Problem reported by Marc Schönefeld.
HarfBuzz validates everything while processing OpenType tables in fonts.
However, the data returned by `hb_ot_layout_collect_lookups` is not
validated. This commit adds proper checks.
* src/autofit/afglobal.h (AF_FaceGlobals): New field `gsub_lookup_count`.
* src/autofit/afgsub.c (af_parse_gsub): Set it.
* src/autofit/afadjust.c (af_reverse_character_map_new): Test result of
`hb_set_next`.
Problem reported by Marc Schönefeld.
* src/sfnt/ttgpos.c (tt_face_validate_lookup_table, tt_face_load_gpos): Fix
counting of fitting subtables by correctly rejecting invalid data.
This is done for consistency with Type 1 fonts.
* include/freetype/internal/cfftypes.h (CFF_FontRecDic): Change
the variable types.
* include/cff/cfftoken.h (CFF_FontRecDic): Change the parsing macros.
* src/cff/cffobjs.c (cff_face_init), src/cff/cffload.c (cff_subfont_load),
src/cff/cffdrivr.c (cff_ps_get_font_info): Update users.
The italic angle is commonly specified in fractional degrees in
Type 1 fonts and its derivatives. This change clarifies and fixes
these values. Note that CFF fonts has always reported them as such,
but truncated the underline position and thickness. Fixes#1367.
* include/freetype/t1tables.h (PS_FontInfoRec):
Use FT_Fixed for italic_angle.
* src/cid/cidtoken.h, src/type1/t1tokens.h, src/type42/t42parse.c:
Modify the italic_angle token.
* src/cff/cffdrivr.c (cff_ps_get_font_info): Fix the underline
position and thickness.
* docs/CHANGES: Note this change.
* src/autofit/aflatin.c (af_latin_stretch_top_tilde,
af_latin_stretch_bottom_tilde, af_latin_align_top_tilde,
af_latin_align_bottom_tilde,
af_glyph_hints_apply_vertical_separation_adjustments): Use `ADD_LONG` and
`SUB_LONG` for values that involve `FT_LONG_MAX` and `FT_LONG_MIN`.
Fixes issue #1363.
==========================
Tag sources with `VER-2-14-1'.
* docs/VERSION.TXT: Add entry for version 2.14.1.
* docs/CHANGES: Updated.
* docs/release, docs/README, builds/macs/README: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.14.0/2.14.1/, s/2140/2141/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 26:4:20.
* CMakeLists.txt (VERSION_PATCH): Set to 1.
==========================
Tag sources with `VER-2-14-0'.
* docs/VERSION.TXT: Add entry for version 2.14.0.
* docs/CHANGES: Updated.
* docs/release, docs/README, builds/macs/README: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.13.3/2.14.0/, s/2133/2140/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 14.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 26:3:20.
* CMakeLists.txt (VERSION_MINOR): Set to 14.
(VERSION_PATCH): Set to 0.
This avoids cluttering the source code with VMS-specific changes.
* include/freetype/internal/ftcalc.h [__VMS], src/base/ftcalc.c
[vms_auto64_source]: Remove.
* builds/vms/patch_ftcalc.sed: New file.
* vms_make.com: Change macro definitions while this script is running; we
use `GNU sed` to inject the necessary preprocessor code on the fly.
This is intended to warn against modifying any fields in the class,
at compile-time and avoid crashes at run-time.
* include/freetype/internal/ftobjs.h (FT_ModuleRec): Do it.
* src/base/ftobjs.c (Destroy_Module, FT_Add_Module): Updated.
Fixes#1351 and various warnings about unused variables.
* src/truetype/ttinterp.c: Put the entire body under #ifdef.
* src/truetype/ttgload.c (TT_Process_Composite_Glyph): Relocate
some declarations.
* src/truetype/ttinterp.h: Remove some #ifdef conditions.
* src/truetype/ttobjs.c (tt_size_done): Modified.
For example, with `GoogleSansFlex-Regular.ttf` at ROND=100, the 'Q' glyph
was misrendering.
* src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Reset `tupleScalars`
earlier.
* include/freetype/internal/ftcalc.h [__VMS]: Undefine `FT_MulFix`.
* src/base/ftcalc.c [vms_auto64_source]: Define `FT_MulFix`.
* vms_make.com: Also create 32bit version of the FreeType library.
Call T1_Set_MM_WeightVector, which actually sets default weights,
instead of TT_Set_MM_Blend, which just centers the axes.
* src/type1/t1load.c (T1_Reset_MM_Blend): Do it.
* include/freetype/internal/services/svmetric.h (FT_Size_Reset_Func):
Update typedef, do not return error.
* src/truetype/ttobjs.c (tt_size_reset_height): Move the PPem error
handling from here...
(tt_size_reset): ... to here to improve readability.
src/truetype/ttobjs.h (tt_size_reset_height): Update prototype.
It is possible to have a fractional part after rounding when rounding
to half-grid or super-rounding. The specs call to ignore the fractional
part in that case.
^ src/truetype/ttinterp.c (Ins_EVEN, Ins_ODD): Fix mask.
The rounding color compensation, which is not used by FreeType, belongs
to GS. This is a more logical place for it, next to round_state.
* src/truetype/ttobjs.h (TT_GraphicsState): Move compensations here...
(TT_Size_Metrics): ... from here.
* src/truetype/ttobjs.c (tt_size_init_bytecode): Updated.
* src/truetype/ttinterp.c (tt_default_graphics_state): Updated.
(Ins_ROUND,NROUND,EVEN,ODD): Updated.
(Round_*): Updated.
To support WASM targets with slow or unsupported setjmp and longjmp,
we eliminate these calls in favor of an error propagation model.
When gray_set_cell is out of cells, it raises an exception which is
later handled in gray_convert_glyph_inner.
This is a less invasive alternative to !385.
* src/smooth/ftgrays.c (gray_set_cell): Raise the overflow exception
and redirect all work to `cell_null`.
(gray_move,line,conic,cubic_to): Return the exception.
(gray_convert_glyph, gray_convert_glyph_inner): Handle the exception.
The previous code had a fundamental flaw: it didn't validate the necessary
parts of the 'GPOS' table before accessing it, causing crashes with
malformed data (since `TT_CONFIG_OPTION_GPOS_KERNING` is off by default,
standard fuzzers don't catch these problems). Additionally, it did a lot of
parsing while accessing kerning data, making it rather slow.
The new implementation fixes this. After validation, offsets to the 'GPOS'
lookup subtables used in the 'kern' feature that correspond to 'simple'
kerning (i.e., similar to 'kern' table kerning) are stored in `TT_Face`;
this greatly simplifies and accelerates access to the kerning data.
Testing with font `SF-Pro.ttf` version '1.00', the validation time for the
'GPOS' table increases the start-up time of `FT_New_Face` by less than 1%,
while calls to `FT_Get_Kerning` become about 3.5 times faster.
* include/freetype/internal (gpos_kerning_available): Replace with...
(gpos_lookups_kerning, num_gpos_lookups_kerning): ... these new fields.
Update callers.
* src/ttgpos.c [TT_CONFIG_OPTION_GPOS_KERNING]: A new implementation.
