* src/truetype/ttgload.c (TT_Load_Simple_Glyph): Check instruction
size only if we do native hinting.
(TT_Load_Glyph): Trace returned error code.
* src/truetype/ttobjs.c (tt_size_run_fpgm, tt_size_run_prep): Trace
returned error code.
(tt_size_ready_bytecode): Don't run `prep' table if `fpgm' table is
invalid.
* src/cff/cffload.c (FT_fdot14ToFixed): Fix casting.
(cff_blend_doBlend): Don't left-shift negative numbers.
Handle 5-byte numbers byte by byte to avoid alignment issues.
* src/cff/cffparse.c (cff_parse): Handle 5-byte numbers byte by byte
to avoid alignment issues.
* src/cid/cidload (cid_read_subrs): Do nothing if we don't have any
subrs.
* src/psaux/t1decode.c (t1_decode_parse_charstring): Fix tracing.
* src/tools/glnames.py (main): Put `DEFINE_PSTABLES' guard around
definition of `ft_get_adobe_glyph_index'.
* src/psnames/pstables.h: Regenerated.
* src/psnames/psmodule.c: Inlude `pstables.h' twice to get both
declaration and definition.
* src/truetype/ttgxvar.c (FT_fdot14ToFixed, FT_intToFixed): Fix
casting.
Without this patch, requesting information for face index N returned
the data for face index N+1 (or index 0).
* src/sfnt/sfobjs.c (sfnt_init_face): Correctly adjust `face_index'
for negative `face_instance_index' values.
Malformed fonts often have large values for the number of bitmap
strikes, and FreeType doesn't check the validity of all bitmap
strikes in advance.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=353
* src/tools/ftfuzzer/ftfuzzer.cc: Include `stdlib.h' for `rand'.
(Random): Small class to provide n randomly selected numbers
(without repitition) out of the value set [0,N].
(LLVMFuzzerTestOneInput): Use it to test only up to 10 bitmap
strikes.
Make some functions work before a call to `TT_Set_MM_Blend'.
* src/truetype/ttgxvar.c (tt_hadvance_adjust): Exit immediately if
we don't blend.
(TT_Get_MM_Blend, TT_Get_Var_Design): Return default values if we
don't blend.
Pdfium includes `pstables.h' a second time; moving the definition
from `pstables.h' to `psmodule.c' saves more than 60kByte data
segment space for this case.
* src/tools/glnames.py (StringTable::dump,
StringTable::dump_sublist, dump_encoding, dump_array): Emit
additional code to only define tables if `DEFINE_PS_TABLES' is set.
* src/psnames/pstables.h: Regenerated.
* src/psnames/psmodule.c (DEFINE_PS_TABLES): Define.
* src/cff/cffdrivr.c: Don't include
`FT_SERVICE_METRICS_VARIATIONS_H'.
(cff_get_advances): Use `ttface->variation_support'.
* src/truetype/ttdriver.c (tt_get_advances): Use
`ttface->variation_support'.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Use `ttface->variation_support'.
* include/freetype/internal/tttypes.h (TT_FACE_FLAG_VAR_XXX):
New macros describing available functionality of various OpenType
tables related to font variation.
(TT_Face): New fields `variation_support' and `mvar_support',
replacing and extending `use_fvar'.
* src/sfnt/sfobjs.c (sfnt_init_face, sfnt_load_face): Use
`variation_support'.
* src/truetype/ttgxvar.c (ft_var_load_hvar): Set `variation_support'
field.
(TT_Vary_Apply_Glyph_Deltas): Updated.
* src/cff/cffdrivr.c (cff_get_advances), src/truetype/ttdriver.c
(tt_get_advances): Use `is_default_instance' for test; this gets
recomputed after changing blend coordinates.
When asking for an unhinted non-default variations,
`linearVertAdvance' is currently the value from the `hmtx' table
instead of the actual value after applying the variation. `HVAR'
support fixes this, but fonts will exist without that table and will
need sane fallback.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph,
load_truetype_glyph): Implement linear advance adjustments if `HVAR'
or `VVAR' tables are missing.
Everything is guarded with TT_CONFIG_OPTION_GX_VAR_SUPPORT.
* src/base/ftadvanc.c (LOAD_ADVANCE_FAST_CHECK): Don't handle MM.
* src/cff/cffdrivr.c: Include FT_SERVICE_METRICS_VARIATIONS_H.
(cff_get_advances): Test for HVAR and VVAR.
* src/truetype/ttdriver.c (tt_get_advances): Test for HVAR and VVAR.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=304
* src/base/ftobjs.c (FT_Open_Face): Code moved to...
(ft_open_face_internal): ... this function.
Add a parameter to control whether we try special Mac font handling
in case of failure.
(FT_Open_Face, FT_New_Face, FT_New_Memory_Face,
open_face_from_buffer): Use `ft_open_face_internal'.
In particular, we need access to named instance data.
* include/freetype/internal/services/svmm.h (FT_Get_Var_Blend_Func):
Add argument for `FT_MM_Var'.
* src/cff/cffload.c (cff_get_var_blend): Updated.
* src/cff/cffload.h: Updated.
* src/cff/cf2ft.c (cf2_getNormalizedVector): Updated.
* src/truetype/ttgxvar.c (tt_get_var_blend): Updated.
Accept value `NULL' for arguments.
* src/truetype/ttgxvar.h: Updated.
This is better behaviour than exiting with an error.
* include/freetype/internal/tttypes.h (TT_Face): Add `use_fvar'
field.
* src/sfnt/sfobjs.c (sfnt_init_face): Compute `use_fvar', also
updating the validation code.
Use `use_fvar' to compute FT_FACE_FLAG_MULTIPLE_MASTERS.
* src/truetype/ttgxvar.c (TT_Get_MM_Var): Remove `fvar' validation
code.