Skip to content

Fix pedantic TrueType interpreter behaviour for out-of-bounds CVT and storage access #496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JimBobSquarePants merged 4 commits into from
Jan 24, 2026
Merged

Fix pedantic TrueType interpreter behaviour for out-of-bounds CVT and storage access #496

JimBobSquarePants merged 4 commits into from
Jan 24, 2026

Conversation

@JimBobSquarePants
Copy link
Member

@JimBobSquarePants JimBobSquarePants commented Jan 23, 2026
edited
Loading

Prerequisites

  • I have written a descriptive pull-request title
  • I have verified that there are no overlapping pull-requests open
  • I have verified that I am following matches the existing coding patterns and practice as demonstrated in the repository. These follow strict Stylecop rules 👮.
  • I have provided test coverage for my change (where applicable)

Description

Fixes #493

This pull request introduces significant improvements to the TrueType font hinting system, focusing on enhancing robustness, error handling, and font-specific compatibility. The main changes include making the interpreter more resilient to malformed instructions, introducing font-specific hinting overrides, and updating test reference images to reflect these improvements.

Robustness and Error Handling Improvements

  • Refactored the hinting process to use a new TryHintGlyph method that returns a boolean indicating success or failure, ensuring that glyph outlines remain unmodified if hinting fails due to malformed instructions or disabled grid fitting. The interpreter now resets its state and avoids leaking changes between glyphs on errors. (GlyphVector.cs, TrueTypeInterpreter.cs) [1] [2] [3]
  • The interpreter now resets the control value table (CVT), storage, and twilight zone for each glyph, closely following FreeType's behavior and preventing state leaks between glyphs. (TrueTypeInterpreter.cs) [1] [2]

Font-Specific Hinting Compatibility

  • Added a new compatibility list in TrueTypeGlyphMetrics.CompatibilityLists.cs that enforces or disables hinting for specific font families based on known rendering issues, using logic derived from FreeType and community reports. The rendering pipeline now checks these lists to determine the effective hinting mode for each font. (TrueTypeGlyphMetrics.CompatibilityLists.cs, TrueTypeGlyphMetrics.cs) [1] [2] [3]

Hinting Logic and Interpreter Behavior

  • Updated hinting logic to ignore x-axis instructions and only apply y-axis movements, matching FreeType Interpreter V40 for better compatibility and to prevent rendering artifacts in legacy fonts. (TrueTypeInterpreter.cs) [1] [2] [3] [4]
  • Improved interpreter initialization and state management, including more precise handling of the control value table, storage, and debug state. (TrueTypeInterpreter.cs) [1] [2] [3] [4] [5]

Test and Reference Output Updates

  • Updated and added reference images for hinting robustness and specific font issues, reflecting the improved rendering and error handling. (Test_Hinting_Robustness_-Arial-.png, Test_Hinting_Robustness_-OpenSansFile-.png, Test_Hinting_Robustness_-Tahoma-.png, Test_Issue_493_MgOpenCanonic-.png, Test_Issue_493_Ogham-.png) [1] [2] [3] [4] [5]

Copilot AI reviewed Jan 23, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the TrueType interpreter against out-of-bounds CVT/storage accesses and adds regression coverage (fonts + golden images) for the Runic, Ogham, and MgOpenCanonic cases that previously triggered exceptions (issue #493).

Changes:

  • Replaced direct array accesses in TrueTypeInterpreter with unsigned-bounds-checked reads/writes for storage and CVT, returning 0 or skipping writes when out of range, and removed the CheckIndex helper.
  • Updated initialization style (collection expressions, explicit types) in TrueTypeInterpreter and Zone.
  • Added test font paths and new issue-regression tests for Ogham, Runic, and MgOpenCanonic, along with embedded TrueType font files and reference output PNGs.

Reviewed changes

Copilot reviewed 6 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/SixLabors.Fonts/Tables/TrueType/Hinting/TrueTypeInterpreter.cs Adds safe index handling for storage and CVT ops, updates CVT delta handling, and slightly modernizes local declarations.
tests/SixLabors.Fonts.Tests/TestFonts.cs Exposes new test font paths for Noto Sans Ogham, Noto Sans Runic, and MgOpenCanonic.
tests/SixLabors.Fonts.Tests/Issues/Issues_493.cs Introduces regression tests for issue #493 covering Ogham, Runic, and a MgOpenCanonic scenario (with a font selection bug noted below).
tests/SixLabors.Fonts.Tests/Fonts/NotoSansOgham-Regular.ttf Adds Ogham test font used by the new regression test.
tests/SixLabors.Fonts.Tests/Fonts/NotoSansRunic-Regular.ttf Adds Runic test font used by the new regression test.
tests/Images/ReferenceOutput/Test_Issue_493_Ogham-.png Baseline reference rendering for the Ogham issue test.
tests/Images/ReferenceOutput/Test_Issue_493_Runic-.png Baseline reference rendering for the Runic issue test.
tests/Images/ReferenceOutput/Test_Issue_493_MgOpenCanonic-.png Baseline reference rendering intended for the MgOpenCanonic issue test.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JimBobSquarePants JimBobSquarePants changed the title Fix non-pedantic TrueType interpreter behaviour for out-of-bounds CVT and storage access Fix pedantic TrueType interpreter behaviour for out-of-bounds CVT and storage access Jan 24, 2026
Copilot AI reviewed Jan 24, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 15 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@JimBobSquarePants JimBobSquarePants merged commit 9a33f1d into main Jan 24, 2026
9 checks passed
@JimBobSquarePants JimBobSquarePants deleted the js/fix-493 branch January 24, 2026 05:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

bug hinting

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Exception when using enabling HintingMode with Runic / Ogham font

2 participants

@JimBobSquarePants