==========================
Tag sources with `VER-2-13-3'.
* docs/VERSION.TXT: Add entry for version 2.13.3.
* docs/CHANGES: Updated.
* docs/release, docs/README, builds/macs/README: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.13.2/2.13.3/, s/2132/2133/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 3.
* builds/unix/configure.raw (version_info): Set to 26:2:20.
* CMakeLists.txt (VERSION_PATCH): Set to 3.
With ample checks against the table size, we should be able to use
macros without the limit checks and functional calls.
* src/truetype/ttgxvar.c (ft_var_readpacked{points,deltas}):
Use FT_NEXT_* instead of FT_GET_*.
This change comes along with 2a7bb4596f ans is only meant to reduce
pointer casting in the code.
* include/freetype/ftimage.h (FT_Outline): Do it.
* src/*: Update `FT_Outline` users.
In C it is undefined behavior to do arithmetic on a null pointer, including
adding zero. When using NotoSansKhmer[wdth,wght].ttf UBSAN produces a report
like
ttgxvar.c:1052:31: runtime error: applying zero offset to null pointer
when adding zero to `varData->deltaSet` (which is null) to produce `bytes`.
Protect against all the potential issues of this kind by returning early if
`varData->regionIdxCount == 0`.
* src/truetype/ttgxvar.c (tt_var_get_item_delta): early return on no regions
This doubles the number or allowed points, see
https://github.com/harfbuzz/harfbuzz/issues/4752
Although it is hardly practical to use more than 32767 points,
other font engines seem to support it.
* docs/CHANGES: Announce it.
* include/freetype/ftimage.h (FT_Outline): Do it and update limits.
* src/*: Update `FT_Outline` users.
Instead of validating variation axes in every access, OpenType specs
suggest that peak = 0 be used to tag invalid ranges. This implements
just that once during loading.
* src/cff/cffload.c (cff_blend_build_vector): Move the range checks...
(cff_vstore_load): ... here.
* src/truetype/ttgxvar.c (tt_var_get_item_delta): Ditto...
(tt_var_load_item_variation_store): ... ditto.
This should achieve quicker results for common cases.
* src/cff/cffload.c (cff_blend_build_vector): Rearrange conditionals.
* src/truetype/ttgxvar.c (tt_var_get_item_delta): Ditto.
In 32 bit builds `FT_ULong` is 32 bits and can silently overflow when a
large number is read into one and then it is summed or multiplied with
another number. Checks for range overflow must be written so that they
themselves do not overflow. Also ensure that the table_size is always the
first part of the range check and consistently use `<` or `<=`.
* src/sfnt/ttcolr.c (tt_face_load_colr): Avoid overflow.
(find_base_glyph_v1_record): Remove old work-around.
Bug: https://issues.chromium.org/issues/41495455
Bug: https://issues.chromium.org/issues/40945818
FT_SqrtFixed (95b0fe2a6d) is faster and does not overflow.
* src/sdf/ftsdfcommin.h (square_root): Replace with a macro.
* src/sdf/ftsdfcommin.c (square_root): Remove function.
The upper limit of 4095 is implied by the SFNT header format
where the multiplication by 16 would overflow without it.
* src/sfnt/sfwoff.c (woff_open_font): Updated.
* src/sfnt/sfwoff2.c (woff2_open_font): Ditto.
The existing code already disallows zero table woff2 overall, but still
allows for individual CollectionFontEntry to create font instances with
zero tables. Such fonts are not useful so error early.
This also fixes an MSAN discovered issue where if a CollectionFontEntry
numTables is zero then the sfnt_header was not fully initialized.
* src/sfnt/sfwoff2.c (woff2_open_font): error on zero tables, always
initalize sfnt_header
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68384
