This is done for consistency with Type 1 fonts.
* include/freetype/internal/cfftypes.h (CFF_FontRecDic): Change
the variable types.
* include/cff/cfftoken.h (CFF_FontRecDic): Change the parsing macros.
* src/cff/cffobjs.c (cff_face_init), src/cff/cffload.c (cff_subfont_load),
src/cff/cffdrivr.c (cff_ps_get_font_info): Update users.
The italic angle is commonly specified in fractional degrees in
Type 1 fonts and its derivatives. This change clarifies and fixes
these values. Note that CFF fonts has always reported them as such,
but truncated the underline position and thickness. Fixes#1367.
* include/freetype/t1tables.h (PS_FontInfoRec):
Use FT_Fixed for italic_angle.
* src/cid/cidtoken.h, src/type1/t1tokens.h, src/type42/t42parse.c:
Modify the italic_angle token.
* src/cff/cffdrivr.c (cff_ps_get_font_info): Fix the underline
position and thickness.
* docs/CHANGES: Note this change.
The previous code had a fundamental flaw: it didn't validate the necessary
parts of the 'GPOS' table before accessing it, causing crashes with
malformed data (since `TT_CONFIG_OPTION_GPOS_KERNING` is off by default,
standard fuzzers don't catch these problems). Additionally, it did a lot of
parsing while accessing kerning data, making it rather slow.
The new implementation fixes this. After validation, offsets to the 'GPOS'
lookup subtables used in the 'kern' feature that correspond to 'simple'
kerning (i.e., similar to 'kern' table kerning) are stored in `TT_Face`;
this greatly simplifies and accelerates access to the kerning data.
Testing with font `SF-Pro.ttf` version '1.00', the validation time for the
'GPOS' table increases the start-up time of `FT_New_Face` by less than 1%,
while calls to `FT_Get_Kerning` become about 3.5 times faster.
* include/freetype/internal (gpos_kerning_available): Replace with...
(gpos_lookups_kerning, num_gpos_lookups_kerning): ... these new fields.
Update callers.
* src/ttgpos.c [TT_CONFIG_OPTION_GPOS_KERNING]: A new implementation.
After the previous commit, cff_glyph_load is no longer called
without first checking for valid size and glyph objects in
FT_Glyph_Load and these checks can be removed downstream.
* src/cff/cffdrivr.c (cff_glyph_load): Remove `size` and `glyph` checks.
* src/cff/cffgload.c (cff_slot_load): Ditto.
Otherwise, let TT_Get_Advances fall back on cff_load_glyph to do
slow advances. This avoids unchecked access to cff_load_glyph and
this is how tt_get_advances is implemented.
This assignmets used to be done prematurely before errors were checked
and outlines were actually loaded. Delaying the assignment provides
certain protection against careless usage of malformed input that
should now remain FT_GLYPH_FORMAT_NONE.
* src/cff/cffgload.c (cff_slot_load): Ditto.
* src/cid/cidgload.c (cid_slot_load_glyph): Ditto.
* src/pfr/pfrobjs.c (pfr_slot_load): Ditto.
* src/truetype/ttgload.c (TT_Load_Glyph): Ditto.
* src/type1/t1gload.c (T1_Load_Glyph): Ditto.
This is already done by `ft_glyphslot_clear`.
* src/cff/cffgload.c (cff_slot_load): Do not zero outline fields.
* src/cid/cidgload.c (cid_slot_load_glyph: Ditto.
* src/pfr/pfrobjs.c (pfr_slot_load): Ditto.
* src/truetype/ttgload.c (load_sbit_image): Ditto.
* src/type1/t1gload.c (T1_Load_Glyph): Ditto.
When `sfnt->load_face` succeeds it has already loaded any (optional)
cmap data. As a result, a subsequent call to `sfnt->load_cmap` will
overwrite the cmap data pointer with a new copy of the data but not free
the old, leading to a leak.
This is a fix for "* src/cff/cffobjs.c (cff_face_init): Better handling
of Type0 fonts.". This still allows the cmap to be missing but avoids
the leak by only calling `sfnt->load_cmap` when there is no `head`
table (the font data is not being loaded as OpenType/CFF).
* src/cff/cffobjs.c (cff_face_init): Fix leak
Fixes: #1306
This issue relates to the PDF specification and its usage of CFF-based
embedded Type0 fonts. For Type0 fonts containing CID-keyed descendant
CFF-based fonts, the glyph index is the CID present in the content stream.
As a result, there is no requirement for a 'cmap' table to be present in the
font since the glyph indices are derived directly from the CIDs. FreeType
throws an error when it doesn’t find a 'cmap' table for such an Open Type
font containing CFF outlines. This commit relaxes this requirement for a
'cmap' table for such fonts.
Instead of validating variation axes in every access, OpenType specs
suggest that peak = 0 be used to tag invalid ranges. This implements
just that once during loading.
* src/cff/cffload.c (cff_blend_build_vector): Move the range checks...
(cff_vstore_load): ... here.
* src/truetype/ttgxvar.c (tt_var_get_item_delta): Ditto...
(tt_var_load_item_variation_store): ... ditto.
This should achieve quicker results for common cases.
* src/cff/cffload.c (cff_blend_build_vector): Rearrange conditionals.
* src/truetype/ttgxvar.c (tt_var_get_item_delta): Ditto.
For default variable instances `cff_face_init` did not set the blend. This
mostly worked as later use of the unset blend produced the default
variation. However, if a user called `TT_Get_MM_Var` the blend would be
partially set up, but not fully. In particular the number of axes, the axis
definitions, and the instance locations would be set up, but not the current
instance location (`coords` and `normalizedcoords`). This could lead to the
default instances of CFF2 fonts erroring on any use of `blend`.
Ensure the default variable instance is fully set up by always calling
`FT_Set_Named_Instance` on a variable face.
* src/cff/cffobjs.c (cff_face_init): Call `FT_Set_Named_Instance` on
default instances.
* src/truetype/ttobjs.c (tt_face_init): Ditto.
Fixes#1268.
This is a follow-up to commit 26a7f047,
[cff] Make blend operator work with floats in private dicts.
which addressed the 'party baseline' bug. However, the reporting user
indicated that the default location and some other points in design space
rendered OK, but other points in design space still had problems. The most
obvious issue being that the x-heights of lower-case letters did not align;
see
https://github.com/adobe-fonts/source-serif/issues/121#issuecomment-1773794136
After some analysis we determined that this was due to an interaction
between `BlueValue` rounding and the zone-based algorithm. In short, for a
point to be considered in a zone it must fall within the bounds of the zone.
(There is a slop factor in some cases, but only a very small one.) In the
Adobe-contributed side of the code, point values are not integer-rounded,
instead they're kept as (some form of) fixed. Rounding just the `BlueValues`
means that points that need to be considered within a zone will fall outside
of it at some points in design space.
The majority of this patch changes the storage and parsing of `BlueValues`
to keep them as `FT_Fixed`. No significant code changes were needed because
the values are converted to `Fixed` anyway when stored in `CF_BlueRec`. No
attempt was made to address problems in the older pshinter code beyond
converting the values from `FT_Fixed` to `FT_Short` when copying the private
dictionary. (However, as the point values are also rounded in that code,
the problem is much less likely to occur, although inconsistency between
rounding and truncation could cause an analogous problem.)
* include/freetype/internal/cfftypes.h (CFF_PrivateRec): Use `FT_Fixed` for
`blue_values`, `other_blues`, `family_blues`, and `family_other_blues`.
* src/cff/cffload.c (cff_blend_doBlend): Updated.
* src/cff/cffobjs.c (CFF_fixedToInt): New macro.
(cff_make_private_dict): Use it.
* src/cff/cffparse.h (cff_kind_delta_fixed): New enum value.
* src/cff/cffparse.c (do_fixed): Updated.
(CFF_FIELD_DELTA, CFF_FIELD_DELTA_FIXED, CFF_DELTA_KIND): New set of macros,
replacing `CFF_FIELD_DELTA`.
(cff_parser_run): Updated to handle fixed-float deltas.
* src/cff/cfftoken.h: Updated to use `CFF_FIELD_DELTA_FIXED` for blue
values.
* src/psaux/psblues.c (cf2_blueToFixed): Removed, no longer needed.
(cf2_blues_init): Updated.
* src/pxaux/psft.c, src/pxaux/psft.h (cf2_getBlueValues, cf2_getOtherBlues,
cf2_getFamilyBlues, cf2_getFamilyOtherBlues): Updated signatures.
* src/psaux/psobjs.c (t1_make_subfont): Updated.
* src/cff/cffobjs.c (remove_style): Rewrite using pointers.
(remove_subset_prefix): Unwrap loop and use `memmove`.
* src/truetype/ttobjs.c (tt_skip_pdffont_random_tag): Unwrap loop
and avoid `strlen`.
The CFF2 blend operator takes N default values and corresponding
sets of deltas and pushes N values specific to a designspace
location. CFF has a floating point numeric type and the FreeType
blending code was not converting those into its internal 16.16
Fixed type format.
Fixes#1243.
* src/cff/cffparse.c (do_fixed): Handle floating point numbers.
Also fix scaling overflow check for integer-to-fixed conversion.
* src/cff/cffload.c (cff_blend_doBlend): Updated.
In C it is undefined behavior to call a function through a function pointer
of a different type. This is now detected by the Control Flow Integrity
Sanitizer. All known issues have already been fixed. Prevent any
accidental re-introduction by removing function pointer casts when defining
services. The services will call the service functions through the function
pointers on the service. As a result the functions must have the same type
so there should be no need to cast. Removing the casts allows compilers to
warn about assignment to an incompatible function pointer type.
Modern color fonts often contain both an 'SVG' and 'COLR' table. FreeType
always preferred 'SVG' over 'COLR' (this was a design decision), however,
this might not be the right choice for the user. The new flags makes
FreeType ignore the 'SVG' table while loading a glyph.
Fixes#1229.
* include/freetype/freetype.h (FT_LOAD_NO_SVG): New macro.
* src/base/ftobjs.c (FT_Load_Glyph), src/cff/cffgload.c (cff_slot_load),
src/truetype/ttgload.c (TT_Load_Glyph): Use it.
Ensure that all driver functions use the signature of the service or driver.
This avoids pointer mismatches, which are technically undefined behaviour.
Recent compilers are more picky in catching them as part of Control Flow
Integrity tests.
A variation font's PostScript name of a named instance is usually different
from the PostScript name of an unnamed instance. However, if a change
between a named instance and an unnamed instance with exactly the same
design axis values happened, it was possible that the PostScript name wasn't
correctly updated.
This commit reorganizes the code to handle this issue within the top-level
API functions, using a new service to trigger recomputation of the
PostScript name.
* include/freetype/internal/services/svmm.h (FT_Construct_PS_Name_Func): New
typedef.
(FT_Service_MultiMasters): New field `construct_ps_name`.
(FT_DEFINE_SERVICE_MULTIMASTERSREC): Updated.
* src/base/ftmm.c (FT_Set_Var_Design_Coordinates,
FT_Set_MM_Blend_Coordinates, FT_Set_Var_Blend_Coordinates): Call
`mm->construct_ps_name` to handle `postscript_name`.
(FT_Set_Named_Instance): Call `mm->construct_ps_name` to handle
`postscript_name`.
Use shortcut.
* src/cff/cffdrivr.c (cff_construct_ps_name): New function.
(cff_service_multi_masters): Updated.
* src/truetype/ttgxvar.c (tt_set_mm_blend): Don't handle `postscript_name`.
(TT_Set_MM_Blend): Simplify.
(TT_Set_Named_Instance): Return -1 if axis values haven't changed.
Don't set `face_index`.
(tt_construct_ps_name): New function.
* src/truetype/ttgxvar.h: Updated.
* src/truetype/ttdriver.c (tt_service_gx_multi_masters): Updated.
* src/type1/t1driver.c (t1_service_multi_masters): Updated.
* src/type1/t1load.c (T1_Set_MM_Blend): Simplify.
According to the documentation, the functions `FT_Set_Named_Instance`,
`FT_Set_MM_Design_Coordinates`, `FT_Set_Var_Design_Coordinates`, and
`FT_Set_Var_Blend_Coordinates` can unset the `FT_FACE_FLAG_VARIATION` flag.
(The same is true for `FT_Set_MM_WeightVector` but this information was
accidentally omitted from the documentation.)
However, if a call of these functions didn't change the axis values this
could fail because internal shortcuts exited too early.
This commit reorganizes the code to handle `FT_FACE_FLAG_VARIATION` in the
top-level API functions, also taking care of the issue at hand.
* src/base/ftmm.c (FT_Set_MM_Design_Coordinates, FT_Set_MM_WeightVector,
FT_Set_Var_Design_Coordinates, FT_Set_MM_Blend_Coordinates,
FT_Set_Var_Blend_Coordinates): Handle `FT_FACE_FLAG_VARIATION`.
* src/truetype/ttgxvar.c (TT_Set_MM_Blend, TT_Set_Var_Design,
TT_Set_Named_Instance) Don't handle `FT_FACE_FLAG_VARIATION`.
* src/type1/t1load.c (T1_Set_MM_Blend, T1_Set_MM_WeightVector,
T1_Set_MM_Design): Ditto.
* src/cff/cffobjs.c (cff_face_init): Use `FT_Set_Named_Instance` instead of
low-level functions.
* src/truetype/ttobjs.c (tt_face_init): Ditto.
The situation can happen if `FT_New_Face` (or one of its siblings) is called
with a negative index to get the number of contained faces, followed
immediately by a call to `FT_Get_Postscript_Name`. While this is not a valid
use of the FreeType library there is no need for a crash.
Fixes#1219.
This is a generalization of commit
```
commit e6699596af
Author: Werner Lemberg <wl@gnu.org>
Date: Thu Feb 2 11:38:04 2017 +0100
[truetype] Fix MVAR post-action handling.
```
It is also possible for plain `CFF ` style fonts to contain an `fvar` and
`MVAR` table and use `cff_metrics_adjust`. `tt_size_reset` should only be
called with `TT_Size` and never with `CFF_Size`.
Allow the "metrics-variations" service to specify the correct function (if
any) to reset `FT_Size`s after adjusting metrics.
* src/truetype/ttobjs.c (tt_size_reset): Split off some functionality
into...
(tt_size_reset_height): ... this new function.
* src/truetype/ttdriver.c (tt_service_metrics_variations): Add
`size_reset`.
(tt_size_select, tt_size_request): Updated.
* src/truetype/ttobjs.h: Updated.
* include/freetype/internal/services/svmetric.h (MetricsVariations): Add
`size_reset`.
(FT_DEFINE_SERVICE_METRICSVARIATIONSREC): Updated.
* include/freetype/internal/tttypes.h (TT_FaceRec_): Rename `var` to
`tt_var` and add `face_var`.
* src/cff/cffdrivr.c (cff_service_metrics_variations): Add `size_reset`.
(cff_hadvance_adjust, cff_metrics_adjust): Updated.
* src/cff/cffobjs.c (cff_face_init): Use `face_var`.
* src/sfnt/sfobjs.c (sfnt_init_face): Initialize `face_var`.
* src/sfnt/ttmtx.c (tt_face_get_metrics): Use `tt_var`.
* src/truetype/ttgxvar.c (tt_size_reset_iterator): Renamed to...
(ft_size_reset_iterator): ... this new function.
Call `size_reset`.
(tt_apply_mvar): Pass `size_reset` to `ft_size_reset_iterator`.
Fixes#1211
This is mostly cosmetic because FT_UInt and FT_UInt32 are likely identical.
* src/sfnt/ttcmap.c, src/cff/cffcmap.c, src/psaux/t1cmap.c,
src/psnames/psmodule.c, include/freetype/internal/service/svpcsmap.h,
src/pfr/pfrcmap.c, src/winfonts/winfnt.c (*_char_next): return FT_UInt.
* src/cff/cffparse.c (cff_parser_run): Allocate the charstring buffers
and the list nodes together so that they can be freed at once.
(finalize_t2_strings): Removed as no longer needed.
(cff_parser_done): Updated.
The old stream limit checks, before 6986ddac1e, were good but
pointless for the crafted t2_strings. Checking limits there is
not necessary as they are created to hold all data. By using two
conditions, we can detect the actual crossing of the stream boundary
as appropriate for the stream pointer only. The t2_strings parsing
will not be triggering these checks.
* src/cff/cffparse.c (cff_parser_within_limits): Removed.
(cff_parse_real, cff_parse_integer): Redesign the stream limit check.
(cff_parse_num, do fixed, cff_parse_fixed_dynamic): Update callers.
* src/cff/cffparse.c (finalize_t2_strings): Fix NULL-dereferencing
in the out-of-memory situation, use `FT_FREE`.
(cff_parser_run): Use FreeType memory allocation macros and avoid
uninitialized pointers.
