-
81a456b2
by Alexei Podtelezhnikov at 2023-01-04T22:41:34-05:00
* src/base/ftobjs.c (FT_Request_Metrics): Avoid division by zero.
The division-by-zero might happen in broken fonts (see #1194).
Instead of returning a huge number from FT_DivFix and failing
to scale later, we now bail immediately.
-
63f37136
by Dominik Röttsches at 2023-01-05T09:35:32+01:00
[sfnt] Fix color stop bounds check calculation at table end.
Fixes https://bugs.chromium.org/p/skia/issues/detail?id=14021
* src/sfnt/ttcolr.c (VAR_IDX_BASE_SIZE): New macro.
(tt_face_get_colorline_stops): Fix off-by-one bounds check calculation, take
`VarColorStop` into account, and hopefully make it easier to read.
-
c0b4f6a8
by Noah Cabral at 2023-01-05T14:58:51+01:00
fix spelling err in LICENSE.txt
-
15afb554
by Ben Wagner at 2023-01-05T22:05:02+01:00
[base] Report used stream's external status.
In `open_face` the initial stream is set on the face, along with the
information about if FreeType is the owner of the stream object itself. The
loaders may in the course of their work replace this stream with a new
stream (as is the case for 'woff' and 'woff2'), which may have a different
ownership than the initial stream object (likely the original stream object
is owned by the user and is external, while the new stream object is created
internally to FreeType and is internal). When the stream is replaced, the
face's flags are updated with the new ownership status.
However, `open_face` cannot itself free this stream as its caller
`ft_open_face_internal` is responsible for this. In addition, in the case
of an error `open_face` cannot return an actual face with the new stream and
its ownership status to the caller. As a result, it must pass this
information back to the caller as a sort of "failed face" so that the caller
can clean up.
`open_face` was already passing back the new stream but was not passing back
the stream ownership information. As a result the stream may not have been
free'd when needed.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700
* src/base/ftobjs.c (open_face): Pass back the ownership information as
well.
(ft_open_face_internal): Updated.
-
262b47ac
by Ben Wagner at 2023-01-06T07:11:41+01:00
[truetype] Keep variation store consistent.
`tt_var_load_item_variation_store` fills out a `GX_ItemVarStore`. While it
may return an error, the item store must be left in a consistent state so
that any use or destruction of the item store can properly use or free the
data in it. Before this change the counts from the font data were read
directly into the item store before the actual allocation of the arrays to
which they referred. There exist many opportunities between the time the
counts are read and the arrays are allocated to return early due to invalid
data. When this happened the item store claimed to have entires it actually
did not, leading to crashes later when it was used.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54449
* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Read the counts
into local variables and store them in the item store only after the related
arrays are actually created on the item store.
-
ebe7e912
by Matthias Clasen at 2023-01-06T12:54:17+01:00
[autofit] Don't depend on 'hb-ft'.
The circular dependency is still there, but at least we no longer depend on
the HarfBuzz API that is only present if HarfBuzz has been built with
FreeType support, making the bootstrapping a bit easier.
* src/autofit/ft-hb.c, src/autofit/ft-hb.h: New files, providing
`_hb_ft_font_create`, which is more or less a verbatim copy of the
corresponding HarfBuzz code from file `hb-ft.cc`.
* src/autofit/afglobal.c (af_face_globals_new): Use it.
* src/autofit/afshaper.h: Don't include `hb-ft.h` but `ft-hb.h`.
* src/autofit/autofit.c: Include `ft-hb.c`.
* LICENSE.TXT: Updated.
-
3481b154
by Ben Wagner at 2023-01-07T07:28:04+01:00
[truetype] Reset cvt and storage in context load.
Currently the cvt and storage are saved and restored in `TT_RunIns`.
However, this is too granular as the cvt and storage area should be set to
the original cvt and storage area only when setting up the hinting context.
This allows for the cvt and storage area to be modified while parsing
multiple glyphs, as is the case with composite glyphs.
* src/truetype/ttinterp.h (TT_ExecContextRec): Remove `origCvt` and
`origStorage`.
* src/truetype/ttinterp.c (TT_RunIns): Don't save and restore the cvt and
storage area.
(Modify_CVT_Check, Ins_WS): Switch from "if in glyph and using original data
do copy on write" to "if in glyph and not using glyph specific data do copy
on write".
-
b1c90733
by Werner Lemberg at 2023-01-07T07:41:31+01:00
* src/autofit/ft-hb.c (_hb_ft_reference_table): Minor integration fixes.
-
2692b321
by Dominik Röttsches at 2023-01-16T14:02:36+01:00
[sfnt] Remove temporary runtime flag for variable 'COLR' v1.
Fixes #1187.
* src/sfnt/ttcolr.c (top level, read_paint, tt_face_load_colr,
tt_face_free_colr, get_deltas_for_var_index_base,
tt_face_get_color_glyph_clipbox, tt_face_get_colorline_stops): Remove macro
definition `VARIABLE_COLRV1_ENABLED` and its usage.
* src/truetype/ttdriver.c (tt_property_set): Remove parsing of
'TEMPORARY-enable-variable-colrv1' property name.
* src/truetype/ttobjs.h (TT_DriverRec): Remove `enable_variable_colrv1`
flag.
-
6a179ff7
by Werner Lemberg at 2023-01-16T16:38:56+01:00
sr/*.c: Various minor fixes.
* src/autofit/ft-hb.c (_hb_ft_reference_table): Call `FT_UNUSED` after
variable declarations.
* src/gxvalid/gxvjust.c (gxv_just_widthDeltaClusters_validate): Eliminate
unused variable.
* src/gzip/ftgzip.c: Don't call GCC '-Wstrict-prototypes' pragma for C++
compiler.
* src/sfnt/ttcolr.c (ENSURE_READ_BYTES): Remove final semicolon to avoid
compiler warning.
* src/sfnt/ttsvg.c (tt_face_load_svg_doc): Fix signedness warning.
-
13983b05
by Ben Wagner at 2023-01-17T08:48:33+01:00
[base] Fix leak of internal stream marked external.
`open_face_from_buffer` allocates a new `FT_Stream` to pass to
`ft_open_face_internal`. Because this is an `FT_OPEN_STREAM`,
`ft_open_face_internal` will mark this as an 'external stream', which the
caller must free. However, `open_face_from_buffer` cannot directly free it
because the stream must last as long as the face. There is currently an
attempt at this by clearing the 'external stream' bit after
`open_face_from_buffer` returns successfully. However, this is too late as
the original stream may have already been closed and the stream on the face
may not be the same stream as originally passed.
It is tempting to use `FT_OPEN_MEMORY` and let `ft_open_face_internal`
create the stream internally. However, with this method there is no means
to pass through a 'close' function to the created stream to free the
underlying data, which must be owned by the stream.
A possibility is to check on success if the stream of the face is the same
as the original stream. If it is then unset the external flag. If not,
then free the original stream. Unfortunately, while no current
implementation does so, it is possible that the face still has the original
stream somewhere other than as the `FT_FaceRec::stream`. The stream needs
to remain available for the life of the face or until it is closed,
whichever comes earlier.
The approach taken here is to let the stream own itself. When the stream is
closed it will free itself.
* src/base/ftobjs.c (memory_stream_close): Free `stream`.
(open_face_from_buffer): Simplify error handling, since
`ft_open_face_internal` always closes `args.stream` on any error.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54930
-
0d4f887c
by Ben Wagner at 2023-01-17T08:54:11+01:00
[base] Always close user-provided stream.
The `FT_Open_Face` documentation states
> If `FT_OPEN_STREAM` is set in `args->flags`, the stream in `args->stream`
> is automatically closed before this function returns any error (including
> `FT_Err_Invalid_Argument`).
However, if the user provides a stream in `args.stream` with
`FT_OPEN_STREAM` set and a `close` function, but then for some reason passes
NULL for `aface` and a non-negative `face_index`, the error
`Invalid_Argument` is returned but the `close` callback will not be called
on the user-provided stream. This may cause resource leaks if the caller is
depending on the `close` callback to free resources.
The difficulty is that a user may fill out a `FT_StreamRec` and pass its
address as `args.stream`, but the stream isn't really 'live' until
`FT_Stream_New` is called on it (and `memory` is set). In particular, it
cannot really be cleaned up properly in `ft_open_face_internal` until the
stream pointer has been copied into the `stream` local variable.
* src/base/ftobj.c (ft_open_face_internal): Ensure that user-provided
`args.stream.close` is called even with early errors.
-
29f83d1d
by Ben Wagner at 2023-01-17T08:59:25+01:00
[base] 'close' callback may not use `stream->memory`.
The documentation for `FT_StreamRec::memory` states that it 'shouldn't be
touched by stream implementations'. This is true even for internal
implementations of the 'close' callback, since it is not guaranteed that
`memory` will even be set when the 'close' callback occurs.
* src/base/ftobjs.c (new_memory_stream): stash current `memory` in
`stream->descriptor`.
(memory_stream_close): Use it.
-
6c1bd0f2
by Werner Lemberg at 2023-01-17T09:15:36+01:00
* src/tools/no-copyright: Updated.
-
65f85237
by Werner Lemberg at 2023-01-17T09:18:25+01:00
Update all copyright notices.
-
f80be4e9
by Werner Lemberg at 2023-01-17T19:03:45+01:00
* src/tools/update-copyright: Allow execution from other repositories.
We use this for `freetype-demos`.
-
a297feab
by Dominik Röttsches at 2023-01-18T08:22:53+01:00
[sfnt] Avoid nullptr dereference in reading malformed 'COLR' v1 table.
Fixes https://bugs.chromium.org/p/chromium/issues/detail?id=1408044.
* src/sfnt/ttcolr.c (tt_face_load_colr): When the 'COLR' v1 table header is
too small, don't deallocate delta set index map structures.
-
188019eb
by Ben Wagner at 2023-01-18T08:37:51+01:00
[base] Return error if requested driver is not found.
In `open_face_from_buffer` it is possible that a driver is requested but
FreeType was built without the requested module. Return an error in this
case to indicate that the request could not be satisfied, rather than trying
all existing driver modules.
* src/base/ftobjs.c (open_face_from_buffer): Return `FT_Err_Missing_Module`
if a driver is specified but not found.
-
d680908a
by Ben Wagner at 2023-01-18T09:00:21+01:00
[base] Fix typo.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Request module 't1cid',
not 'cid'.
-
0982d3ec
by Alexei Podtelezhnikov at 2023-01-18T18:31:27+00:00
* docs/oldlogs/ChangeLog.210: Typos.
-
82ce1726
by Werner Lemberg at 2023-01-19T07:17:14+01:00
The 'COLR' v1 API will no longer be experimental in the next release.
-
bea675cd
by Behdad Esfahbod at 2023-01-27T06:53:46+01:00
[ttgxvar] Fix crash in COLRv1.
This is a stopgap until issue #1202 is properly fixed.
* src/truetype/ttxgvar.c (tt_var_get_item_delta): Check `normalizedcoords`.
-
bacc48e6
by Werner Lemberg at 2023-01-28T17:04:11+01:00
Whitespace.
-
e97544a7
by Werner Lemberg at 2023-01-28T17:04:38+01:00
Minor changes.
Comment fixes, typos, removing of unnecessary parentheses.
-
9c23b89d
by Werner Lemberg at 2023-01-30T17:16:34+01:00
* subprojects/harfbuzz.wrap, subprojects/libpng.wrap: Updated.
-
aec87c09
by Werner Lemberg at 2023-02-01T11:52:26+01:00
* docs/CHANGES: Add news for 'freetype-demos'.
-
9508811a
by Werner Lemberg at 2023-02-01T12:01:58+01:00
* src/truetype/ttgxvar.c (tt_var_get_item_delta): Check `face->blend`.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55581
-
646cc8ef
by Werner Lemberg at 2023-02-02T10:51:39+01:00
* src/cff/cffgload.c (cff_slot_load): Avoid memory leak.
Fixes issue #1204.
-
82c131ac
by Alexei Podtelezhnikov at 2023-02-04T03:20:25+00:00
* src/type1/t1afm.c (T1_Read_Metrics): Validate ascender and descender.
The ascender and descender are optional in the AFM specifications.
They could be omitted or even set to zero, e.g., in the current release
of URW++ base 35 fonts.
-
1bbec9e9
by Alexei Podtelezhnikov at 2023-02-04T08:34:58-05:00
* src/type1/t1afm.c (T1_Read_Metrics): Reaffirm ascender and descender.
-
beb22729
by Alexei Podtelezhnikov at 2023-02-04T09:47:44-05:00
Comment on optional ascender and descender.
-
d3582e3f
by Werner Lemberg at 2023-02-07T05:56:12+01:00
docs/CHANGES: Updated.
-
515bdfef
by anuj at 2023-02-07T23:03:23+00:00
[sdf] Use 32-bit integers internally.
* src/sdf/ftsdfcommon.h (FT_16D16, FT_26D6): Use 32-bit integers
instead of `FT_Fixed` for internal data types. `FT_Fixed` i.e.
`signed long` is 64-bit on some architectures.