Though the spec said FeatureRecords are sorted alphabetically by feature
tag, there're font files with unsorted FeatureList. And harfbuzz is not
able to subset these files correctly because we use binary search in
finding featureRecords when collecting lookups. Also
find_duplicate_features needs to be updated to handle this.
ArrayOf.serialize_append allocates space for the new item, but ArrayOf.pop() does not recover the allocated space. So in the case where the revert path was entered the extra space added by serialize_append gets left in the serialization buffer. This moves the snapshot to before ArrayOf.serialize_append is called so that revert cleans up the buffer extend.
previously remove_redundant_sys () is missing in harfbuzz, after
redundant langsys removal, some features are removed as well in
prune_features() in fonttools. This change is trying to get the same
result between harfbuzz and fonttools.
optimize recurse_lookups in Context/ChainContext
glyph closure, only the glyphs that the parent lookup
can apply the recursion to can participate in recursing
the lookup.
Previous GSUB glyph closure is done by recursively visiting
all reachable lookup tables that apply to any glyphs in the
current/input glyph set, but actually only the glyphs that
the parent lookup can apply the recursion to can participate
in recursing the lookup. This is step 1 for glyph closure
optimization:
1. Add stack of currently active glyph set pointers into hb_closure_context_t
2. Update closure() method in simple GSUB tables to use
this stack in order not to change current glyph set at different stages
of recursion
3. Add function may_have_non_1to1() to GSUB tables
- Lookup::closure_lookups also checks if the lookups visited and sets the lookup to visited. If we set visited in 'recurse' then Lookup::closure_lookups will fail to recurse into the children of the lookup.
- Also when copying ChainRule's skip LookupRecord's that point to lookups which aren't retained. This matches FontTool's behaviour.
If the table is kept, when the table is present but only the accelerator
allocation failed, then we run into nullptr dereferences downstream in
hb_ot_map_t::apply when trying to access proxy.accels[i].
To fix this, instead of only setting lookup_count of accelerator_t
itself, drop the whole table to avoid hb-ot-map construction assuming
that the lookups will work correctly despite accelerator allocation
having failed.
Fixes:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24490https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24490
This matches fontTools behaviour. glyphset_gsub does not contain gids added from closing over composite glyphs in glyf, since these cannot particpate in GSUB/GPOS processing.
The backtrack, input, and lookahead sequence must be matched in their entirety so these sequences should not be subset. If any of the coverage tables in a sequence subsets to empty then the whole subtable should be dropped since it's not possible for this lookup to be activated.
First time we do this in a way that if target object doesn't have the matching
function we basically "ignore". Risky but I feel like is the right decision
for this case.
I'm going to put back the template varargs and use those, which would make
the dispatcher be just that: "dispatcher", and wouldn't need to carry the
call context. That would be a refreshing change I think.
In file included from hb-ot-face.cc:34:
In file included from ./hb-ot-kern-table.hh:30:
In file included from ./hb-aat-layout-kerx-table.hh:31:
In file included from ./hb-kern.hh:32:
In file included from ./hb-ot-layout-gpos-table.hh:32:
./hb-ot-layout-gsubgpos.hh:1878:63: error: loop variable '_' binds to a temporary value produced by a range of type 'decltype((hb_forward<hb_filter_iter_factory_t<hb_map_t &, const (anonymous struct at ./hb-algs.hh:331:1) &>>(rhs)(hb_forward<hb_zip_iter_t<hb_iota_iter_t<unsigned int, unsigned int>, hb_array_t<const OT::OffsetTo<OT::RuleSet, OT::IntType<unsigned short, 2>, true>>>>(lhs))))' (aka 'hb_filter_iter_t<hb_zip_iter_t<hb_iota_iter_t<unsigned int, unsigned int>, hb_array_t<const OT::OffsetTo<OT::RuleSet, OT::IntType<unsigned short, 2>, true>>>, hb_map_t &, const (anonymous struct at ./hb-algs.hh:331:1) &>') [-Werror,-Wrange-loop-bind-reference]
for (const hb_pair_t<unsigned, const OffsetTo<RuleSet>&>& _ : + hb_enumerate (ruleSet)
^
./hb-ot-layout-gsubgpos.hh:1878:10: note: use non-reference type 'hb_pair_t<unsigned int, const OffsetTo<OT::RuleSet> &>'
for (const hb_pair_t<unsigned, const OffsetTo<RuleSet>&>& _ : + hb_enumerate (ruleSet)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hb_shape_plan_key_t::equal expects hb_ot_shape_plan_key_t be initialized by
hb_ot_layout_table_find_feature_variations calls but it won't get initialized
when HB_NO_VAR build config is used.
Related to https://github.com/harfbuzz/harfbuzz/issues/2280
Qunxin Liu
Behdad Esfahbod
Garret Rieger
Dominik Röttsches
Ebrahim Byagowi