* src/truetype/interp.c: Set even more TT_Err_Invalid_Reference
error codes only if pedantic hinting is active. At the same time,
try to provide sane values which hopefully allow useful
continuation. Exception to this is CALL and LOOPCALL – due to
possible stack corruption it is necessary to bail out.
* src/truetype/ttinterp.c (TT_RunIns, Ins_FLIPPT, Ins_DELTAP,
Ins_DELTAC): Exit with error only if `pedantic_hinting' is set.
Otherwise, try to do something sane.
Thanks to Greg Hitchcock who explained the issue.
* src/truetype/ttinterp.c (Ins_MIRP): Replace a `>=' operator with
`>' since the description in the specification is incorrect.
This fixes, for example, glyph `two' in font `Helvetica Neue LT Com
65 medium' at 15ppem.
Some Latin TrueType fonts are still expected to be unhinted.
Fix Savannah bug #31645.
* src/truetype/ttobjs.c (tt_check_trickyness): Divided to...
(tt_check_trickyness_family): this checking family name, and
(tt_check_trickyness_sfnt_ids): this checking cvt/fpgm/prep.
(tt_get_sfnt_checksum): Function to retrieve the sfnt checksum
for specified subtable even if cleared by lazy PDF generators.
(tt_synth_sfnt_checksum): Function to calculate the checksum.
Reported by Johnson Y. Yan <yinsen_yan@foxitsoftware.com>.
* src/truetype/ttpload.c (tt_face_load_loca): While sanitizing,
handle case where `loca' is the last table in the font.
On LLP64 platforms (e.g. Win64), long (32-bit) cannot cover
the memory address (64-bit). Also the casts from the pointer
type to long int should be removed to preserve the address
correctly.
* src/raster/ftraster.c (New_Profile): Replace "%lx" by "%p".
(End_Profile) Ditto.
* src/truetype/ttinterp.c (Init_Context): Ditto.
* src/truetype/ttpload.c (tt_face_get_location): If `pos1', the
offset to the requested entry in `glyf' exceeds the end of the
table, return offset=0, length=0. If `pos2', the offset to the
next entry in `glyf' exceeds the end of the table, truncate
the entry length at the end of `glyf' table.
See Savannah bug #31040.
* src/truetype/ttinterp.c (free_buffer_in_size): Don't duplicate
FT_GlyphZoneRec size->twilight to be freed. If duplicated,
FT_FREE() erases the duplicated pointers only and leave original
pointers. They can cause the double-free crash when the burst
errors occur in TrueType interpreter and free_buffer_in_size()
is invoked repeatedly. See Savannah bug #31040 for detail.
* src/truetype/ttinterp.c (TT_RunIns): Decrease the trace level
showing the error when the interpreter returns with an error,
from FT_TRACE7() to FT_TRACE1().
* src/truetype/ttinterp.c (free_buffer_in_size): New function to
free the buffer allocated during the interpretation of this glyph.
(TT_RunIns): Unset FT_Face->size->{cvt_ready,bytecode_ready} if
an error occurs in the bytecode interpretation. The interpretation
of invalid bytecode may break the function definitions and referring
them in later interpretation is danger. By unsetting these flags,
`fpgm' and `prep' tables are executed again in next interpretation.
Fix Savannah bug #30798, reported by Robert Swiecki.
* src/truetype/ttinterp.c (BOUNDSL): New macro.
Change `BOUNDS' to `BOUNDSL' where appropriate.
* src/truetype/ttinterp.h (TT_ExecContextRec): Fix type of
`cvtSize'.
Acroread does the same.
* src/truetype/ttgload.c (TT_Process_Composite_Glyph): Call
`Update_Max' to adjust size of instructions array if necessary and
add a rough safety check.
(load_truetype_glyph): Save `loader->byte_len' before recursive
call.
* src/truetype/ttinterp.h, src/truetype/ttinterp.c (Update_Max):
Declare it as FT_LOCAL.
Initialize phantom points before calling the incremental interface
to update glyph metrics.
* src/truetype/ttgload.c (tt_get_metrics_incr_overrides)
[FT_CONFIG_OPTION_INCREMENTAL]: New function, split off from...
(tt_get_metrics): This.
Updated.
(load_truetype_glyph): Use tt_get_metrics_incr_overrides.
After long discussion, we now consider the character width vector
(wx,wy) returned by the `sbw' Type 1 operator as being part of *one*
direction only. For example, if you are using the horizontal
writing direction, you get the horizontal and vertical components of
the advance width for this direction. Note that OpenType and CFF fonts
don't have such a vertical component; instead, the GPOS table can be
used to generate two-dimensional advance widths (but this isn't
handled by FreeType).
* include/freetype/ftincrem.h (FT_Incremental_MetricsRec): Add
`advance_v' field to hold the vertical component of the advance
value.
* src/truetype/ttgload.c (tt_get_metrics), src/cff/cffgload.c
(cff_slot_load), src/type1/t1gload.c
(T1_Parse_Glyph_And_Get_Char_String), src/cid/cidgload.c
(cid_load_glyph): Use it.