This is essentially a mechanical conversion, adding inclusion of
`FT_INTERNAL_DEBUG_H' where necessary, and providing the macros for
stand-alone compiling modes of the rasterizer modules.
To convert the remaining occurrences of FT_Err_XXX and friends it is
necessary to rewrite the code. Note, however, that it doesn't harm
if some cases are not handled since FT_THROW is a no-op.
include/freetype/internal/ftmemory.h, src/base/ftdbgmem.c,
src/base/ftutil.c: udpating the memory management functions and
macros to safely deal with array size buffer overflows, this
corresponds to attemps to allocate arrays that are too large. For
an example, consider the following code:
count = read_uint32_from_file();
array = malloc( sizeof(Item) * count );
for ( nn = 0; nn < count; nn++ )
array[nn] = read_item_from_file();
if 'count' is larger than FT_UINT_MAX/sizeof(Item), the multiplication
will overflow and the array allocated will be smaller than the data
read from the file. In this case, the heap will be trashed, and this
can be used as a denial-of-service, or make the engine crash later.
the FT_ARRAY_NEW and FT_ARRAY_RENEW macro now check that the new
count is no more than FT_INT_MAX/item_size, otherwise, a new error,
named 'FT_Err_Array_Too_Large' will be returned.
note that the memory debugger now works again when FT_DEBUG_MEMORY
is defined, and FT_STRICT_ALIASING has disappeared, the corresponding
code being now the default.
error if a negative size is passed in parameters.
* src/cache/ftccache.c: make ftc_node_destroy FT_BASE_DEF, it needs to
be exported for rogue clients
* src/pshinter/pshglob.c: prevent problems with malformed fonts which
have an odd number of blue values (these are broken according to the
specs).
* src/cff/cffload.c, src/type1/t1load.c: modify the loaders to force
even-ness of 'num_blue_values'. Also change the CFF loader so that
invalid entries in index files are ignored.
src/base/ftobjs.c, src/base/ftutil.c, src/cff/cffobjs.c,
src/psaux/afmparse.c, src/sfnt/ttbdf.c, src/tools/apinames.c,
src/truetype/ttdriver.c:
solved compiler warnings as well as C++ compilation problems
the warp hinter isn't active (it shouldn't, still experimental)
* Jamfile, include/freetype/config/ftmodule.h: removed "gxvalid"
and "otvalid" from the list of modules that are linked statically
to a given FreeType library. Functionality has been moved to the
"ftvalid" CVS module.
note also that current Make-based build system still compiles the
modules though...
* include/freetype/config/ftoption.h: added FT_STRICT_ALIASING,
which controls the definitions of the memory management functions
to avoid warnings with recent versions of GCC. this macro is
only here to be disabled, in case we detect problems with the
new scheme.
NOTE: disable macro to use the memory debugger. this will be fixed
later !!
FT_QAlloc_Debug and FT_QRealloc_Debug.
* src/base/ftutil.c (FT_QAlloc): Fix error and debug messages.
(FT_QRealloc): Call FT_QAlloc if original pointer is NULL.
Fix error message.
changed the names of memory macros. Examples:
MEM_Set => FT_MEM_SET
MEM_Copy => FT_MEM_COPY
MEM_Move => FT_MEM_MOVE
ALLOC => FT_ALLOC
FREE => FT_FREE
REALLOC = >FT_REALLOC
FT_NEW was introduced to allocate a new object from a _typed_
pointer..
note that ALLOC_ARRAY and REALLOC_ARRAY have been replaced
by FT_NEW_ARRAY and FT_RENEW_ARRAY which take _typed_ pointer
arguments.
This results in _lots_ of sources being changed, but makes the
code more generic and less error-prone..
Werner Lemberg