In a Multiple Master font, the Blend dictionary must contain valid
Private, FontInfo, and FontBBox. The current code will error if any of
these are present and invalid, but will not error and will provide
uninitialized data if the Blend dictionary exists but does not contain
one of these entries. This change reverts to the older behavior of
treating any missing entries as containing all zero data and not
returning an error.
In the future it may be best to keep track of when these are actually
initialized and error if they are not.
* src/type1/t1load.c (t1_allocate_blend): Zero initiailize.
We continue to build static libraries with statically linked C run-
time and add options to optimize references.
* builds/windows/vc2010/freetype.vcxproj: Sort entries, add options.
Previously the `blend->weight_vector`, `blend->default_weight_vector`,
and `blend->design_pos` were set early to allocated but uninitialized
memory under the assumption that the memory would eventually be
initialized. However, it is possible that some of the required
keywords may not actually be present, leaving the memory uninitialized.
This is different from a present but invalid table, which would produce
an error.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261762
* src/type1/t1load.c (t1_allocate_blend): Remove early allocation and
initialization.
(parse_blend_design_positions, parse_weight_vector): Parse into local
and assign to blend if valid.
(T1_Open_Face): Check that if a blend exists that it has the weight
vector and design positions.
The vstore->regionCount and vstore->dataCount were read directly
from the data. However, vstore->varRegionList and vstore->varData
would still contain uninitialized entries with uninitialized
pointers in the event of an error, leading to issues when attempting
to clean up.
Reportd as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40104
* src/cff/cffload.c (cff_vstore_load): Read the region and data counts
into locals and update the vstore counts immediately after each entry
becomes free-able.
Previously, the gasp.numRanges was set and gasp.gaspRanges was
allocated and assigned before a possible early exit if the frame could
not be entered. It is also possible that the gaspRanges allocation
could fail but the numRanges still be set to non-zero. In such cases
an error would be returned, but the face would have a gasp in an
inconsistent state which may still be accessed.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261450
* src/sfnt/ttload.c (tt_face_load_gasp): Delay setting gasp.numRanges
and gasp.gaspRanges until after the ranges are initialized.
Previously, the table->names and table->langTags fields were created
pointing to uninitialized memory and an early exit could happen if the
frame could not be entered. The caller would then be unable to properly
dispose of the memory as the string fields had not been initialized.
Reported as
https://bugs.chromium.org/p/chromium/issues/detail?id=1261343
* src/sfnt/ttload.c (tt_face_load_name): delay setting table->langTags
and table->names until after the memory they will point to is fully
initialized.
This is mainly for better diagnostics of malformed fonts.
* src/bdf/bdflib.c (_bfd_readstream): Stop font format testing if the first
input line is too long or doesn't end with `\r` or `\n`.
* src/cid/cidparse.c (cid_parser_new): Don't handle too short input as an
error but as an unknown format.
* src/pfr/pfrobjs.c (pfr_face_init): Ditto.
* src/winfonts/winfnt.c (fnt_font_load, fnt_face_get_dll_font): Ditto.
Fallout reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40027
* src/bdf/bdflib.c (_bdf_add_property): Cosmetic NULL.
(bdf_create_property): Limit allocations to customary signed
FT_Long and NULL-initialize unused storage.
(bdf_free_font): Do not free unused storage.
FT_QNEW_ARRAY and FT_QRENEW_ARRAY were using the non-Q
FT_MEM_NEW_ARRAY and FT_MEM_RENEW_ARRAY. Change these to use the Q
versions. Also fix the one issue discovered in tt_face_load_name
where table->names is created with FT_QNEW_ARRAY but the extra
string member is not initialized to NULL.
* include/freetype/internal/ftmemory.h (FT_Q(RE)NEW_ARRAY):
Use FT_MEM_Q(RE)NEW_ARRAY as needed.
* src/sfnt/ttload.c (tt_face_load_name): Initialize `entry->string`.
When a different hinting mode from the current is selected, the `prep` table
must be re-executed with the new mode. After this happens the context must
be re-loaded in preparation for the glyph program to be run.
Fixes#1104.
* truetype/ttgload.c (tt_loader_init): Add call to `TT_Load_Context`.
These two are not equal when FreeType is used as a subproject, such as in
`freetype-demos`. In that case, `source_root` points at the root project,
causing the docs build to fail.
* builds/unix/ftsystem.c (FT_Stream_Open): Check for MAP_FAILED.
* builds/vms/ftsystem.c (FT_Stream_Open): Ditto.
This should cover https://savannah.nongnu.org/patch/?5909 as well.
`autogen.sh` fails if building from a standard source tarball. Firstly, git
expects to be called in a git repository, then `copy_submodule_files`
blindly attempts to copy files.
Debian, Ubuntu, Linux Mint, and other derivatives all run `autogen.sh`
before compiling to regenerate build files.
This patch ensures that various git commands are only called and 'dlg' files
are only copied if `autogen.sh` is called from a git repository.
It is easier to check directions using flags than integer values.
* src/pshinter/pshalgo.h (PSH_Dir): Redefine directions.
(PSH_PointRec): Use them as an enum type.
* src/pshinter/pshalgo.c (psh_compute_dir): Modify return type.
(psh_glyph_init, psh_hint_table_find_strong_points,
psh_glyph_find_blue_points): Update users.
* builds/unix/ftconfig.h.in [FT_USE_AUTOCONF_SIZEOF_TYPES]: Removed.
* builds/unix/configure.raw: Remove AC_CHECK_SIZEOF and update.
After this commit, autoconf builds will fully rely on <limits.h>
rather than falling back on it if AC_CHECK_SIZEOF failed for some
reason. There is a risk that misconfigured cross-compilation might
have wrong headers. Note that Meson and CMake builds always relied on
<limits.h> for sizes and availability of integer types.
Signed 24-bit values are extremely rare. FreeType only reads them in
PFR fonts with bitmap strikes conditionally. They have not been seen
in the known fonts. That is why this bug could never be discovered.
`FT_FRAME_OFF3` propagates sign correctly.
* include/freetype/internal/ftstream.h (FT_PEEK_OFF3, FT_PEEK_OFF3_LE):
Propagate sign into 32-bit value.
(FT_GET_OFF3, FT_READ_OFF3): Needed fixing but removed as unused.
BDF comments are neither actually collected nor retrieved. There is
no need to be fancy with delimiters.
* src/bdf/bdflib.c (_add_bdf_comment): Delimit comments with zeros...
(bdf_load_font): ...and do not null-terminate comments additionally.
(_bdf_parse_glyphs): Check if comments are kept, which they are not.
(_bdf_parse_start): Minor clean up.
