Very embarassing :-)
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14701https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14705https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14710
* src/truetype/ttgload.c (IS_DEFAULT_INSTANCE): Move up and add
argument; update all callers.
(TT_Process_Simple_Glyph): Use it. The `unrounded' array is active
for variation fonts only, thus also enclose related code with
`#ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT ... #endif' where
necessary.
Revert commit a113e5d from 2019-05-09, and don't use `extra_points2'
but allocate a temporary array.
Speed up the scaling of the `unrounded' array.
* src/truetype/ttgxvar.c (FT_fixedToInt, FT_FixedToFdot6): Fix type
conversions and rounding. The unsigned type must have more or equal
bits to the signed type.
This patch make FreeType use font units in 26.6 format internally
instead of integers.
* src/truetype/ttgxvar.c (FT_fixedToFdot6): New macro.
(TT_Vary_Apply_Glyph_Deltas): Add argument to output unrounded font
coordinates.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Use
`extra_points2' array to temporarily hold unrounded point
coordinates; use them to compute scaled coordinates and linear
advance width and height.
(load_truetype_code): Adjust similarly.
Reported by Sender Ghost <lightside@gmx.com>.
* src/autofit/afcjk.c (af_cjk_hints_compute_edges): Catch a corner
case where `edge->first' could be NULL.
* src/pfr/pfrobjs.c (pfr_slot_load): Remove unnecessary test of
`size'.
* src/raster/ftraster.c (Draw_Sweep): Catch a corner case where
`draw_right' might be NULL.
* src/sfnt/ttmtx.c (tt_face_get_metrics): Fix limit test for
`aadvance'.
Ensure `abearing' always hold a meaningful result.
* src/truetype/ttgload.c (load_truetype_glyph): Ensure `subglyph' is
not NULL before accessing it.
* src/truetype/ttgxvar.c (TT_Set_Named_Instance): Remove unnecessary
test of `namedstyle'.
* src/type42/t42parse.c (t42_parser_done): Ensure
`parser->root.funcs.done' is not NULL before accessing it.
The previous implementation is correct but it is too complex.
The revised algorithm is based on the fact that each split moves
the control points closer to the trisection points on the chord.
The corresponding distances are good surrogates for the curve
deviation from the straight line.
This cubic flattening algorithm is somewhat similar to the conic
algorithm based the distance from the control point to the middle of
the chord. The cubic distances, however, decrease less predictably
but are easy enough to calculate on each step.
* src/smooth/ftgrays.c (gray_render_cubic): Replace the split
condition.
This commit fixes the changes from 2018-07-21, which broke charmap
iteration. We now add the default character as a new glyph with
index 0, thus increasing the number of glyphs by one (as before).
* src/pcf/pcfread.c (pcf_get_metrics): Adjust to new artificial
glyph with index 0.
Limit number of elements to 65534.
(pcf_get_bitmaps): Ditto.
Unify two loops into one; this avoids allocation of an intermediate
array.
(pcf_get_encodings): Don't flip indices but copy glyph metrics of
default character to index 0.
Also handle invalid default character.
* docs/CHANGES: Updated.
642bc7590c introduced dynamically
allocated memory when parsing CFF files with the "old" engine. Bounds
checks have never been updated, however, leading to pointless
comparisons of pointers in some cases. This commit presents a
solution for bounds checks in the CFF module with an extended logic
for the "old" engine while staying as concise as possible for the
"new" one.
* src/cff/cffparse.h: Introduce the struct `CFF_T2_StringRec' and
the additional field `t2_strings' within `CFF_ParserRec'.
* src/cff/cffparse.c (cff_parser_within_limits): Move all boundary
checks into this new function and update the rest of `cffparse.c' to
use it.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12137
* src/autofit/afblue.dat: Use U+200D (ZERO-WIDTH JOINER) characters
to get medial forms for some Mongolian characters.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
As a de-facto standard, layouts using this script are constructed
horizontally line by line, then the lines are rotated clockwise for
vertical display.
* src/autofit/afblue.dat: Add blue zone data for Mongolian.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Mongolian standard characters.
* src/autofit/afranges.c, src/autofit/afstyles.h: Add Mongolian
data.
==========================
Tag sources with `VER-2-10-0'.
* docs/VERSION.TXT: Add entry for version 2.10.0.
* docs/CHANGES: Updated.
* README, Jamfile (RefDoc), src/base/ftver.rc,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.9.1/2.10.0/, s/291/2100/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 10.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 23:0:17.
* CMakeLists.txt (VERSION_MINOR): Set to 10.
(VERSION_PATCH): Set to 0.
* builds/toplevel.mk (version, winversion): Since the minor version
number has two digits now, never omit the patch number. We would
get ambiguous zip file names otherwise.
(dist): Remove remnants of `docmaker' tool.
(do-dist): Remove unused intermediate files.
* src/cff/cffparse.c (destrict_c2s_item): Guard function with
CFF_CONFIG_OPTION_OLD_ENGINE macro.
This change should allow Freetype to work on WASM/Emscripten without
needing `-s EMULATE_FUNCTION_POINTER_CASTS=1'.
* src/autofit/afdummy.c (af_dummy_hints_apply): Fix signature.
* src/cid/cidload.c (cid_parse_font_matrix, parse_fd_array,
parse_expansion_factor, parse_font_name): Return `void', not
`FT_Error'.
* include/freetype/internal/ftobjs.h (FT_CMap_CharVarIsDefaultFunc):
Fix signature.
* src/psaux/psintrp.c (cf2_interpT2CharString): The call to
`cf2_arrstack_setCount' may fail because the allocator ran out of
memory. When this happens the stack is still written to before the
error condition is checked. This means that FreeType writes outside
of allocated memory. This commit moves the error check prior to the
stack assignment, hence the function now properly returns with an
error condition.
Instead of setting typo or win metrics as the new FT_Face metrics
indiscriminately, apply only typo deltas to the currently active FT_Face
metrics. This prevents line height differences when e.g. the default
outlines were used as the regular face and instances for everything else.
* src/truetype/ttgxvar.c (tt_apply_mvar): Implement.
If the OS/2 table exists and fsSelection bit 7 (USE_TYPO_METRICS) is set,
use the sTypo* set of values to compute the FT_Face's ascender, descender
and height. Otherwise, fall back to old behavior.
* src/sfnt/sfobjs.c (sfnt_load_face): Implement.
All of the Type 1 path building is done with code common to the
revised CFF engine, with the exception of closepath, which was still
calling ps_builder_close_contour(), thus previously cached segments
were not always written to the path, and glyph corruption, or even
invalid outlines were possible.
* src/psauc/psinterp.c (cf2_interpT2CharString) <cf2_cmdCLOSEPATH>:
Switch to calling `cf2_glyphpath_closeOpenPath'.