Many compilers such as gcc and clang optimize away pointer overflow
checks `p + n < p', because pointer overflow is undefined behavior.
Use a safe form `n > p_limit - p' instead.
Also avoid possible integer overflow issues, for example, using
`num_glyphs > ( p_limit - p ) / 2' rather than `num_glyphs * 2'
given a large `num_glyphs'.
* src/sfnt/ttsbit0.c (tt_sbit_decoder_load_image): Implement it.
* src/truetype/ttsubpix.h: Updated.
(SPH_X_SCALING_RULES_SIZE): Moved and renamed to...
* src/truetype/ttsubpix.c (X_SCALING_RULES_SIZE): This.
(sph_X_SCALING_Rules): Removed.
(scale_test_tweak): Make function static.
(sph_test_tweak_x_scaling): New function.
* src/truetype/ttgload.c (TT_Process_Simple_Glyph): Updated.
* include/freetype/fttrigon.h (FT_Hypot): Declare it.
* src/base/fttrigon.c (FT_Hypot): Define it.
* src/truetype/ttgload.c (TT_Process_Composite_Component): Use it
instead of explicit expressions.
* src/truetype/ttinterp.c (Current_Ratio, Normalize): Use it instead
of TT_VecLen.
(TT_VecLen): Removed.
* src/truetype/ttobjs.c (tt_size_reset): The Windows rendering
engine uses rounded values of the ascender and descender to compute
the TrueType font height.
It was not taking bit_depth into consideration when blitting!
* src/sfnt/ttsbit0.c (tt_sbit_decoder_load_byte_aligned,
* tt_sbit_decoder_load_bit_aligned): Handle bit
depth.
This patches fixes many issues with the ttsubpix implementation.
1. Data tables are defined, instead of declared, in the header, and
thus copied into each source file that includes it.
2. These tables were defined as global, mutable, visible variables,
and thus costing private RAM to every process that loads the
library (> 50 KB / process, this is huge!).
Additionally, this also made the library export the symbols
completely needlessly.
3. Missing `sph_' and `SPH_' prefixes to some of the definitions.
Note that this doesn't try to fix the incredibly inefficient storage
format for the data tables used by the code. This one will require
another pass in the future.
* src/truetype/ttinterp.h (MAX_NAME_SIZE, MAX_CLASS_MEMBERS):
Renamed to...
(SPH_MAX_NAME_SIZE, SPH_MAX_CLASS_MEMBERS): This.
Update all users.
(SPH_TweakRule, SPH_ScaleRule): Decorate with `const' where
appropriate.
(Font_Class): Rename to...
(SPH_Font_Class): This. Decorate with `const' where appropriate.
* src/truetype/ttsubpix.h (scale_test_tweak, sph_test_tweak):
Decorate arguments with `const' where appropriate.
Move font tweaking tables to...
* src/truetype/ttsubpic.c: This file and decorate them with `static'
and `const' where appropriate.
(X_SCALING_Rules, X_SCALING_RULES_SIZE): Renamed to...
(spu_X_SCALING_Rules, SPH_X_SCALING_RULES_SIZE): This.
Update all users.
Unit vector components are stored as 2.14 fixed-point numbers. In
order to calculate all 14 bits accurately, a short vector to be
normalized has to be upscaled to at least 14 bits before its length
is calculated. This has been safe since accurate CORDIC algorithms
were adopted.
* src/truetype/ttinterp.c (Normalize): Scale short vectors by 0x4000.
Back in the days, vector length calculations were not very accurate
and the vector normalization function, Normalize, had to meticulously
correct the errors for long vectors [commit b7ef2b0968]. It was no
longer necessary after accurate CORDIC algorithms were adopted, but
the code remained. It is time to kill it.
* src/truetype/ttinterp.c (Normalize): Remove error compensation.
(TT_VecLen): Remove any mention of old less accurate implementation.
After the next release we are going to remove the code completely.
* devel/ftoption.h, include/freetype/config/ftoption.h
(FT_CONFIG_OPTION_OLD_INTERNALS): Comment out.
* docs/CHANGES: Document it.
The recent optimizations of CORDIC iterations drastically reduce
the expansion factor. The vector components with MSB of 29 are now
safe from overflow.
* src/base/fttrigon.c (FT_TRIG_SAFE_MSB): New macro.
(ft_trig_prenorm): Use it and remove dead code.
* src/base/fttrigon.c: Document the algorithm in a large comment.
(FT_TRIG_COSCALE): Remove macro.
(FT_Tan: Use `FT_TRIG_SCALE' instead.
(FT_Cos, FT_Vector_Unit): Ditto and round the return values.
After we get within 45 degrees by means of true 90-degree rotations,
we can remove initial 45-degree CORDIC iteration and start from
atan(1/2) pseudorotation, reducing expansion factor thereby.
* src/base/fttrigon.c (FT_TRIG_SCALE, FT_TRIG_COSCALE): Update macros.
(ft_trig_pseudo_rotate, ft_trig_pseudo_polarize): Update.
* src/tools/cordic.py: Bring up to date with trigonometric core.
* docs/CHANGES: Old typo.
Problem reported by Robin Watts <robin.watts@artifex.com>.
* src/base/ftoutln.c (FT_Outline_New_Internal): Ensure that
`numContours' and `numPoints' fit into FT_Outline's `n_points' and
`n_contours', respectively.
FreeType used to rely on a 24-step iteration CORDIC algorithm to
calculate trigonometric functions and rotate vectors. It turns out
that once the vector is in the right half-plane, the initial rotation
by 63 degrees is not necessary. The algorithm is perfectly capable
to converge to any angle starting from the second 45 degree rotation.
This patch removes the first rotation and makes it a 23-step CORDIC
algorithm.
* src/base/fttrigon.c (FT_TRIG_SCALE, FT_TRIG_COSCALE): Update macro
values.
(ft_trig_pseudo_rotate, ft_trig_pseudo_polarize): Remove initial
rotation.
* include/freetype/internal/ftserv.h (FT_SERVICE_UNAVAILABLE): Use
`logical not' operator instead of negation. The idea is that `~'
returns exactly the data type enforced by the cast to a pointer (be
it 32bit or 64bit or whatever), while a negative integer has not
this flexibility.
* src/cache/ftccmap.c (FTC_CMAP_UNKNOWN): Ditto.
* src/truetype/ttgxvar.c (ALL_POINTS, TT_Get_MM_Var): Ditto.
* src/type/t1load.c (T1_Get_MM_Var): Ditto.
(parse_blend_axis_types): Use cast.
* src/bdf/bdflib.c (_bdf_readstream): Use cast.
Since the initial commit (ebe85f59) the value of FT_TRIG_SCALE has
always been slightly less than the correct value, which has been
given in the comment as a hexadecimal. As a result, vector lengths
were underestimated and rotated vectors were shortened.
The dot product between freeVector and projVector or cosine of
the angle between these FT_F2Dot14 unit vectors used to be scaled up
by 4 and routinely occupied 32 bits in an FT_Long field F_dot_P.
This patch scales the value down by 2^14 instead, which simplifies
its use throughout the bytecode interpreter.
This does not lead to the loss of precision because the lower bits
are unreliable anyway. Consider two unit vectors (1,0) and (.6,.8)
for which the true value of F_dot_P is .6 * 0x40000000 = 0x26666666.
These vectors are stored as (0x4000,0) and (0x2666,0x3333) after
rounding and F_dot_P is assigned 0x26660000. The lower bits were
already lost while rounding the unit vector components.
Besides code simplification, this change can lead to better
performance when FT_MulDiv with the scaled-down F_dot_P is less
likely to use the costly 64-bit path. We are not changing the type
of F_dot_P to FT_F2Dot14 at this point.
* src/truetype/ttinterp.c (Compute_Funcs): Scale F_dot_P down by 14
bits and modify its use accordingly.
(Direct_Move, Direct_Move_Orig, Compute_Point_Displacement): Modify
the use of F_dot_P field.
* src/truetype/ttobjs.c (tt_size_run_fpgm): Change arbitrary
assignment of F_dot_P to its theoretical maximum in case we decide
to scale back its type later.
* src/truetype/ttinterp.c (TT_DivFix14): New macro.
(Normalize): Use it here.
(Current_Ratio): Use TT_MulFix14 instead of FT_MulDiv.
(Ins_SHPIX): Cancel out two TT_MulFix14 calls.
This is Savannah bug #37856.
* src/pshinter/pshglob.c (psh_calc_max_height): New function.
(psh_globals_new): Use it to limit BlueScale value to
`1 / max_of_blue_zone_heights'.
Problem reported by Del Merritt <del@alum.mit.edu>.
* builds/unix/configure.raw <cpp computation of bit length>: Don't
remove existing FreeType configuration files.
* src/cff/cffload.c (cff_font_load): Separate subfont and face
index handling to load both pure CFFs with multiple subfonts and
OTCs (with multiple faces where each face holds exactly one
subfont).
* src/cff/cffobjs.c (cff_face_init): Updated.
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Replace sequential
calls to FT_MulFix and FT_DivFix with FT_MulDiv.
Mention that bisectors are used to figure out the shift direction.
* src/psaux/psconv.c (PS_Conv_Strtol): Always parse complete number,
even in case of overflow.
(PS_Conv_ToInt): Only increase cursor if parsing was successful.
(PS_Conv_ToFixed): Ditto.
Trace underflow and data error.
Such fonts only have a `cmap' and a `CFF' table.
* src/sfnt/ttload.c (tt_face_load_font_dir): Don't call
`check_table_dir' if font signature is `OTTO'.
* src/psaux/psconv.c: Include FT_INTERNAL_DEBUG_H.
(FT_COMPONENT): Define.
(PS_Conv_Strtol): Return FT_Long.
Handle bad data and overflow.
Emit some tracing messages in case of error.
(PS_Conv_ToInt): Return FT_Long.
(PS_Conv_ToFixed): Updated.
* src/psaux/psconv.h: Updated.
* include/freetype/internal/fttrace.h: Add `psconv'.
* src/autofit/aflatin.c, src/autofit/aflatin2.c: Include
`afglobal.h'.
* src/autofit/afloader.c: Fix order of header files.
* src/autofit/afmodule.c: Include `afglobal.h' and `aferrors.h'.
* src/cff/cffparse.c (cff_parse_integer): Emit tracing message in
case of error.
(cff_parse_real): Handle and trace overflow, underflow, and bad data
consistently.
(do_fixed): New helper function, handling and tracing overflow.
(cff_parse_fixed, cff_parse_fixed_scaled): Use `do_fixed'.
* src/truetype/ttinterp.c (Ins_ISECT): Use angle between vectors to
avoid grazing intersections. The previous threshold was too coarse,
incorrectly rejecting short but valid vectors.
`rm -f' is directly used in the `configure' script created by
autoconf, thus no availability test is necessary.
* builds/unix/configure.raw (RMF): Remove test.
* builds/unix/unix-def.in (DELETE): Updated.
* src/autofit/aftypes.h (AF_SCRIPT):
s/AF_SCRIPT_NONE/AF_SCRIPT_DUMMY/. We already use `AF_SCRIPT_NONE'
as a bit mask.
* src/autofit/afdummy.c: Updated.
This is an improved version of a similar fix contained in the
so-called `Infinality patch', taken from
http://www.infinality.net/fedora/linux/zips/freetype-infinality-2.4.10-20120616_01-x86_64.tar.bz2
which addresses various enhancements of the auto-hinter. Without
properties to control a module's metadata it wasn't possible to
adapt the patches because everything was originally controlled by
environment variables which I consider not suitable in general.
A patch to control `increase_x_height' follows.
* src/autofit/afglobal.h (AF_PROP_INCREASE_X_HEIGHT_MIN,
AF_PROP_INCREASE_X_HEIGHT_MAX): New macros.
(AF_FaceGlobalsRec): Add `increase_x_height' member.
* src/autofit/afglobal.c (af_face_globals_new): Initialize it.
* src/autofit/aflatin.c (af_latin_metrics_scale_dim),
* src/autofit/aflatin2.c (af_latin2_metrics_scale_dim): Implement
handling of `increase_x_height'.
The auto-hinter's latin module only handles latin ligatures in the
`Alphabetical Presentation Forms' block.
* src/autofit/aflatin.c (af_latin_uniranges): Fix it.
We want to access the (not yet existing) module's global data later
on.
* src/autofit/afloader.c: Include `afmodule.h'.
(af_loader_init, af_loader_reset, af_loader_done,
af_loader_load_glyph): Change accordingly.
* src/autofit/afmodule.c (AF_ModuleRec): Move to `afmodule.h'.
Updated.
* src/autofit/afmodule.h: Include `afloader.h'.
(AF_ModuleRec): Define here.
* src/autofit/afloader.h (AF_Module): Define here.
Updated.
No properties are added yet.
* src/autofit/afmodule.c: Include FT_SERVICE_PROPERTIES_H.
(af_property_set, af_property_get): New dummy functions.
(af_service_properties, af_services, af_get_interface): Provide
service setup.
(autofit_moduleclass): Add service interface.
* src/autofit/afpic.c: Add necessary forward declarations.
(autofit_module_class_pic_init): Add code for service addition.
(autofit_module_pic_free): Add code for service removal.
* src/autofit/afpic.h (AF_SERVICES_GET, AF_SERVICE_PROPERTIES_GET):
New macros which provide necessary syntactical sugar for PIC
support.
* include/freetype/fterrdef.h (FT_Err_Missing_Property): New error
code.
* include/freetype/ftmodapi.h (FT_Property_Set, FT_Property_Get):
New API.
* include/freetype/internal/services/svprop.h: New file.
* include/freetype/internal/ftserv.h (FT_SERVICE_PROPERTIES_H): New
macro.
* src/base/ftobjs.c: Include FT_SERVICE_PROPERTIES_H.
(ft_property_do, FT_Property_Set, FT_Property_Get): New functions.
Problem reported by Brad Dunzer <BDunzer@extensis.com>.
* src/autofit/aflatin.c (af_latin_metrics_init_blues): We have
a flat segment if the horizontal distance of best on-points is
larger than a given threshold.
Problem reported by Peter Breitenlohner and Akira Kakuto.
* include/freetype/config/ftstdlib.h (ft_setjmp): Updated.
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Remove cast.
* src/autofit/aflatin.c (af_latin_metrics_init_blues),
src/autofit/aflatin2.c (af_latin2_metrics_init_blues): Change the
constraint for testing round vs. flat segment: Accept either a
small distance or a small angle.
On my linux build tree, I receive yes answer in in every package I
build except freetype for this test checking if gcc static flag
`-static' works
On freetype, no is received, unless bzip2 and zlib are disabled using
./configure --without-bzip2 --without-zlib
The reason is that bzip2 and zlib tests add `-lz' and `-lbz2' to
LDFLAGS and this broke static flag test.
* builds/unix/configure.raw: Update CFLAGS and LDFLAGS only after
LT_INIT has run.
* include/freetype/internal/ftcalc.h (FT_MulDiv_No_Round): Don't
enclose with `TT_USE_BYTECODE_INTERPRETER'; we now need the function
elsewhere also.
* src/autofit/afcjk.h: Use AF_CONFIG_OPTION_CJK.
* src/truetype/ttgload.c (tt_loader_init): Fix compiler warning.
* src/truetype/ttinterp.c (Ins_MSIRP): Fix compiler warning.
* src/truetype/ttinterp.h: Use
TT_CONFIG_OPTION_BYTECODE_INTERPRETER.
This is the large, famous `Infinality' patch to support ClearType
bytecode which has been available from
http://www.infinality.net/blog/ for some time, and which has been
refined over the last years. While still experimental, it is now
mature enough to be included directly into FreeType.
Most of the code is based on the ClearType whitepaper written by
Greg Hitchcock
http://www.microsoft.com/typography/cleartype/truetypecleartype.aspx
which gives a detailed overview of the necessary changes to the
Microsoft rasterizer so that older fonts are supported. However, a
lot of details are still missing, and this patches provides a
framework to easily handle rendering issues down to the glyph level
of certain fonts.
Note that ClearType support is not completely implemented! In
particular, full support for the options `compatible_widths',
`symmetrical_smoothing, and `bgr' (via the GETINFO bytecode
instruction) is missing.
* src/truetype/ttsubpix.c: New file, providing code to handle
`tweaks', this is, rules for certain glyphs in certain fonts
(including wildcards) which need a special treatment.
* src/truetype/ttsubpix.h: New file, holding the tweaking rules.
* include/freetype/config/ftoption.h, src/devel/ftoption.h
(TT_CONFIG_OPTION_SUBPIXEL_HINTING): New macro.
* include/freetype/internal/ftobjs.h (FT_PIX_FLOOR_GRID,
FT_PIX_ROUND_GRID, FT_PIX_CEIL_GRID): New macros.
* src/truetype/truetype.c [TT_USE_BYTECODE_INTERPRETER]: Include
`ttsubpix.c'.
* src/truetype/ttgload.c: Include `ttsubpix.h'.
[All changes below are guarded by TT_CONFIG_OPTION_SUBPIXEL_HINTING.]
(tt_get_metrics): Set tweak flags.
(TT_Hint_Glyph): Call `FT_Outline_EmboldenXY' if necessary.
(TT_Process_Simple_Glyph): Compensate emboldening if necessary.
(compute_glyph_metrics): Handle `compatible widths' option.
(tt_loader_init): Handle ClearType GETINFO information bits.
* src/truetype/rules.mk (TT_DRC_SRC): Updated.
* src/truetype/ttinterp.c: Include `ttsubpix.h'.
[Where necessary, changes below are guarded by
TT_CONFIG_OPTION_SUBPIXEL_HINTING.]
(Direct_Move, Direct_Move_X): Extended.
(Round_None, Round_To_Grid, Round_To_Half_Grid, Round_Down_To_Grid,
Round_Up_To_Grid, Round_To_Double_Grid, Round_Super, Round_Super_45,
SetSuperRound): Add parameter to handle the number of grid lines per
pixel.
(SET_SuperRound, ROUND_None, CUR_Func_round): Updated.
(DO_SROUND, DOS45ROUND, DO_ODD, DO_EVEN): Updated.
(DO_ROUND, DO_NROUND): Updated.
(DO_RS): Take care of `Typeman' bytecode patterns.
(Ins_FDEF): Add some debugging code. Commented out.
(Ins_ENDF): Restore state.
(Ins_CALL, Ins_LOOPCALL): Handle inline delta functions.
(Ins_MD): Handle `Vacuform' rounds.
(Move_Zp2_Point, Ins_SHPIX, Ins_MSIRP, Ins_MDAP, Ins_MIAP,
Ins_MDRP, Ins_MIRP): Handle tweaks.
(Ins_ALIGNRP): Add tweak guard.
(Ins_IUP, Ins_DELTAP): Handle tweaks.
(Ins_GETINFO): Handle new ClearType bits.
(TT_RunIns): Handle tweaks.
* src/truetype/ttinterp.h: Updated.
(SPH_TweakRule, SPH_ScaleRule): New structures for tweaks.
(TT_ExecContextRec): Add members for subpixel hinting support.
* src/truetype/ttobjs.h (TT_DefRecord): Add `inline_delta' member.
==========================
Tag sources with `VER-2-4-10'.
* docs/VERSION.DLL: Update documentation and bump version number to
2.4.10.
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/vc2010/freetype.vcxproj, builds/win32/vc2010/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.4.9/2.4.10/, s/249/2410/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 10.
* builds/unix/configure.raw (version_info): Set to 15:0:9.
to pass special compiler/linker flags under cross development.
Suggested by Savannah bug #36367.
ChangeLog on 2010-07-15 saying as they were removed was wrong
for the official trunk of FreeType2. This commit is the first
introduction of them.
NEC FA family dated in 1996 have different checksum.
Reported by Johnson Y. Yan <yinsen_yan@foxitsoftware.com>; see
http://lists.gnu.org/archive/html/freetype-devel/2012-06/msg00023.html
* src/truetype/ttobjs.c (tt_check_trickyness_sfnt_ids): 4 sets
of fpgm & prep table checksums for FA-Gothic, FA-Minchou,
FA-RoundedGothicM, FA-RoundedGothicB are added. The family
names in sample PDF are truncated, thus the list of the
family names in tt_check_trickyness_family() is not updated yet.
* include/freetype/ftoutln.h (FT_Outline_EmboldenXY): Define it.
* src/base/ftoutln.c (FT_Outline_EmboldenXY): Implement it, using a
simplified embolding algorithm.
(FT_Outline_Embolden): Make it a special case of
`FT_Outline_EmboldenXY'
Without this patch, only the dummy and cjk autohinter modules get
them (since they copy the whole scaler object).
* src/autofit/aflatin.c (af_latin_metrics_scale),
src/autofit/aflatin2.c (af_latin2_metrics_scale): Implement it.
* builds/unix/configure.raw: Check `-ansi' flag works even if gcc
is used. Bionic libc headers for Android lose the consistency
when they are parsed with __STDC_VERSION__ older than 199901L or
__STRICT_ANSI__.
Based on the patch given in the bug report.
* src/type1/t1load.c (IS_INCREMENTAL): New macro.
(read_binary_data): Add parameter `incremental'.
Update all callers using `IS_INCREMENTAL'.
This was quite a subtle bug which accidentally showed up with glyph
`afii10023' of arial.ttf (version 2.76). This glyph is a composite;
the first component, `E', has an advance width of 1366 font units,
while the advance width of the composite itself (which looks like
uppercase `E' with dieresis) is 1367 font units. I think this is
actually a bug in the font itself, because there is no reason that
this glyph has not the same width as uppercase `E' without the
dieresis. Anyway, it helped identify this problem.
Using the TrueType hinter, the correct value (1367) of `afii10023'
was returned, but the autohinter mysteriously returned 1366.
Digging in the code showed that the autohinter recursively calls
FT_Load_Glyph to load the glyph, adding the FT_LOAD_NO_SCALE load
flag. However, the `linearHoriAdvance' field is still returned as a
scaled value. To avoid scaling twice, the old code in autofit reset
`linearHoriAdvance', using the `horiAdvance' field. This seemed to
work since FT_LOAD_NO_SCALE was in use, but it failed actually,
because `horiAdvance' is defined as the distance of the first
subglyph's phantom points, which in turn are initialized using the
advance width of the first subglyph. And as the given example
shows, these widths can differ.
* src/autofit/afloader.c (af_loader_load_g): Temporarily set
FT_LOAD_LINEAR_DESIGN while calling FT_Load_Glyph to get unscaled
values for the linear advance widths.
* src/truetype/ttinterp.c (DO_SSW): SSW *does* use font units. For
verification, it took some time to find a font which actually uses
this instruction.
For some divisions, we use casts to 32bit entities. Always guard
against division by zero with these casts also.
* src/base/ftcalc.c (ft_div64by32): Remove redundant cast.
(FT_MulDiv, FT_MulDiv_No_Round): Add 32bit cast.
(FT_DivFix): Add 32bit cast (this omission triggered the bug).
* src/psaux/afmparse.c (afm_parse_track_kern): Don't inverse sign
for `min_kern'. It is indeed quite common that track kerning
*increases* spacing for very small sizes.
If in function `skip_spaces' the routine `skip_comment' comes to the
end of buffer, `cur' is still increased by one, so we need to check
for `p >= limit' and not `p == limit'.
* src/psaux/psconv.c (PS_Conv_Strtol, PS_Conv_ToFixed,
PS_Conv_ASCIIHexDecode, PS_Conv_EexecDecode): Fix boundary checking.
* src/truetype/ttinterp.c (Ins_MIRP): Typo, present since ages. The
code is now in sync with the other operators (e.g. MSIRP) which
modify twilight points.
* src/bdf/bdflib.c (_bdf_list_ensure): Bring code in sync with
comment before `_bdf_list_split', this is, really allocate at least
five `field' elements.
* src/bdf/bdflib.c (_bdf_parse_glyphs) <DWIDTH, BBX>: Abort if
_BDF_ENCODING isn't set. We need this because access to the `glyph'
variable might be undefined otherwise.
* src/smooth/ftsmooth.c (ft_smooth_render_generic): Use `FT_Pos'
instead of `FT_UInt' for some variables and update comparisons
accordingly. A detailed analysis can be found in the bug report.
* src/type1/t1load.c (parse_subrs): Add proper guards for `strncmp'.
* src/psaux/psobjs.c (ps_parser_skip_PS_token): Emit error message
only if cur < limit.
Jump instructions are now bound to the current function. The MS
Windows rasterizer behaves the same, as confirmed by Greg Hitchcock.
* src/truetype/ttinterp.h (TT_CallRec): Add `Cur_End' element.
* src/truetype/ttobjs.h (TT_DefRecord): Add `end' element.
* src/truetype/ttinterp.c (DO_JROT, DO_JMPR, DO_JROF): Check upper
bound of jump address.
(Ins_FDEF, Ins_CALL, Ins_LOOPCALL, Ins_UNKNOWN, TT_RunIns): Updated.
* include/freetype/internal/ftobjs.h (FT_ModuleRec, FT_LibraryRec):
Remove `generic' field since users can't access it.
* src/base/ftobjs.c (FT_Done_GlyphSlot): Call `generic.finalizer' as
advertised in the documentation of FT_Generic.
(Destroy_Module, FT_Done_Library): Updated to changes in `ftobjs.h'.
Patch submitted by anonymous reporter.
* src/gxvalid/gxvcommn.c (gxv_XStateTable_subtable_setup):
gxv_set_length_by_ulong_offset() must be called with 3, not 4,
the number of the subtables in the state tables; classTable,
stateArray, entryTable.
Based on the patch provided by Erik Dahlstrom <ed@opera.com>,
http://lists.gnu.org/archive/html/freetype-devel/2012-01/msg00010.html
Also `raccess_guess_table[]' and `raccess_rule_by_darwin_vfs()'
are renamed with `ft_' suffixes.
* src/base/ftbase.h: `raccess_rule_by_darwin_vfs()' is renamed
to `ft_raccess_rule_by_darwin_vfs()'.
* src/base/ftobjs.c: Ditto.
* src/base/ftrfork.c: Declarations of FT_RFork_Rule,
raccess_guess_rec, are moved to...
* include/freetype/internal/ftrfork.h: Here.
* include/freetype/internal/ftrfork.h:
FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END} macros are defined
to replace raccess_guess_table[] in both of PIC and non-PIC
modes.
* src/base/ftrfork.c: raccess_guess_table[] array is rewritten
by FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END}.
* src/base/basepic.h (BasePIC): Add `ft_raccess_guess_table'
storage. (FT_RACCESS_GUESS_TABLE_GET): New macro to retrieve
the function pointer from `ft_raccess_guess_table' storage in
`BasePIC' structure.
* src/base/ftrfork.c (FT_Raccess_Guess): Rewritten with
FT_RACCESS_GUESS_TABLE_GET.
(raccess_get_rule_type_from_rule_index): Add `library' as the
first argument to the function, to retrieve the storage of
`ft_raccess_guess_table' from it. Also `raccess_guess_table'
is replaced by FT_RACCESS_GUESS_TABLE_GET.
(ft_raccess_rule_by_darwin_vfs): Ditto.
* src/autofit/afpic.c: Include "aflatin2.h" when
FT_OPTION_AUTOFIT2 is defined, as afglobal.c does so.
Unconditionally inclusion causes declared but unimplemented
warning by GCC 4.6.
* src/cff/cffpic.c: The declarations of
FT_Init_Class_cff_cmap_encoding_class_rec() and
FT_Init_Class_cff_cmap_unicode_class_rec() are removed.
They can be obtained by the inclusion of cffcmap.h.
cffcmap.h invokes FT_DECLARE_CMAP_CLASS() and it declares
FT_Init_Class_cff_cmap_encoding_class_rec() etc in PIC mode.
Originally FT_DEFINE_{DRIVER,MODULE,RENDERER}() macros were
designed to declare xxx_pic_{free,init} by themselves.
Because these macros are used at the end of the module
interface (e.g. ttdriver.c) and the wrapper source to build
a module as a single object (e.g. truetype.c) includes
the PIC file (e.g. ttpic.c) before the module interface,
these macros are expanded AFTER xxx_pic_{free,init} body
when the modules are built as single object.
The declaration after the implementation causes the redundant
declaration warnings, so the declarations are moved to module
PIC headers (e.g. ttpic.h). Separating to other header files
are needed for multi build.
* include/freetype/internal/ftdriver.h (FT_DEFINE_DRIVER):
Remove class_##_pic_free and class_##_pic_init declarations.
* include/freetype/internal/ftobjs.h (FT_DEFINE_RENDERER,
FT_DEFINE_MODULE): Ditto.
* src/base/basepic.h: Insert a comment and fix coding style.
* src/autofit/afpic.h: Declare autofit_module_class_pic_{free,
init}.
* src/cff/cffpic.h: Declare cff_driver_class_pic_{free,init}.
* src/pshinter/pshpic.h: Declare pshinter_module_class_pic_{free,
init}.
* src/psnames/pspic.h: Declare psnames_module_class_pic_{free,
init}.
* src/raster/rastpic.h: Declare
ft_raster{1,5}_renderer_class_pic_{free,init}
* src/sfnt/sfntpic.h: Declare sfnt_module_class_pic_{free,init}.
* src/smooth/ftspic.h: Declare
ft_smooth_{,lcd_,lcdv_}renderer_class_pic_{free,init}.
* src/truetype/ttpic.h: Declare tt_driver_class_pic_{free,init}.
* src/base/ftglyph.c (FT_Glyph_To_Bitmap): `glyph' must be
set before derefering to obtain `library'. The initialization
of `clazz', `glyph', `library' and NULL pointer check are
reordered to minimize PIC conditonals.
* src/base/ftinit.c (FT_Add_Default_Modules): Under PIC
configuration, FT_DEFAULT_MODULES_GET returns
FT_Module_Class** pointer, GCC 4.6 warns that
const FT_Module_Class* const* variable is warned as
inappropriate to store it. To calm it, explicit cast is
inserted. Also `library' is checked to prevent the NULL
pointer dereference in FT_DEFAULT_MODULES_GET.
Under PIC configuration, FT_{CFF,PSCMAPS,SFNT,TT}_SERVICES_GET
take no arguments but derefer the variable named `library'
internally.
* src/cff/cffdrivr.c (cff_get_interface): Declare `library' and
set it if non-NULL driver is passed.
* src/truetype/ttdriver.c (tt_get_interface): Ditto.
* src/sfnt/sfdriver.c (sfnt_get_interface): Declare `library'
under PIC configuration, and set it if non-NULL module is given.
* src/psnames/psmodule.c (psnames_get_interface): Ditto.
error codes with per-module prefix.
* src/autofit/afpic.c: Include `aferrors.h'.
* src/cff/cffpic.c: Include `cfferrs.h'.
* src/pshinter/pshpic.c: Include `pshnterr.h'.
* src/raster/rastpic.c: Include `rasterrs.h'.
* src/sfnt/sfntpic.c: Include `sferrors.h'.
* src/smooth/ftspic.c: Include `ftsmerrs.h'.
* src/truetype/ttpic.c: Include `tterrors.h'.
Originally FT_MACINTOSH was a pure auto macro and DARWIN_NO_CARBON
was a configurable macro to disable Carbon-dependent code. Because
now configure script sets DARWIN_NO_CARBON by default and disables
Darwin & Carbon-dependent codes, these macros can be unified.
FT_MACINTOSH (undefined by default) is kept and DARWIN_NO_CARBON
(defined by default) is removed, because DARWIN_NO_CARBON violates
FT_XXX naming convention of public macros, and a macro configured by
default is not portable for the building without configure (e.g.
make devel).
* builds/unix/configure.raw: Define FT_MACINTOSH if Carbon-based
old Mac font support is requested and Carbon is available.
* builds/unix/ftconfig.in: Undefine FT_MACINTOSH when the support
for Mac OS X without Carbon (e.g. Mac OS X 10.4 for ppc64) is
requested.
* include/freetype/config/ftconfig.in: Ditto.
* builds/vms/ftconfig.h: Ditto.
* src/base/ftbase.h: Remove DARWIN_NO_CARBON.
* src/base/ftbase.c: Ditto.
* src/base/ftobjs.c: Ditto.
* src/base/ftrfork.c: Ditto.
* src/base/ftmac.c: Compile the body if FT_MACINTOSH is defined
(same with TT_USE_BYTECODE_INTERPRETER in ttinterp.c).
* builds/mac/ftmac.c: Ditto.
* builds/mac/FreeType.m68k_cfm.make.txt: Define FT_MACINTOSH.
* builds/mac/FreeType.m68k_far.make.txt: Ditto.
* builds/mac/FreeType.ppc_classic.make.txt: Ditto.
* builds/mac/FreeType.ppc_carbon.make.txt: Ditto.
* builds/toplevel.mk: Check `/dev/null' to identify the Unix-
like systems without `init' nor `hurd' (e.g. Mac OS X >= 10.4).
* builds/unix/detect.mk: Ditto.
* src/tools/apinames.c (names_add): Change the type of `h' from
int to unsigned int, to prevent undefined behaviour in the
overflow of signed integers (overflow of unsigned int is defined
to be wrap around). Found by clang test suggested by Sean
McBride.
ENCODING now covers the whole Unicode range.
Note, however, that this change is quite expensive since it
increases the size of three arrays by almost 400kByte in total. The
right fix is to replace the logic with something smarter.
Additionally, there exist very old BDFs for three-byte CCCII
encoding which exceeds the range of Unicode (another reason to have
a smarter logic).
* src/bdf/bdf.h (bdf_font_t): Increase size of `nmod' and `umod'
arrays.
* src/bdf/bdflib.c (bdf_parse_t): Increase size of `have' array.
Previously, FreeType misleadingly returned
FT_Err_Unknown_File_Format if a module was missing (or a test was
missing completely).
* include/freetype/fterrdef.h (FT_Err_Missing_Module): Define.
* src/cff/cffobjs.c (cff_face_init), src/cid/cidobjs.c
(cid_face_init), src/sfnt/sfobjs.c (sfnt_init_face),
src/truetype/ttobjs.c (tt_face_init), src/type1/t1objs.c
(T1_Face_Init), src/type42/t42objs.c (T42_Face_Init,
T42_Driver_Init): Updated.
* src/type1/t1afm.c (T1_Read_Metrics), src/type/t1objs.c
(T1_Face_Init), src/type42/t42objs.c (T42_Face_Init): Remove now
redundant test for `psaux'.
This allows a Type 1 font face to be interrogated to retrieve most
of the dictionary keys (keys not relevant to FreeType's Type 1
interpreter are not available).
* include/freetype/internal/services/svpsinfo.h
(PS_GetFontValueFunc): New typedef.
(PSInfo): Add `ps_get_font_value'.
(FT_DEFINE_SERVICE_PSINFOREC): Updated.
* include/freetype/internal/t1types.h (T1_EncodingType): Moved to...
* include/freetype/t1tables.h: Here.
(PS_Dict_Keys): New enumeration.
(FT_Get_PS_Font_Value): New declaration.
* src/base/fttype1.c (FT_Get_PS_Font_Value): New function.
* src/type1/t1driver.c (t1_ps_get_font_value): This new function
does the real job.
(t1_service_ps_info): Add it.
* src/cff/cffdrivr.c (cff_service_ps_info), src/cid/cidriver.c
(cid_service_ps_info), src/type42/t42drivr.c (t42_service_ps_info):
Updated.
* src/cid/cidload.c (cid_load_keyword) <default>,
(parse_font_matrix, parse_expansion_factor): Correctly check number
of dictionaries.
(cid_read_subrs): Protect against invalid values of `num_subrs'.
Assure that the elements of the `offsets' array are ascending.
* src/base/ftbase.h (raccess_rule_by_darwin_vfs): Do not declare
it on native Mac OS X.
* src/base/ftrfork.c (raccess_get_rule_type_from_rule_index):
Hide raccess_get_rule_type_from_rule_index() on native Mac OS X
too.
* include/freetype/config/ftstdlib.h (FT_USHORT_MAX): New macro.
* src/base/ftbitmap.c (FT_Bitmap_Convert): Protect against invalid
value of `target->rows'.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Add check for
flex start.
* src/raster/ftrend1.c (ft_raster1_render): Check `width' and
`height'.
* src/truetype/ttgxvar.c (TT_Vary_Get_Glyph_Deltas): Protect against
invalid values in `localpoints' array.
Problem reported by Nicolas Rougier <Nicolas.Rougier@inria.fr>.
* src/tools/glnames.py (adobe_glyph_list): Add data from AGL's
`zapfdingbats.txt' file.
* src/psnames/pstables.h: Regenerated.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_CODE>:
Ensure that subsequent (modulo garbage byte(s)) LZW_CLEAR codes are
handled as clear codes. This also re-sets old_code and old_char to
predictable values, which is a little better than using `random'
ones if the code following LZW_CLEAR is invalid.
Stack larger than 1<<LZW_MAX_BITS is never needed if prefix table is
constructed correctly. It's even less than that, see e.g.
libarchive code comment for a better size upper bound:
http://code.google.com/p/libarchive/source/browse/trunk/libarchive/archive_read_support_filter_compress.c?r=3635#121
This patch adds explicit stack size limit, enforced when stack is
realloced.
An alternative is to ensure that code < state->prefix[code - 256]
when traversing prefix table. Such check is less efficient and
should not be required if prefix table is constructed correctly in
the first place.
* src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Implement it.
LZW decompressor did not sufficiently check codes read from the
input LZW stream. A specially-crafted or corrupted input could
create a loop in the prefix table, which leads to memory usage
spikes, as there's no decompression stack size limit.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_START>: First
code in valid LZW stream must be 0..255.
<FT_LZW_PHASE_CODE>: In the special KwKwK case, code == free_ent,
code > free_ent is invalid.
* src/cff/cfftypes.h (CFF_FontRecDictRec): New member
`has_font_matrix'.
* src/cff/cffparse.c (cff_parse_font_matrix): Set it.
Update tracing output.
* src/cff/cffobjs.c (cff_face_init): Use it so that the heuristics
can be removed.
Found with font fuzzying.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
`decoder->buildchar'.
* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
When shifting right a signed value, it is not defined by the
C standard whether one gets a sign extension or not. Use a macro to
do an explicit cast from a signed short (assuming that this is
16bit) to an int.
* src/psaux/t1decode.c (Fix2Int): New macro.
Use it where appropriate.
We want to unset FT_FACE_FLAG_SCALABLE only if there are bitmap
strikes in the font.
* src/truetype/ttobjs.c (tt_face_init): Implement it.
* docs/CHANGES: Updated.
The main problems
-----------------
o If FT_STROKER_LINEJOIN_BEVEL was specified, unlimited miter
joins (not bevel joins) were generated. Indeed, the meanings of
`miter' and `bevel' were incorrectly reversed (consistently) in
both the code and comments.
o The way bevel joins were constructed (whether specified
explicitly, or created as a result of exceeding the miter limit)
did not match what is required for stroked text in PostScript or
PDF.
The main fixes
--------------
o The behaviour of FT_STROKER_LINEJOIN_BEVEL has been corrected.
o A new line join style, FT_STROKER_LINEJOIN_MITER_FIXED, has been
introduced to support PostScript and PDF miter joins.
o FT_STROKER_LINEJOIN_MITER_VARIABLE has been introduced as an
alias for FT_STROKER_LINEJOIN_MITER.
Additionally, a variety of stroking errors have been fixed. These
would cause various artifacts (including points `at infinity'),
especially when stroking poor quality fonts.
See
http://lists.gnu.org/archive/html/freetype-devel/2011-07/msg00001.html
for example documents. The FreeType stroker now produces results
very similar to that produced by GhostScript and Distiller for these
fonts.
Other problems
--------------
The following problems have been resolved:
o Inside corners could be generated incorrectly. Intersecting the
inside corner could cause a missing triangular area and other
effects.
The intersection point can only be used if the join is between
two lines and both lines are long enough. The `optimization'
condition in `ft_stroker_inside' has been corrected; this
requires the line length to be passed into various functions and
stored in `FT_StrokerRec'.
o Incorrect cubic curves could be generated. The angle
calculations in `FT_Stroker_CubicTo' have been corrected to
handle the case of the curve crossing the +/-PI direction.
o If the border radius was greater than the radius of curvature of
a curve, then the negative sector would end up outside (not
inside) the border. This situation is now recognized and the
negative sector is circumnavigated in the opposite direction.
(If round line joins are being used, this code is disabled
because the line join will always cover the negative sector.)
o When a curve is split, the arcs may not join smoothly (especially
if the curve turns sharply back on itself). Changes in
direction between adjacent arcs were not handled. A round
corner is now added if the deviation from one arc to the next is
greater than a suitable threshold.
o The current direction wasn't retained if a the outline contained
a zero length lineto or a curve that was determined to be
`basically a point'. This could cause a spurious join to be
added.
o Cubics with close control points could be mishandled. All eight
cases are now distinguished correctly.
Other improvements
------------------
o Borders for cubic curves could be too `flat'.
FT_SMALL_CUBIC_THRESHOLD has been reduced a little to prevent
this.
o The handling and use of movable points has been simplified a
little.
o Various values are now computed only if the results are actually
needed.
o The directions of the outer and inner borders have been swapped,
as recommended by Graham Asher.
* src/base/ftstroke.c: Revised.
* include/freetype/ftstroke.h: Updated.
Passing uninitialized pointer to the buffer allocator is
not problematic theoretically (as far as the returned
pointer is checked before writing), but g++4.6 dislikes
it and warns by -Wuninitialized. Initialize them by NULL.
* src/base/ftobjs.c (FT_Stream_New): Init `stream'.
(new_memory_stream): Ditto.
(FT_New_GlyphSlot): Init `slot'.
(FT_CMap_New): Init `cmap'.
(open_face_PS_from_sfnt_stream): Init `sfnt_ps'.
(Mac_Read_POST_Resource): Init `pfb_data'.
(Mac_Read_sfnt_Resource): Init `sfnt_data'.
* src/base/ftrfork.c (FT_Raccess_Get_DataOffsets):
Init `offsets_internal' and `ref'.
(raccess_guess_darwin_hfsplus): Init `newpath'.
(raccess_guess_darwin_newvfs): Ditto.
* src/base/ftbitmap.c (ft_bitmap_assure_buffer):
Init `buffer'.
* src/base/ftstroke.c (FT_Stroker_New): Init `stroker'.
Some invalid, overrunning, unrecommended non-zero values
are cared in paranoid validation mode only. There are
many lines looking like:
if ( valid->root->level >= FT_VALIDATE_PARANOID )
FT_INVALID_xxx;
To simplify them, GXV_SET_ERR_IF_PARANOID( err ) is
introduced for more paranoid validation in future.
* src/gxvalid/gxvcommn.h (IS_PARANOID_VALIDATION):
New macro to assure valid->root->level is more or
equal to FT_VALIDATE_PARANOID. (GXV_SET_ERR_IF_PARANOID):
New macro to raise an error if in paranoid validation.
* src/gxvalid/gxvcommn.c: Use GXV_SET_ERR_IF_PARANOID().
* src/gxvalid/gxvfeat.c: Ditto.
* src/gxvalid/gxvjust.c: Ditto.
* src/gxvalid/gxvkern.c: Ditto.
* src/gxvalid/gxvmort.c: Ditto.
* src/gxvalid/gxvmort0.c: Ditto.
* src/gxvalid/gxvmort1.c: Ditto.
* src/gxvalid/gxvmort2.c: Ditto.
* src/gxvalid/gxvmorx1.c: Ditto.
* src/gxvalid/gxvmorx2.c: Ditto.
* src/gxvalid/gxvmort.c (gxv_mort_subtables_validate):
Conditionalize unvalidated variable `subFeatureFlags'.
(gxv_mort_chain_validate): Conditionalize unvalidated
variable `defaultFlags'.
* src/gxvalid/gxmort0.c
(gxv_mort_subtable_type0_entry_validate): Check the
conflict of the marks for the glyphs.
* src/gxvalid/gxmort1.c
(gxv_mort_subtable_type1_offset_to_subst_validate):
Local variables `min_gid', `max_gid' are replaced by
variables in the validator.
(gxv_mort_subtable_type1_entry_validate): Conditionalize
unvalidated variables; `setMark', `dontAdvance'.
(gxv_mort_subtable_type1_substTable_validate):
Validate the GID by the min/max GIDs in the validator.
* src/gxvalid/gxvmort2.c
(gxv_mort_subtable_type2_ligActionOffset_validate):
Conditionalize unvalidated variables; `last', `store'.
Checking for overrunning offset is added.
(gxv_mort_subtable_type2_entry_validate):
Conditionalize unvalidated variables; `setComponent',
`dontAdvance'.
(gxv_mort_subtable_type2_ligatureTable_validate):
Check if the GID for ligature does not exceed the
max GID in `maxp' table.
* src/gxvalid/gxvmort5.c
(gxv_mort_subtable_type5_InsertList_validate):
Conditionalize unvalidated loading of `insert_glyphID'
array. (gxv_mort_subtable_type5_entry_validate):
Conditionalize unvalidated variables; `setMark',
`dontAdvance', `currentIsKashidaLike',
`markedIsKashidaLike', `currentInsertBefore',
`markedInsertBefore'.
Alexei Podtelezhnikov