fixes https://crbug.com/oss-fuzz/19956
am not super happy with the fix, guess we should do some check
before the memcpy anyway as @blueshade7 thinks also,
so let's have it or revert it when we have a better approach for the case.
Instead of trying to map OpenType features to AAT feature selectors
which only works for a small subset of OpenType features, use the
simpler kCTFontOpenTypeFeatureTag with OpenType feature tags directly.
With this change, features like cvXX can be enabled in coretext shaper,
while they were previously ignored due to missing mapping.
This seems to work even with AAT fonts that don’t have OpenType layout
tables, which suggests that CoreText is doing the mapping itself in this
case.
kCTFontOpenTypeFeatureTag seems to have been introduced in macOS 10.10
and iOS 8.0, though, so its use is conditional on version check for now.
Not sure how to check iOS version, so I left this out.
`0xC2A0` was used, for some reasons. It's not really a problem, but Qt Creator
constatly trying to replace them with regular spaces, so I have to edit those
files separately.
I had copied the old scheme from fontconfig's fccharset.c. I just
convinced myself that this change is correct and produces exact
same results. But I also am skeptical. Anyone else feel like
convincing themselves as well please?
We want to process all pairs of arguments except the last 6 as lines, so
should have been subtracting 6 here, otherwise if the number of
arguments happens to be multiples of 6 they will be all treated as
curves.
See https://github.com/harfbuzz/harfbuzz/pull/2016#issuecomment-554640098
Since we won't be applying GPOS if morx...
To be adjusted as I receive more information from Ned. But for now
fixes this:
$ ./hb-shape GillSans.ttc Ty
[T=0+1109|y=1@-128,0+769]
Fixes https://github.com/harfbuzz/harfbuzz/issues/1982 for now.
Profling showed that the current implementation were accounting for nearly all processing time in some cases. These implementations look to be about 10x faster.
This documents hb_feature_t. This is motivated mostly by the ambiguity
of the units for 'start' and 'end' (clusters) and whether they are
inclusive or exclusive. This also documents that for lookup type 3 the
value is the one based index into the alternates and that in a list of
features later feature values override previous feature values with the
same tag.
./hb-ot-layout-gpos-table.hh:674:43: error: loop variable '_' is always a copy because the range of type 'hb_zip_iter_t<hb_iter_type<hb_array_t<const OT::IntType<unsigned short, 2> > &>, hb_iter_type<hb_array_t<const OT::IntType<unsigned short, 2> > &> >' (aka 'hb_zip_iter_t<hb_array_t<const OT::IntType<unsigned short, 2> >, hb_array_t<const OT::IntType<unsigned short, 2> > >') does not return a reference [-Werror,-Wrange-loop-analysis]
for (const hb_pair_t<Value, Value>& _ : hb_zip (val_iter, first_val_iter))
^
./hb-ot-layout-gpos-table.hh:674:12: note: use non-reference type 'hb_pair_t<OT::Value, OT::Value>' (aka 'hb_pair_t<IntType<unsigned short, 2>, IntType<unsigned short, 2> >')
for (const hb_pair_t<Value, Value>& _ : hb_zip (val_iter, first_val_iter))
and
In file included from hb-subset.cc:44:
./hb-ot-vorg-table.hh:87:34: error: loop variable '_' is always a copy because the range of type 'hb_map_iter_t<hb_filter_iter_t<hb_sorted_array_t<const OT::VertOriginMetric>, const hb_set_t *, OT::HBGlyphID OT::VertOriginMetric::*, nullptr>, (lambda at ./hb-ot-vorg-table.hh💯15), hb_function_sortedness_t::NOT_SORTED, nullptr>' does not return a reference [-Werror,-Wrange-loop-analysis]
for (const VertOriginMetric& _ : it)
^
./hb-ot-vorg-table.hh:113:17: note: in instantiation of function template specialization 'OT::VORG::serialize<hb_map_iter_t<hb_filter_iter_t<hb_sorted_array_t<const OT::VertOriginMetric>, const hb_set_t *, OT::HBGlyphID OT::VertOriginMetric::*, nullptr>, (lambda at ./hb-ot-vorg-table.hh💯15), hb_function_sortedness_t::NOT_SORTED, nullptr>, nullptr>' requested here
vorg_prime->serialize (c->serializer, it, defaultVertOriginY);
^
./hb-ot-vorg-table.hh:87:10: note: use non-reference type 'OT::VertOriginMetric'
for (const VertOriginMetric& _ : it)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes this -fno-sanitize-recover=undefined fail,
hb-ot-map.hh:188:1: runtime error: load of value 4294967294, which is not a valid value for type 'hb_ot_map_feature_flags_t'
#0 0x7f62bfa9b227 in operator&=(hb_ot_map_feature_flags_t&, hb_ot_map_feature_flags_t) /home/ebrahim/Desktop/harfbuzz/src/./hb-ot-map.hh:188:1
#1 0x7f62bfa9b227 in hb_ot_map_builder_t::compile(hb_ot_map_t&, hb_ot_shape_plan_key_t const&) /home/ebrahim/Desktop/harfbuzz/src/hb-ot-map.cc:194
#2 0x7f62bface650 in hb_ot_shape_planner_t::compile(hb_ot_shape_plan_t&, hb_ot_shape_plan_key_t const&) /home/ebrahim/Desktop/harfbuzz/src/hb-ot-shape.cc:108:7
#3 0x7f62bfacec1e in hb_ot_shape_plan_t::init0(hb_face_t*, hb_shape_plan_key_t const*) /home/ebrahim/Desktop/harfbuzz/src/hb-ot-shape.cc:225:11
#4 0x7f62bfae1318 in hb_shape_plan_create2 /home/ebrahim/Desktop/harfbuzz/src/hb-shape-plan.cc:232:7
#5 0x7f62bfae1d2a in hb_shape_plan_create_cached2 /home/ebrahim/Desktop/harfbuzz/src/hb-shape-plan.cc:489:33
#6 0x7f62bfae2527 in hb_shape_full /home/ebrahim/Desktop/harfbuzz/src/hb-shape.cc:135:33
#7 0x55ed360b6588 in shape_options_t::shape(hb_font_t*, hb_buffer_t*, char const**) /home/ebrahim/Desktop/harfbuzz/util/./options.hh:242:10
#8 0x55ed360b5d9c in shape_consumer_t<output_buffer_t>::consume_line(char const*, unsigned int, char const*, char const*) /home/ebrahim/Desktop/harfbuzz/util/./shape-consumer.hh:67:19
#9 0x55ed360b549f in main_font_text_t<shape_consumer_t<output_buffer_t>, 2147483647, 0>::main(int, char**) /home/ebrahim/Desktop/harfbuzz/util/./main-font-text.hh:81:16
#10 0x55ed360b4e23 in main /home/ebrahim/Desktop/harfbuzz/util/hb-shape.cc:189:17
#11 0x7f62bf104ee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
#12 0x55ed3608f7ad in _start (/home/ebrahim/Desktop/harfbuzz/util/.libs/lt-hb-shape+0xd7ad)
Fixes this -fno-sanitize-recover=undefined check,
hb-ft.cc:869:27: runtime error: left shift of negative value -16384
#0 0x7ff8f47da843 in hb_ft_font_set_funcs /home/ebrahim/Desktop/harfbuzz/src/hb-ft.cc:869:27
#1 0x55f20a66c7d6 in font_options_t::get_font() const /home/ebrahim/Desktop/harfbuzz/util/options.cc:731:3
#2 0x55f20a668c1f in shape_consumer_t<output_buffer_t>::init(hb_buffer_t*, font_options_t const*) /home/ebrahim/Desktop/harfbuzz/util/./shape-consumer.hh:47:42
#3 0x55f20a668441 in main_font_text_t<shape_consumer_t<output_buffer_t>, 2147483647, 0>::main(int, char**) /home/ebrahim/Desktop/harfbuzz/util/./main-font-text.hh:75:14
#4 0x55f20a667f91 in main /home/ebrahim/Desktop/harfbuzz/util/hb-shape.cc:180:21
#5 0x7ff8f3df7ee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
#6 0x55f20a6427ad in _start (/home/ebrahim/Desktop/harfbuzz/util/.libs/lt-hb-shape+0xd7ad)
Fixes this -fno-sanitize-recover=undefined fail,
/set/iter: hb-algs.hh:1016:60: runtime error: index 4294967295 out of bounds for type 'unsigned long long const[8]'
#0 0x4d1e09 in hb_vector_size_t<unsigned long long, 64u>::operator[](unsigned int) const /home/user/code/harfbuzz/src/./hb-algs.hh:1016:60
#1 0x4d8b5f in hb_set_t::page_t::previous(unsigned int*) const /home/user/code/harfbuzz/src/./hb-set.hh:139:53
#2 0x4d0ada in hb_set_t::previous(unsigned int*) const /home/user/code/harfbuzz/src/./hb-set.hh:602:36
#3 0x4cd76f in hb_set_previous /home/user/code/harfbuzz/src/hb-set.cc:494:15
#4 0x4ca8af in test_set_iter /home/user/code/harfbuzz/test/api/test-set.c:310:3
#5 0x7f3a4f3e0f49 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72f49)
#6 0x7f3a4f3e0e7a (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72e7a)
#7 0x7f3a4f3e1121 in g_test_run_suite (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73121)
#8 0x7f3a4f3e1140 in g_test_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73140)
#9 0x4c8894 in hb_test_run /home/user/code/harfbuzz/test/api/./hb-test.h:88:10
#10 0x4c8894 in main /home/user/code/harfbuzz/test/api/test-set.c:408:10
#11 0x7f3a4e3d2b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#12 0x41e7d9 in _start (/home/user/code/harfbuzz/test/api/test-set+0x41e7d9)
Fixes this -fno-sanitize-recover=undefined fail,
/types/language: hb-common.cc:385:20: runtime error: member access within null pointer of type 'const struct hb_language_impl_t'
#0 0x4caa34 in hb_language_to_string /home/user/code/harfbuzz/src/hb-common.cc:385:20
#1 0x4c9be8 in test_types_language /home/user/code/harfbuzz/test/api/test-common.c:205:3
#2 0x7f9557e72f49 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72f49)
#3 0x7f9557e72e7a (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72e7a)
#4 0x7f9557e73121 in g_test_run_suite (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73121)
#5 0x7f9557e73140 in g_test_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73140)
#6 0x4c88a3 in hb_test_run /home/user/code/harfbuzz/test/api/./hb-test.h:88:10
#7 0x4c88a3 in main /home/user/code/harfbuzz/test/api/test-common.c:224:10
#8 0x7f9556e64b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x41e7d9 in _start (/home/user/code/harfbuzz/test/api/test-common+0x41e7d9)
Fixes this -fno-sanitize-recover=undefined check,
/buffer/positions/empty: hb-buffer.cc:327:11: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:60:62: note: nonnull attribute specified here
#0 0x4cf31c in hb_buffer_t::clear_positions() /home/user/code/harfbuzz/src/hb-buffer.cc:327:3
#1 0x4d4dd4 in hb_buffer_get_glyph_positions /home/user/code/harfbuzz/src/hb-buffer.cc:1418:13
#2 0x4cb553 in test_buffer_positions /home/user/code/harfbuzz/test/api/test-buffer.c:305:3
#3 0x7f324187bf49 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72f49)
#4 0x7f324187be7a (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72e7a)
#5 0x7f324187be7a (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72e7a)
#6 0x7f324187c121 in g_test_run_suite (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73121)
#7 0x7f324187c140 in g_test_run (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x73140)
#8 0x4c8bd3 in hb_test_run /home/user/code/harfbuzz/test/api/./hb-test.h:88:10
#9 0x4c8bd3 in main /home/user/code/harfbuzz/test/api/test-buffer.c:884:10
#10 0x7f324086db96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x41e919 in _start (/home/user/code/harfbuzz/test/api/test-buffer+0x41e919)
This reverts commit 911c76abcd.
Broke tests. I'm not sure I understand why. At any rate, this was a
bad way to fix. I'll look into understanding as well as better fix.
A minimal power only for natural numbers exponents of ten, for portability.
Found the idea in Tcl/Tk but wrote it myself after weeks and it turned out
being a different implementation, reverse direction, constexpr, etc.
Takes n, and returns iterator of iterators that contain up to
n items each. Basically cuts the array into subarrays of size n.
The last sub-array might contain fewer.
Ideally this should become a generic iter tool, not array-specific,
so we can use it in GPOS to chop a value matrix into rows and elements.
By moving access to hb_static_size(Type) into a function instead of
a class-const, we can refer to iter types of incomplete types, which
come handy when a method of hb_array_t wants to return iterator
of hb_array_t. That kind of stuff. Next commit needs this to
build on clang...
https://crbug.com/oss-fuzz/16740
This is actually an interesting thing that {h,v}mtx allocates as
much as a font pretends to have glyphs but the solution is not
that obvious as regular fonts can have less than actually containing
metrics in their {h,v}mtx. This change raises the bar to consider this
hmtx 4 byte for every glyph case.
Initially we wanted to just find things allocating crazy amount of
memory but having the assert has led to interesting findings also
so let's don't remove the assert and see what we can find elsewhere.