As originally intended, a Type 1 SEAC charstring would be used for
an accented glyph (like `acaron' or `uumlaut'), where the advance
width of the SEAC glyph is the same as that of the `base' glyph
(like `a' or `u'). In this case it is not uncommon for the SEAC
glyph to not use an (H)SBW opcode of its own but to rely on the
value from the base glyph.
However, out-of-spec fonts also use SEAC glyphs for ligatures (like
`oe' or `fi'), and in those cases the overall advance width is
greater than that of the `base' glyph. For this reason we have to
allow that the SEAC glyph can have an (H)SBW value of its own, and
if it has, retain this value, rather than the one from the base
glyph.
* src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_escSEAC>:
Implement it.
* src/psaux/psintrp.c (cf2_interpT2CharString): The call to
`cf2_arrstack_setCount' may fail because the allocator ran out of
memory. When this happens the stack is still written to before the
error condition is checked. This means that FreeType writes outside
of allocated memory. This commit moves the error check prior to the
stack assignment, hence the function now properly returns with an
error condition.
All of the Type 1 path building is done with code common to the
revised CFF engine, with the exception of closepath, which was still
calling ps_builder_close_contour(), thus previously cached segments
were not always written to the path, and glyph corruption, or even
invalid outlines were possible.
* src/psauc/psinterp.c (cf2_interpT2CharString) <cf2_cmdCLOSEPATH>:
Switch to calling `cf2_glyphpath_closeOpenPath'.
Before this commit we had code like
(FT_Bool)( globals->glyph_styles[gindex] & 0x8000)
Since `FT_Bool' is defined to be an `unsigned char', the code
evaluated to something like
(unsigned char)( 0x8532 & 0x8000)
which in turn expanded to
(unsigned char)( 0x8000)
and finally yielded 0x00 – i.e., false – not as expected.
Problem reported and analyzed by Tony Smith <tony.smith@macro4.com>.
* include/freetype/fttypes.h (FT_BOOL): Add a comparison against
zero so that we always have a Boolean expression.
*/*: Replace castings to `FT_Bool' with calls to `FT_BOOL' where
possible.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10080
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings) <cff_op_roll>
[CFF_CONFIG_OPTION_OLD_ENGINE]: Use modulo for loop count, as
documented in the specification.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9864
* src/psaux/cffdecode.c (cff_decoder_parse_charstrings)
<cff_op_random> [CFF_CONFIG_OPTION_OLD_ENGINE]: Use top dict's
`random' field directly if parsing dictionaries.
This monster commit was created by applying Nikhil's scripts
`docconverter.py' and `markify.py' to all C header and source files,
followed up by minor manual clean-up.
No change in functionality, of course.
I used commit f7419907bc6044b9b7057f9789866426c804ba82 from
https://github.com/nikramakrishnan/freetype-docs.git.
*/* [FT_CONFIG_OPTION_PIC]: Remove all code guarded by this
preprocessor symbol.
*/*: Replace `XXX_GET' macros (which could be either a function in
PIC mode or an array in non-PIC mode) with `xxx' arrays.
* include/freetype/internal/ftpic.h, src/autofit/afpic.c,
src/autofit/afpic.h, src/base/basepic.c, src/base/basepic.h,
src/base/ftpic.c, src/cff/cffpic.c, src/cff/cffpic.h,
src/pshinter/pshpic.c, src/pshinter/pshpic.h, src/psnames/pspic.c,
src/psnames/pspic.h, src/raster/rastpic.c, src/raster/rastpic.h,
src/sfnt/sfntpic.c, src/sfnt/sfntpic.h, src/smooth/ftspic.c,
src/smooth/ftspic.h, src/truetype/ttpic.c, src/truetype/ttpic.h:
Removed.
According to the CFF specification, charstrings can have up to 96 stem
hints. Due to hint replacement routines in Type 1 charstrings, some
glyphs are rejected by the Adobe engine, which implements the above
limit. This fix turns off hinting for such glyphs.
* src/psaux/pshints.c (cf2_hintmap_build): Reset the error from calling
`cf2_hintmask_setAll' on a problematic Type 1 charstring and turn off
hinting.
This reduces redundancy and increases synergy; it also reduces the
number of header files.
* include/freetype/config/ftheader.h (FT_DRIVER_H): New macro.
(FT_AUTOHINTER_H, FT_CFF_DRIVER_H, FT_TRUETYPE_DRIVER_H,
FT_PCF_DRIVER_H, FT_TYPE1_DRIVER_H): Make them aliases to
FT_DRIVER_H.
* include/freetype/ftautoh.h, include/freetype/ftcffdrv.h,
include/freetype/ftpcfdrv.h, include/freetype/ftt1drv.h,
include/freetype/ftttdrv.h: Replaced with...
* include/freetype/ftdriver.h: ...this new file.
(FT_CFF_HINTING_ADOBE, FT_T1_HINTING_ADOBE): Renamed to...
(FT_HINTING_ADOBE): ... this new macro.
(FT_CFF_HINTING_FREETYPE, FT_T1_HINTING_FREETYPE): Renamed to...
(FT_HINTING_FREETYPE): ... this new macro.
* src/*/*: Updated accordingly.
* include/freetype/internal/fttrace.h: Remove unused tracing macros.
s/pshalgo2/pshalgo/.
Add `trace_cffdecode'.
* src/pshinter/pshalgo.c (FT_COMPONENT): Updated.
* src/cff/cffload.c: Include FT_INTERNAL_POSTSCRIPT_AUX_H.
* src/cff/cffobjs.c: Include FT_SERVICE_METRICS_VARIATIONS_H and
FT_SERVICE_CFF_TABLE_LOAD_H.
* src/cid/cidriver.c: Include FT_INTERNAL_POSTSCRIPT_AUX_H.
* src/psaux/cffdecode.c: Include FT_FREETYPE_H and
FT_INTERNAL_DEBUG_H.
(FT_COMPONENT): Define.
* src/psaux/cffdecode.h: Include FT_INTERNAL_POSTSCRIPT_AUX_H.
* src/psaux/psauxmod.h: Include FT_INTERNAL_POSTSCRIPT_AUX_H.
Declare `cff_builder_funcs' and `ps_builder_funcs'.
* src/psaux/psft.c: Include `psobjs.h' and `cffdecode.h'.
* src/psaux/psobjs.c : Include `psauxmod.h'.
Glyph advance widths were being written to the new `PS_Decoder' but not
saved to the underlying format specific decoder. This caused pure CFF
fonts to have bad advance width.
* include/freetype/internal/psaux.h (PS_Decoder): Change `glyph_width'
field to pointer.
Remove unused fields.
* src/psaux/psobjs.c (ps_decoder_init): Change `glyph_width' from copy
to reference.
Remove unused.
* src/psaux/psft.c (cf2_setGlyphWidth): Update code.
The interpreter in Type 1 mode rewinds the charstring after collecting
all hints for building the initial hintmap (commit d52dd7f). However,
some charstrings use `endchar' in a final subroutine call, rewinding to
the start of that subroutine, and only a small section of the actual
glyph is drawn.
* src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_cmdENDCHAR>:
Ensure we are on the top level charstring before rewinding.
This controls whether the old Type 1 engine gets compiled into FreeType.
It is disabled by default.
* devel/ftoption.h, include/freetype/config/ftoption.h
(T1_CONFIG_OPTION_OLD_ENGINE): New macro.
* include/freetype/internal/psaux.h (PS_Decoder): Remove unused field.
* include/freetype/internal/psaux.h, src/cid/cidgload.c
(cid_load_glyph), src/psaux/psauxmod.c, src/psaux/psobjs.c
(ps_builder_add_point), src/psaux/t1decode.c
(t1_lookup_glyph_by_stdcharcode, t1_decoder_parse_glyph,
t1operator_seac, t1_decoder_parse_charstrings), src/psaux/t1decode.h,
src/type1/t1gload.c (T1_Parse_Glyph_And_Get_Char_String): Surround
relevant code with macro.
Minor code changes.
Duplicate the fast advance width calculations from the old parser. This
is to facilitate adding options for compiling out the old parser.
* src/psaux/t1decode.{c,h} (t1_decoder_parse_metrics): New function.
* include/freetype/internal/psaux.h (T1_Decoder_Funcs): New entry
`parse_metrics'.
* src/psaux/psauxmod.c: Set the new entry.
* src/type1/t1gload.c (T1_Parse_Glyph_And_Get_Char_String),
src/cid/cidgload.c (cid_load_glyph): Separate
conditional for selecting engine.
* include/freetype/internal/psaux.h, src/psaux/psobjs.{c,h}:
Rearrange `ps_builder_init' arguments to conventional order.
* src/psaux/psft.c (cf2_decoder_parse_charstrings): Add a check and
notice for `SubFont' in Type 1 mode.
As the former only contains a single procedure, move it into
`psobjs' for simplicity. Also change the parameter order to the
conventional one.
* src/psaux/psdecode.c (ps_decoder_init): Moved to...
* src/psaux/psobjs.c: ...Here.
* src/psaux/psdecode.h, src/psaux/psobjs.h: Ditto.
* include/freetype/internal/psaux.h (PSAux_ServiceRec): Update
`ps_decoder_init' function signature.
* src/cff/cffgload.c, src/cid/cidgload.c, src/type1/t1gload.c:
Update calls.
* src/psaux/psaux.c, src/psaux/psauxmod.c: Update includes.
* src/psaux/Jamfile (_sources), src/psaux/rules.mk (PSAUX_DRV_SRC):
Update file references.
Type 1 hinting breaks sometimes when mid-charstring hints should
have been in the initial hintmap. This fix adds a preprocessing
pass that reads all hints and builds the correct initial hintmap
first, before proceeding to build the glyph outline.
* src/psaux/psintrp.c (cf2_interpT2CharString): New
`initial_map_ready' boolean flag.
Ignore outline commands and hint changes on first pass.
<cf2_cmdENDCHAR>: Add section to build hintmap and rewind.
* src/psaux/pshints.c (cf2_hintmap_dump): New function.
(cf2_hintmap_insertHint): Trace incoming and inserted hints.
(cf2_hintmap_build): Dump hintmap before and after hint adjustment.
* src/psaux/psintrp.c (cf2_interpT2CharString): Fix check for pop
results.
s/font->decoder/decoder/ where necessary.
<cf2_cmdHSTEM, cf2_cmdVSTEM, cf2_escHSTEM3, cf2_escVSTEM3>: Use
offset parameter in `cf2_doStems' instead of doing correction for
left-sidebearing.
Change `t1_make_subfont' to take in the Private dict record as an
argument. This is because Type 1 and CID font records in FreeType
have this in different places.
* src/psaux/psobjs.c (t1_make_subfont): Change `T1_Face' to
`FT_Face' so that CID is also accepted.
Take `PS_Private' as an argument and let caller figure out where the
Private dict actually is.
Update references.
* include/freetype/internal/psaux.h, src/psaux/psobjs.h: Update
declaration.
* src/type1/t1gload.c (T1_Parse_Glyph_And_Get_Char_String): Update
call.
This concludes the changes needed to add Type 1 support.
* src/psaux/psintrp.c: Update includes.
(cf2_interpT2CharString) <cf2_escSEAC>: Implement this similarly to
implied seac for CFF.
* src/psaux/t1decode.c (t1_lookup_glyph_by_stdcharcode_ps): New
function to look up the glyph index.
* src/psaux/psft.c (cf2_getT1SeacComponent,
cf2_freeT1SeacComponent): New functions to get the charstrings for
seac components.
* src/psaux/t1decode.h, src/psaux/psft.h: Update declarations.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Fix Flex feature handling (OtherSubrs 0, 1,
2).
<cf2_cmdRMOVETO>: Do not actually move the `glyphPath' while doing
flex. This is to avoid closing the current contour.
* src/psaux/psintrp.c (cf2_interpT2CharString)
<cf2_escCALLOTHERSUBR>: Copy code from
`t1_decoder_parse_charstrings' (in `t1decode.c').
OtherSubr 3 (change hints) should reset the hintmask, so that the
new hints are applied.
Fix function calls and stack access.
* src/psaux/psintrp.c (cf2_interpT2CharString): Change how unhandled
OtherSubr results are stored. Implement the PostScript stack using
an array.
<cf2_escPOP>: Ensure that the stack is not cleared after getting
`OtherSubr' results.
Fix stack access.
* src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_escDIV>: Add
Type 1 mode. Type 1 requires large integers to be followed by
`div'; cf. `Adobe Type 1 Font Format', section 6.2.
<op == 255>: Push Type 1 four-byte numbers as `Int' always. This is
to ensure `div' and `callsubr' get values they can use.
* src/psaux/psintrp.c (cf2_interpT2CharString) <cf2_cmdHSTEM,
cf2_cmdVSTEM>: Add correction for left sidebearing in Type 1 mode.
Allow adding hints mid-charstring.
<cf2_escVSTEM3, cf2_escHSTEM3>: Translate into equivalent commands
for three normal stem hints. This requires some recalculation of
stem positions.
Correction for left sidebearing.
* src/psaux/psintrp.c (cf2_doStems): `hsbw' or `sbw' must be the
first operation in a Type 1 charstring.
(cf2_interpT2CharString): Remove unused variables.
<cf2_cmdHMOVETO, cf2_cmdVMOVETO, cf2_cmdRMOVETO>: `hsbw' or `sbw'
must be the first operation in a Type 1 charstring.
<cf2_cmdHSBW, cf2_escSBW>: Fix data access and add correction for
left sidebearing.
* src/psaux/psintrp.c (cf2_interpT2CharString) <c2f_cmdCLOSEPATH>:
Use the right builder function. We can use the `haveWidth' boolean
already present, instead of implementing `parse_state'.
The following Type 1 specific ops have been added (copied from
`t1decode'):
closepath
vstem3
hstem3
seac
sbw
callothersubr
pop
setcurrentpoint
hsbw
The following require a Type 1 mode, because of differences in
specification:
hstem
vstem
vmoveto
callsubr
div
rmoveto
hmoveto
Numbers
The subsequent commits will implement these changes and adapt
accesses of data and objects to the new interpreter.
NOTE: Will not compile in the meantime!
* src/psaux/psintrp.c: Add opcodes to enum.
(cf2_interpT2CharString): Copy relevant code over from
`t1_decoder_parse_charstrings' (in `t1decode.c').
Synthesize a `SubFont' object for Type 1 fonts. This is used in the
interpreter to access Private dict data, which are stored in
different places for Type 1 and CFF. This allows the same data to
be used in either mode.
* src/psaux/psobjs.c (t1_make_subfont): New procedure to copy
required values to a dummy `CFF_SubFont' object. This is similar to
`cff_make_private_dict'.
* src/psaux/psobjs.h: Add the new declaration.
* include/freetype/internal/psaux.h, src/psaux/psauxmod.c: Ditto.
Add this to the PSAux Service for future use with CID fonts.
* src/type1/t1gload.c: Include FT_INTERNAL_CFF_TYPES_H.
(T1_Parse_Glyph_And_Get_Char_String): Add the call.
Move `CF2_Font' instance to `PS_Decoder'. This is the context for
the interpreter and since it is currently stored in `CFF_Font', is
unavailable in Type 1 mode.
* include/freetype/internal/psaux.h (T1_Decoder, PS_Decoder): New
`cf2_instance' field.
* src/psaux/psdecode.c (ps_decoder_init): Copy `cf2_instance' to
`PS_Decoder'.
* src/psaux/t1decode.c (t1_decoder_done): Add finalization code.
* src/psaux/psft.c (cf2_decoder_parse_charstrings): Update accesses.
Add the callback and some conditionals to switch between the two
engines.
* include/freetype/internal/psaux.h (T1_Decoder_FuncsRec): Change
function declarations.
* src/psaux/psauxmod.c (T1_Decoder_FuncsRec): Register the
callbacks.
* src/psaux/psobjs.c (ps_builder_add_point): Add conditionals for
number conversion.
* src/type1/t1gload.c (T1_Parse_Glyph_And_Get_Char_String): Add code
to choose which renderer to use.
* src/cid/cidgload.c (cid_load_glyph): Update call.
* src/base/ftobjs.c, src/psaux/psobjs.c, src/type1/t1gload.c: Update
includes.
This is so that we can use the same hinting engine parameters for
Type 1.
* include/freetype/internal/cffotypes.h (CFF_Driver): Rename and
move to...
* include/freetype/internal/psaux.h (PS_Driver): ...here.
* src/cff/cffdrivr.c, src/cff/cffgload.c, src/cff/cffload.c,
src/cff/cffobjs.c, src/cff/cffobjs.h, src/psaux/psft.c,
src/psaux/psobjs.c: Update references.
Make some fields more generic, so that we can access them the same
way regardless of Type 1 or CFF.
* include/freetype/internal/psaux.h (PS_Builder): Change `TT_Face'
to `FT_Face'.
Remove unused fields.
* src/psaux/psft.c: Update all accesses of `PS_Builder.face'.
Add some asserts to guard against casting `T1_Face' as `TT_Face'.
* src/type1/t1objs.h (T1_GlyphSlot): Reorder fields to follow
`CFF_GlyphSlot', so that we can pretend they are the same in the
interpreter.
* src/psaux/psobjs.c (ps_builder_init, ps_builder_add_point):
Updated with above changes.
Add some checks for Type 1 data passing through.
* src/psaux/psfont.h (CF2_Font): Add `isT1' flag.
* src/psaux/psfont.c (cf2_font_setup): Skip the variations and blend
code which is not applicable for Type 1.
* src/psaux/psft.c (cf2_decoder_parse_charstrings): Avoid accessing
`decoder->cff' in Type 1 mode.
Copy `is_t1' flag to `CF2_Font'.
* include/freetype/internal/psaux.h, src/psaux/psauxmod.c: Fix
switching between new and old engines.
* src/cff/cffgload.c, src/cff/cffparse.c: Update calls.
* src/psaux/psblues.c, src/psaux/psfont.c, src/psaux/psfont.h,
src/psaux/psft.c, src/psaux/psft.h, src/psaux/psintrp.c: Update all
to use new objects.
Make the new objects copy over values. They are essentially wrapper
types for the different decoders/builders.
* include/freetype/internal/psaux.h: Update declarations.
(PS_Builder): Add `is_t1' flag.
(PS_Decoder_{Get,Free}_Glyph_Callback): Renamed to...
(CFF_Decoder_{Get,Free}_Glyph_Callback: ... this.
(PS_Decoder): Updated.
Add `t1_parse_callback' member.
(PSAux_ServiceRec): Add `ps_decoder_init' member.
* src/psaux/psdecode.h, src/psaux/psobjs.h: Update declarations.
* src/psaux/psdecode.c, src/psaux/psobjs.c: Implement copy with two
modes.
* src/psaux/psauxmod.c: Add builder and decoder functions to `PSAux'
service.
Introduce `PS_Decoder' and `PS_Builder' which include all fields
from either Type 1 or CFF decoders/builders.
* include/freetype/internal/psaux.h (PS_Builder, PS_Decoder): New
structs.
* src/psaux/psobjs.c, src/psaux/psobjs.h: Add `PS_Builder'
functions.
* src/psaux/psdecode.c, src/psaux/psdecode.h: New files to hold
`PS_Decoder' initialization functions.
* src/psaux/psaux.c, src/psaux/Jamfile (_sources),
src/psaux/rules.mk (PSAUX_DRV_SRC): Updated.
Replace the `cf2' file name prefix with `ps' as the Adobe engine
will be used for both PostScript Types 1 and 2 (CFF) instead of just
CFF.
s/cf2/ps/ for all following.
* src/psaux/cf2*: Rename files.
* src/psaux/*: Update includes.
* src/psaux/Jamfile (_sources), src/psaux/rules.mk (PSAUX_DRC_SRC,
PSAUX_DRV_H): Update file references.
Use `MultiMasters' service in `psaux' instead of a call to `cff'.
The project builds if CFF_CONFIG_OPTION_OLD_ENGINE is not defined.
* src/psaux/cf2ft.c: Update includes.
(cf2_getNormalizedVector): Use `mm->get_var_blend' instead of
`cff_get_var_blend'.
NOTE: Does not compile!
Minor fix to allow both `cff' and `psaux' to use `cff_random'.
* src/cff/cffload.c (cff_random): Move to...
* src/psaux/psobjs.c: Here.
* src/cff/cffload.h: Move corresponding declaration to
`src/psaux/psobjs.h'.
* include/freetype/internal/psaux.h (PSAux_ServiceRec): Register the
function here...
* src/psaux/psauxmod.c: And here.
* src/cff/cffload.c, src/psaux/cf2intrp.c: Update code.
NOTE: Does not compile!
This is so that the CFF functions moved to `psaux' can access the
same structs that they need.
* src/cff/cfftypes.h: Moved to...
* include/freetype/internal/cfftypes.h: ...Here.
* src/cff/cffobjs.h: Moved the struct declarations to...
* include/freetype/internal/cffotypes.h: ... this new file.
* include/freetype/internal/internal.h (FT_INTERNAL_CFF_TYPES_H,
FT_INTERNAL_CFF_OBJECT_TYPES_H): New macros.
* src/cff/cffcmap.h, src/cff/cffdrivr.c, src/cff/cffgload.c,
src/cff/cffgload.h, src/cff/cffload.h, src/cff/cffobjs.c,
src/cff/cffobjs.h, src/cff/cffparse.h, src/psaux/psobjs.h,
include/freetype/internal/psaux.h,
include/freetype/internal/services/svcfftl.h: Update includes.
* src/cff/rules.mk (CFF_DRV_H): Updated.
NOTE: Does not compile!
This is to allow CFF functions moved to `psaux' to call functions
declared in `src/cff/cffload.h'.
* include/freetype/internal/services/svcfftl.h: New file, setting up
a `CFFLoad' service.
* include/freetype/internal/ftserv.h (FT_DEFINE_SERVICEDESCREC10,
FT_DEFINE_SERVICEDESCREC): New macros.
(FT_SERVICE_CFF_TABLE_LOAD_H): New macro.
* src/cff/cffdrivr.c, src/cff/cffpic.h: Register the new service.
* src/cff/cfftypes.h (CFF_FontRec), src/psaux/cf2font.h
(CF2_FontRec): Add service interface.
* src/cff/cffobjs.c, src/psaux/cf2font.c, src/psaux/cf2ft.c,
src/psaux/cf2intrp.c, src/psaux/cffdecode.c: Use the new service.
NOTE: Does not compile!
* include/freetype/internal/psaux.h: Add function pointer
declarations.
* src/psaux/cffdecode.c (cff_decoder_init): Update to take in
callbacks.
* src/psaux/cffdecode.h: Ditto.
* src/cff/cffgload.c (cff_compute_max_advance, cff_slot_load):
Update calls to pass in callbacks.
* src/psaux/cf2ft.c, src/psaux/cffdecode.c: Use them.
NOTE: Does not compile!
* include/freetype/internal/psaux.h: Include
FT_INTERNAL_TRUETYPE_TYPES_H.
(CFF_Builder_FuncsRec, CFF_Decocer_FuncsRec): New function tables.
(CFF_Builder): Updated.
Fix for forward declaration.
(PSAux_ServiceRec): New field `cff_decoder_funcs'.
* src/psaux/psauxmod.c (cff_builder_funcs, cff_decoder_funcs): New
function tables.
(PSAux_Interface): Updated.
* include/freetype/internal/tttypes.h (TT_FaceRec): Add `psaux'
service interface.
* src/cff/cffgload.c, src/cff/cffobjs.c, src/cff/cffparse.c: Update
function calls to use psaux service.
This is the first patch of a sequence to move the Type 2 charstring
processing capability from the `cff' module to the `psaux' module.
NOTE: Does not compile!
* src/cff/cf2*: Move these files to...
* src/psaux/cf2*: Here.
* src/cff/Jamfile (_sources), src/cff/rules.mk (CFF_DRV_SRC,
CFF_DRV_H), src/cff/cff.c, src/cff/cffgload.c: Remove file
references.
* src/psaux/Jamfile (_sources), src/psaux/rules.mk, src/psaux/psaux.c
(PSAUX_DRV_SRC, PSAUX_DRV_H): Add file references.
We are going to extend this later on.
* include/freetype/internal/ftobjs.h (FT_Size_InternalRec): New
structure with a single field `module_data'.
* src/base/ftobjs.c (FT_New_Size): Allocate `internal' field of
`FT_Size' structure.
* src/cff/cffgload.c (cff_builder_init, cff_decoder_prepare): Use
`size->internal->module_data' instead of `size->internal'.
* src/cff/cffobjs.c (cff_size_done): Deallocate `module_data'.
(cff_size_init, cff_size_select, cff_size_request): Use
`size->internal->module_data' instead of `size->internal'.
* src/cif/cidobjs.c (cid_size_done, cid_size_init,
cid_size_request): Use `size->internal->module_data' instead of
`size->internal'.
* src/psaux/psobjs.c (t1_builder_ini): Use
`size->internal->module_data' instead of `size->internal'.
* src/type1/t1objs.c (T1_Size_Done, T1_Size_Init, T1_Size_Request):
Use `size->internal->module_data' instead of `size->internal'.
Reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
* src/psaux/t1decode.c (t1_decoder_parse_charstrings)
<callothersubr>: Since there is not a single flex operator but a
series of subroutine calls, malformed fonts can call arbitrary other
operators after the start of a flex, possibly adding points. For
this reason we have to check the available number of points before
inserting a point.
Werner Lemberg