
Since 8-bits is enough to represent SDF data we no longer require
16-bits for this purpose. Also, we now normalize the output data
to use the entire 8-bit range efficiently. For example: if we use
3.5 format with a spread of 1 we basically only use the starting
5-bits. By normalizing we can use the entire 8-bit range.
* include/freetype/freetype.h (FT_Render_Mode): Updated description
for `FT_RENDER_MODE_SDF` regarding this change.
* include/freetype/ftimage.h (FT_Pixel_Mode): Removed
`FT_PIXEL_MODE_GRAY16` since no longer required.
* include/freetype/fttypes.h (FT_F6Dot10): Removed since no longer
required.
* src/sdf/ftsdfrend.c (ft_sdf_render, ft_bsdf_render): Allocate 8-bit
bitmap instead of 16-bit buffer.
* src/sdf/ftsdfcommon.h (map_fixed_to_sdf): Added function to convert
16.16 distance value to our desired format.
* src/sdf/ftsdf.c (sdf_generate_with_overlaps,
sdf_generate_bounding_box): Use the new `map_fixed_to_sdf` function
and also use 8-bit output buffer.
* src/sdf/ftbsdf.c (finalize_sdf): Output to a 8-bit buffer instead
of 16-bit buffer.
The autohinter could not access the base (unscaled) outline in the
child TrueType glyph slot. We now share the internal parts between
the parent and child glyph slots. Fixes#1057.
* src/type42/t42objs.c (T42_GlyphSlot_Init): Remove the internal parts
of `T42_GlyphSlot' and replace it with the child TrueType structure.
(T42_GlyphSlot_Done): Updated accordingly.
While a function pointer may be cast to another function pointer
type, it is required to cast the function pointer back to the
original function pointer type before calling it. If a parameter is
a pointer the exact pointer type is required. Using a pointer to a
different underlying type is technically undefined behavior. The
wrapper functions `ft_gzip_alloc` and `ft_gzip_free` took
`FT_Memory` (a `FT_MemoryRec_*`) instead of `voidpf` (`void*`), so
when gzip calls these callbacks through `alloc_func` or `free_func`
it invokes undefined behavior. On most platforms this works out as
expected, but newer undefined behavior detectors and targets like
wasm can detect this and will produce an error.
* src/gzip/ftgzip.c (ft_gzip_alloc, ft_gzip_free): Update signatures
to exactly match `alloc_func` and `free_func`, respectively.
Internally, cast the `void*` opaque pointer to `FT_Memory`.
Fixes timeout (#1055) analyzed by Ben Wagner, reported as
https://crbug.com/1194092
* src/sfnt/ttload.c (tt_face_load_post): Check POST format.
* src/sfnt/sfobjs.c (sfnt_load_face): Synthesize the missing unicode
charmap only if the glyph names exist.
* src/psnames/psmodule.c (ps_unicode_value): Short cut ".notdef" and
".null".
Fixes timeout reported as
https://crbug.com/1206181
* src/psaux/psarrst.c (cf2_arrstack_{push,init}): Implement it.
* src/psaux/psarrst.h (CF2_ArrStackiRec): Drop `chunk'.
Selecting the fill rule or checking the direct mode each time we call
`gray_hline' is sub-optimal. This effectively splits the direct mode
into a separate code path while inlining `gray_hline' and saving 5-7%
of rendering time.
* src/smooth/ftgrays.c (gray_hline): Eliminated in favor of...
(FT_FILL_RULE, FT_GRAY_SET): ... these new macros...
(gray_sweep): ... inlined here.
(gray_sweep_direct): New function that handles the direct span buffer.
(gray_TWorker): Remove the span buffer.
(gray_raster_render, gray_convert_glyph): Updated.
Add argument to return the actual number of bytes that were decoded.
The actual number of bytes decoded can be quite variable depending
on the number of ignored 'whitespace' bytes or early termination
with `>`.
(cid_face_open): Updated to use this calculated value. This avoids
trusting `parser->binary_length` is always be correct and reading
uninitialized bits if fewer are actually decoded.
First reported as
https://crbug.com/1203240
To reduce memory allocations, we read an entire Pascal-string buffer
and convert it to a C-string buffer. We also reject tables with
Postscript glyph names exceeding 63 bytes.
* src/sfnt/ttpost.c (load_format20): Implement it.
(load_post_names): Check the minimal POST table size.
(load_format25, tt_face_free_ps_names): Updated accordingly.
* src/sfnt/sfdriver.c (get_win_string, get_apple_string,
sfnt_get_var_ps_name): Do not zero out the buffer.
* src/sfnt/sfobjs.c (sfnt_init_face): Ditto.
* src/sfnt/sfwoff.c (woff_open_font): Ditto.
* src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
* src/pcf/pcfread.c (pcf_interpret_style): Do not zero out the buffer.
* src/bdf/bdfdrivr.c (bdf_interpret_style): Ditto.
* src/winfonts/winfnt.c (FNT_Face_Init, FNT_Load_Glyph): Ditto.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream,
Mac_Read_sfnt_Resource): Do not zero out the buffer.
* src/base/ftmac.c (FT_New_Face_From_SFNT, read_lwfn): Ditto.
* src/base/ftrfork.c (raccess_make_file_name,
raccess_guess_darwin_hfsplus, raccess_guess_darwin_newvfs): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): Do not output
layer pointer to iterator if it is outside the 'COLR' table.
(read_paint): Do not attempt to read layers that are outside the
table.
* src/base/ftobjs.c (ft_glyphslot_clear): This function is intended
to reset all the values of a glyph slot. However, it was not
resetting the values of the advances and `glyph_index`. Reset the
advances and `glyph_index` to zero.
In commit 531d463aed365b
[truetype] Allocate TT_ExecContext in TT_Size instead of TT_Driver.
the `TT_ExecContext` was moved from being on the driver to being on the size
to make it easier to use FreeType in a multi-threaded environment. However,
the documentation for `TT_New_Context` was not updated and still reflects
the old behavior and parameter list.
This change updates `TT_New_Context` documentation to reflect the current
parameters and usage.
`FDEF` instructions are specified as allowed only in 'prep' or
'fpgm'. FreeType has attempted to prevent their use in the glyph
program, but they were still allowed in glyph programs if defined in
a function defined in 'prep' or 'fpgm' and called from the glyph
program.
Similarly, `IDEF` instructions are specified not to be able to
modify any existing instruction. FreeType has attempted to prevent
their use in the glyph program, but they can still be used like
`FDEF`.
This change stores the initial bytecode range type and disallows the
use of `FDEF` and `IDEF` while running the glyph program.
Most other state is copied from the `TT_Size` into the execution
context. However, it is possible for a glyph program to use `WS` to
write to the storage area or `WCVTP`, `WCVTF`, and `DELTAC[123]` to
write to the control value table.
Allowing any change to the global state from the glyph program is
problematic as the outlines of any given glyph may change based on
the order the glyphs are loaded or even how many times they are
loaded. There exist fonts that write to the storage area or the
control value table in the glyph program, so their use should not be
an error.
Possible solutions to using these in the glyph program are
* ignore the writes;
* value-level copy on write, discard modified values when finished;
* array-level copy on write, discard the copy when finished;
* array-level copy up-front.
Ignoring the writes may break otherwise good uses. A full copy
up-front was implemented, but was quite heavy as even well behaved
fonts required a full copy and the memory management that goes along
with it. Value-level copy on write could use less memory but
requires a great deal more record keeping and complexity. This
change implements array-level copy on write. If any attempt is made
to write to the control value table or the storage area when the
initial bytecode range was in a glyph program, the relevant array
will be copied to a designated storage area and the copy used for
the rest of the glyph program's execution.
* src/truetype/ttinterp.h (TT_ExecContextRec): New fields
`iniRange`, `glyfCvtSize`, `glyfCvt`, `origCvt`, `glyfStoreSize`,
`glyfStorage`, and `origStorage`.
* src/truetype/ttinterp.c (Modify_CVT_Check): New function to handle
`exc->glyfCvt`.
(Write_CVT, Write_CVT_Stretched, Move_CVT, Move_CVT_Stretched): Use
it.
(Ins_WS): Handle `exc->glyfStorage`.
(Ins_FDEF, Ins_IDEF): Updated.
(TT_RunIns): Updated.
(TT_Done_Context): Free 'glyf' CVT working and storage area.
(TT_Load_Context): Fix/add casts.
* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Fix cast.
* src/sfnt/ttcolr.c (get_child_table_pointer): New function to fetch
child table pointer early for all paint formats that compute a child
table pointer.
(read_color_line, read_paint): Updated.
(tt_face_get_colorline_stops): Check `colr->table`.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
Memory is allocated and the pointer assigned to `rows` inside a
'setjmp' scope. This memory must be freed outside the 'setjmp'
scope after a 'longjmp'. Since `rows` is a local and modified
inside the 'setjmp' scope it must be marked volatile or it will have
an indeterminate value after the 'longjmp'.
* src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
We now record `cover' and `area' directly into the linked list. This
makes rendering faster by 10% or even more at larger sizes.
* src/smooth/ftgrays.c (FT_INTEGRATE): Write directly.
(gray_TWorker): Add direct cell reference and remove unused fields.
(gray_set_cell): Consolidate the linked list management and pointers.
(gray_convert_glyph, gray_convert_glyph_inner): Updated.
This change fixes a crash that occurs in `Load_SBit_Png` when
running on a 64-bit Windows OS. A memory access violation exception
would be raised by `setjmp` if the `jmp_buf` is not aligned to a
16-byte memory boundary. This is due to setjmp executing `movdqa`
instructions to store 128-bit XMM registers to memory, which require
correct memory alignment. This problem occurs because
`png_create_read_struct` uses `malloc` and `free` for memory
management, which only guarantees 8-byte alignment on Windows.
Instead, to fix the problem, `png_create_read_struct_2` is used on
64-bit Windows, which allows for user-defined memory allocation and
deallocation callbacks to be specified. These callbacks forward the
allocation and deallocation requests to `_aligned_alloc` and
`_aligned_free`, ensuring that the allocated `png_struct` and
internal `jmp_buf` have the requisite 16-byte alignment.
* src/sfnt/pngshim.c <_WIN64>: Include `malloc.h`.
(malloc_callback, free_callback) <_WIN64>: New functions.
(Load_SBit_Png) <_WIN64>: Use `png_create_read_struct_2` instead of
`png_create_read_struct`
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28148
* src/sfnt/sfwoff2.c (woff2_open_font): Reject fonts that have
multiple tables with the same tag. While not explicitly forbidden
in the OpenType specification, it is implicitly forbidden by
describing a binary search algorithm for tables that only works
reliably if table tags are unique.
This is for future changes with Meson, which doesn't allow a
different name for its `subprojects` directory. Having both a
`submodules` and a `subprojects` directory is confusing.
* .gitmodules, autogen.sh (copy_submodule_files, DLG_INC_DIR,
DLG_SRC_DIR): Updated.
* builds/toplevel.mk (<top-level>, do-dist),
builds/windows/vc2010/script.bat: Updated.
* src/tools/no-copyright: Updated.
* freetype.h (FT_PaintFormat): Update paint format identifiers after
a specification change. The specification was updated to have
sibling formats, variable and non-variable variants for each.
Reflect that here.
* sfnt/ttcolr.c (read_paint): Remove parsing of variable indices as
the non-variable formats no longer have them.
* include/freetype/internal/compiler-macros.h (FT_COMPARE_DEF):
Add new macro.
* src/base/ftrfork.c, src/bdf/bdflib.c, src/gxvalid/gxvcommn.c,
src/psaux/afmparse.c, src/psnames/psmodule.c, src/type1/t1afm.c,
src/sfnt/sfwoff.c, src/sfnt/sfwoff2.c: Update qsort callbacks.
Fixes#1026 when compiling FreeType with an unusual calling convention
while the C library qsort still expects cdecl.
* include/freetype/freetype.h (FT_Get_Color_Glyph_Paint):
Additional function argument root_transform to control whether
root transform should be returned.
(FT_OpaquePaint): Additional tracking field to denote whether
root transform is to be returned.
* include/freetype/internal/sfnt.h
(TT_Get_Color_Glyph_Paint_Func): Propagate additional argument.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Paint): Ditto.
* src/sfnt/ttcolr.c (tt_face_get_colr_glyph_paint): Return root
transform reflecting the size and tranform configured on
FT_Face.
(read_paint): Initialize and track status of insert_root_transform
flag.
This ensures good logging output, with all lines having a proper
prefix (if requested).
This is a continuation of a similar patch from 2020-12-02, which
missed some locations.
It's easier to have stubs if FT_DEBUG_LOGGING is undefined than to
modify `ftexport.sym` conditionally.
Problem reported by Alexei.
* src/base/ftdebug.c: Include `ftlogging.h`.
(FT_Trace_Set_Level, FT_Trace_Set_Default_Level, FT_Set_Log_Handler,
FT_Set_Default_Log_Handler) [!FT_DEBUG_LOGGING]: Provide stubs.
* sfnt/ttcolr.c (tt_face_get_colr_glyph_paint,
tt_face_get_colorline_stops, tt_face_get_paint): Additional checks
for whether colr table is present. Prevents crashes when these
methods are called on non-COLR fonts.
* src/base/ftobjs.c (FT_Get_Color_Glyph_Paint, FT_Get_Paint_Layers,
FT_Get_Paint, FT_Get_Colorline_Stops): Add basic sanity checks,
check for existence of `FT_Face`, check arguments and delegate calls
for the respective 'COLR' v1 API to the SFNT driver.
* include/freetype/internal/sfnt.h (TT_Get_Color_Glyph_Paint_Func,
TT_Get_Paint_Layers_Func, TT_Get_Colorline_Stops_Func,
TT_Get_Paint_Func): New function pointer types.
(SFNT_Interface): Add them.
(FT_DEFINE_SFNT_INTERFACE): Updated.
* src/sfnt/sfdriver.c (PUT_COLOR_LAYERS_V1): New macro.
(sfnt_interface): Add new function pointers.
* src/sfnt/ttcolr.c (tt_face_get_paint_layers): New function to get
the layers of a `PaintColrLayers` table in the font, using an
`FT_LayerIterator` from an `FT_PaintColrLayers` object retrieved via
`tt_face_get_paint`.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_colorline_stops): New function to
return the current `FT_ColorStop` object from `FT_ColorStopIterator`.
Also increment the iterator.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (tt_face_get_paint): New function to resolve an
`FT_OpaquePaint` paint reference into an `FT_COLR_Paint` object of a
certain format, which contains the detailed information stored in a
paint of the respective format.
(read_paint): New function to provide the format specific parsing
and to populate the data members of each specific `FT_COLR_Paint`
subtype.
(read_color_line): New function to parse retrieved color line
information into an `FT_ColorLine` object, which has information
about the color line extend mode as well as an
`FT_ColorStopIterator` object.
* src/sfnt/ttcolr.h: Updated.
* src/sfnt/ttcolr.c (BaseGlyphV1Record): New structure.
(tt_face_load_colr): Handle version 1 table header.
(find_base_glyph_v1_record): New auxiliary function.
(tt_face_get_colr_glyph_paint): New function to find the root
`FT_OpaquePaint` object for a given glyph ID.
* src/sfnt/ttcolr.h: Updated.
* include/freetype/freetype.h (FT_Get_Color_Glyph_Paint): New method
for retrieving the root paint object for a color glyph by specifying
a glyph ID.
(FT_Get_Paint_Layers): New method for retrieving the layers of a
`PaintColorGlyph`.
(FT_Get_ColorLine_Stops): New method for retrieving the stops of a
color.
(FT_Get_Paint): New method for resolving an `FT_OpaquePaint` into an
`FT_COLR_Paint` object.
* src/sdf/module.mk, src/sfd/rules.mk: New files.
* src/sdf/ftsdf.h (ft_sdf_raster): New forward declaration.
* include/freetype/ftmoderr.h (FT_MODERRDEF): Add error definition
for the 'sdf' module.
* include/freetype/internal/fttrace.h (FT_TRACE_DEF): Add trace
definition for the `sdf' module.
* modules.cfg (RASTER_MODULES): Add the `sdf' module to the list of
rasterizers.
