* src/cff/cffparse.c (finalize_t2_strings): Fix NULL-dereferencing
in the out-of-memory situation, use `FT_FREE`.
(cff_parser_run): Use FreeType memory allocation macros and avoid
uninitialized pointers.
Technically, `strtol` can only be used with C strings terminated with
`\0`. CID data is not generally null-terminated and often does not
contain a `\0` if it is hex-encoded. AddressSanitizer with `ASAN_OPTIONS`
containing `strict_string_checks=1` verifies this by using an adversarial
`strtol` that always reads to the terminating `\0`.
To avoid undefined behavior from `strtol` in `cid_parser_new`, use the
parser to parse the tokens instead of attempting to parse them ad-hoc.
This will internally use `PS_Conv_Strtol` to parse the integer, which
respects the parser's limits and directly implements the PostScript
parsing rules for integers.
* src/cid/cidparse.c (cid_parser_new): Use the parser to parse the
tokens.
Fixes: https://bugs.chromium.org/p/chromium/issues/detail?id=1420329
Without this patch, static linking with MS Visual Studio causes linking
errors.
* src/gzip/ftgzip.c: Set `ZEXPORT` to nothing and `ZEXTERN` to static for
all compilers.
TeXLive still supports Solaris 5.10, where the system's `grep` doesn't
accept the `-E` option. We thus introduce an `EGREP` variable that is set
to either `grep -E` or `-egrep`.
This is unnecessary for predefined standard and expert encodings.
Even for custom encodings the arrays might be already zeroed when
CFF_FontRec is created but we keep it just in case.
Also short-circuit on `offset` to avoid checking `count` a second time when
`ft_ansi_stream_io` is used for reading.
Per ISO/IEC 9899:
If an argument to a function has an invalid value (such as a value outside
the domain of the function, or a pointer outside the address space of the
program, or a null pointer, or apointer to non-modifiable storage when the
corresponding parameter is not const-qualified) or a type (after
promotion) not expected by a function with variable number of arguments,
the behavior is undefined. If a function argument is described as being
an array, the pointer actually passed to the function shall have a value
such that all address computations and accesses to objects (that would be
valid if the pointer did point to the first element of such an array) are
in fact valid.
Per IEEE Std 1003.1:
size_t fread(void *restrict ptr, size_t size, size_t nitems,
FILE *restrict stream);
The `fread` function shall read into the array pointed to by `ptr` up to
`nitems` elements whose size is specified by `size` in bytes, from the
stream pointed to by `stream`.
Since the first argument to `fread` is described as being an array, its
behavior is undefined when that argument is a null pointer.
Per the documentation on `ft_ansi_stream_io`:
If `count' is zero (this is, the function is used for seeking), a non-zero
return value indicates an error.
Thus the intent is clear, and the call to `fread` can be skipped, avoiding
undefined behaviour.
* src/base/ftoutln.c (FT_Outline_Reverse, FT_Outline_EmboldenXY,
FT_Outline_Get_Orientation): Set the first and last indexes together.
(FT_Outline_Decompose): Ditto and check them more stringently.
* src/smooth/ftgrays.c (FT_Outline_Decompose)[STANDALONE_]: Ditto.
Remove Infinality as an option before its complete extraction.
* include/freetype/ftoption.h: Remove the Infinality option.
* devel/ftoption.h: Ditto.
* include/freetype/ftdriver.h (TT_INTERPRETER_VERSION_38): Is 40 now.
A cubic contour has to always start from an on-point. Therefore, we
should not swap the first with the last point, which might be off, and
obtain an invalid contour. This does not matter for conic contours.
If anything, it also saves one swap there. Fixes#1207.
The design coordinates for MM fonts were not rounded. For example,
`FT_Get_Var_Design_Coordinates` returned values with fractional part.
* src/type1/t1load.c (mm_axis_unmap): Refactor with rounding.
* include/freetype/ftmm.h (FT_Var_Axis, FT_Set_Var_Design_Coordinates,
FT_Get_Var_Design_Coordinates): Reword documentation.
==========================
Tag sources with `VER-2-13-0'.
* docs/VERSION.TXT: Add entry for version 2.13.
* docs/CHANGES: Updated.
* README, src/base/ftver.rc, builds/windows/vc2010/index.html,
builds/windows/visualc/index.html, builds/windows/visualce/index.html,
builds/wince/vc2005-ce/index.html, builds/wince/vc2008-ce/index.html,
docs/freetype-config.1: s/2.12.1/2.13/, s/2121/2130/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 13.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 25:0:19.
* CMakeLists.txt (VERSION_MINOR): Set to 13.
(VERSION_PATCH): Set to 0.
* src/autofit/ft-hb.c: Decorate with `FT_LOCAL_DEF`.
Add ANSI boilerplate code for otherwise empty file.
* src/autofit/ft-hb.h: Include `compiler-macros.h` and `freetype.h`.
Use `FT_BEGIN_HEADER` and `FT_END_HEADER`.
Decorate with `FT_LOCAL`.
* src/autofit/rules.mk (AUTOF_DRV_SRC): Add `ft-hb.c`.
Modern compilers get more insistent on that...
* include/freetype/internal/compiler-macros.h (FALL_THROUGH): Define.
* src/*: Use it instead of `/* fall through */` comments.
Otherwise we get zillions of clang 15 warnings.
* src/autofit/afcjk.c, src/autofit/afhints.c, src/autofit/aflatin.c,
src/base/ftobjs.c, src/base/ftoutln.c, src/cff/cffparse.c,
src/raster/ftraster.c, src/sfnt/pngshim.c, src/truetype/ttgload.c,
src/truetype/ttgxvar.c, src/truetype/ttobjs.c, src/type1/t1gload.c: Use
`double` cast in debugging and tracing macros.
This is mandated by the C99 standard, and clang 15 produces zillions of
warnings otherwise.
* devel/ftoption.h, include/freetype/config/ftoption.h,
include/freetype/internal/ftmemory.h, src/autofit/afhints.h,
src/autofit/afmodule.c, src/autofit/aftypes.h, src/base/ftadvanc.c,
src/base/ftdbgmem.c, src/base/ftstream.c, src/bdf/bdflib.c,
src/truetype/ttinterp.c: Replace identifiers of the form `_foo` with `foo_`.
Alexei Podtelezhnikov