* src/type1/t1load.c (parse_subrs): Add proper guards for `strncmp'.
* src/psaux/psobjs.c (ps_parser_skip_PS_token): Emit error message
only if cur < limit.
Jump instructions are now bound to the current function. The MS
Windows rasterizer behaves the same, as confirmed by Greg Hitchcock.
* src/truetype/ttinterp.h (TT_CallRec): Add `Cur_End' element.
* src/truetype/ttobjs.h (TT_DefRecord): Add `end' element.
* src/truetype/ttinterp.c (DO_JROT, DO_JMPR, DO_JROF): Check upper
bound of jump address.
(Ins_FDEF, Ins_CALL, Ins_LOOPCALL, Ins_UNKNOWN, TT_RunIns): Updated.
* include/freetype/internal/ftobjs.h (FT_ModuleRec, FT_LibraryRec):
Remove `generic' field since users can't access it.
* src/base/ftobjs.c (FT_Done_GlyphSlot): Call `generic.finalizer' as
advertised in the documentation of FT_Generic.
(Destroy_Module, FT_Done_Library): Updated to changes in `ftobjs.h'.
Patch submitted by anonymous reporter.
* src/gxvalid/gxvcommn.c (gxv_XStateTable_subtable_setup):
gxv_set_length_by_ulong_offset() must be called with 3, not 4,
the number of the subtables in the state tables; classTable,
stateArray, entryTable.
Based on the patch provided by Erik Dahlstrom <ed@opera.com>,
http://lists.gnu.org/archive/html/freetype-devel/2012-01/msg00010.html
Also `raccess_guess_table[]' and `raccess_rule_by_darwin_vfs()'
are renamed with `ft_' suffixes.
* src/base/ftbase.h: `raccess_rule_by_darwin_vfs()' is renamed
to `ft_raccess_rule_by_darwin_vfs()'.
* src/base/ftobjs.c: Ditto.
* src/base/ftrfork.c: Declarations of FT_RFork_Rule,
raccess_guess_rec, are moved to...
* include/freetype/internal/ftrfork.h: Here.
* include/freetype/internal/ftrfork.h:
FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END} macros are defined
to replace raccess_guess_table[] in both of PIC and non-PIC
modes.
* src/base/ftrfork.c: raccess_guess_table[] array is rewritten
by FT_RFORK_RULE_ARRAY_{BEGIN,ENTRY,END}.
* src/base/basepic.h (BasePIC): Add `ft_raccess_guess_table'
storage. (FT_RACCESS_GUESS_TABLE_GET): New macro to retrieve
the function pointer from `ft_raccess_guess_table' storage in
`BasePIC' structure.
* src/base/ftrfork.c (FT_Raccess_Guess): Rewritten with
FT_RACCESS_GUESS_TABLE_GET.
(raccess_get_rule_type_from_rule_index): Add `library' as the
first argument to the function, to retrieve the storage of
`ft_raccess_guess_table' from it. Also `raccess_guess_table'
is replaced by FT_RACCESS_GUESS_TABLE_GET.
(ft_raccess_rule_by_darwin_vfs): Ditto.
* src/autofit/afpic.c: Include "aflatin2.h" when
FT_OPTION_AUTOFIT2 is defined, as afglobal.c does so.
Unconditionally inclusion causes declared but unimplemented
warning by GCC 4.6.
* src/cff/cffpic.c: The declarations of
FT_Init_Class_cff_cmap_encoding_class_rec() and
FT_Init_Class_cff_cmap_unicode_class_rec() are removed.
They can be obtained by the inclusion of cffcmap.h.
cffcmap.h invokes FT_DECLARE_CMAP_CLASS() and it declares
FT_Init_Class_cff_cmap_encoding_class_rec() etc in PIC mode.
Originally FT_DEFINE_{DRIVER,MODULE,RENDERER}() macros were
designed to declare xxx_pic_{free,init} by themselves.
Because these macros are used at the end of the module
interface (e.g. ttdriver.c) and the wrapper source to build
a module as a single object (e.g. truetype.c) includes
the PIC file (e.g. ttpic.c) before the module interface,
these macros are expanded AFTER xxx_pic_{free,init} body
when the modules are built as single object.
The declaration after the implementation causes the redundant
declaration warnings, so the declarations are moved to module
PIC headers (e.g. ttpic.h). Separating to other header files
are needed for multi build.
* include/freetype/internal/ftdriver.h (FT_DEFINE_DRIVER):
Remove class_##_pic_free and class_##_pic_init declarations.
* include/freetype/internal/ftobjs.h (FT_DEFINE_RENDERER,
FT_DEFINE_MODULE): Ditto.
* src/base/basepic.h: Insert a comment and fix coding style.
* src/autofit/afpic.h: Declare autofit_module_class_pic_{free,
init}.
* src/cff/cffpic.h: Declare cff_driver_class_pic_{free,init}.
* src/pshinter/pshpic.h: Declare pshinter_module_class_pic_{free,
init}.
* src/psnames/pspic.h: Declare psnames_module_class_pic_{free,
init}.
* src/raster/rastpic.h: Declare
ft_raster{1,5}_renderer_class_pic_{free,init}
* src/sfnt/sfntpic.h: Declare sfnt_module_class_pic_{free,init}.
* src/smooth/ftspic.h: Declare
ft_smooth_{,lcd_,lcdv_}renderer_class_pic_{free,init}.
* src/truetype/ttpic.h: Declare tt_driver_class_pic_{free,init}.
* src/base/ftglyph.c (FT_Glyph_To_Bitmap): `glyph' must be
set before derefering to obtain `library'. The initialization
of `clazz', `glyph', `library' and NULL pointer check are
reordered to minimize PIC conditonals.
* src/base/ftinit.c (FT_Add_Default_Modules): Under PIC
configuration, FT_DEFAULT_MODULES_GET returns
FT_Module_Class** pointer, GCC 4.6 warns that
const FT_Module_Class* const* variable is warned as
inappropriate to store it. To calm it, explicit cast is
inserted. Also `library' is checked to prevent the NULL
pointer dereference in FT_DEFAULT_MODULES_GET.
Under PIC configuration, FT_{CFF,PSCMAPS,SFNT,TT}_SERVICES_GET
take no arguments but derefer the variable named `library'
internally.
* src/cff/cffdrivr.c (cff_get_interface): Declare `library' and
set it if non-NULL driver is passed.
* src/truetype/ttdriver.c (tt_get_interface): Ditto.
* src/sfnt/sfdriver.c (sfnt_get_interface): Declare `library'
under PIC configuration, and set it if non-NULL module is given.
* src/psnames/psmodule.c (psnames_get_interface): Ditto.
error codes with per-module prefix.
* src/autofit/afpic.c: Include `aferrors.h'.
* src/cff/cffpic.c: Include `cfferrs.h'.
* src/pshinter/pshpic.c: Include `pshnterr.h'.
* src/raster/rastpic.c: Include `rasterrs.h'.
* src/sfnt/sfntpic.c: Include `sferrors.h'.
* src/smooth/ftspic.c: Include `ftsmerrs.h'.
* src/truetype/ttpic.c: Include `tterrors.h'.
Originally FT_MACINTOSH was a pure auto macro and DARWIN_NO_CARBON
was a configurable macro to disable Carbon-dependent code. Because
now configure script sets DARWIN_NO_CARBON by default and disables
Darwin & Carbon-dependent codes, these macros can be unified.
FT_MACINTOSH (undefined by default) is kept and DARWIN_NO_CARBON
(defined by default) is removed, because DARWIN_NO_CARBON violates
FT_XXX naming convention of public macros, and a macro configured by
default is not portable for the building without configure (e.g.
make devel).
* builds/unix/configure.raw: Define FT_MACINTOSH if Carbon-based
old Mac font support is requested and Carbon is available.
* builds/unix/ftconfig.in: Undefine FT_MACINTOSH when the support
for Mac OS X without Carbon (e.g. Mac OS X 10.4 for ppc64) is
requested.
* include/freetype/config/ftconfig.in: Ditto.
* builds/vms/ftconfig.h: Ditto.
* src/base/ftbase.h: Remove DARWIN_NO_CARBON.
* src/base/ftbase.c: Ditto.
* src/base/ftobjs.c: Ditto.
* src/base/ftrfork.c: Ditto.
* src/base/ftmac.c: Compile the body if FT_MACINTOSH is defined
(same with TT_USE_BYTECODE_INTERPRETER in ttinterp.c).
* builds/mac/ftmac.c: Ditto.
* builds/mac/FreeType.m68k_cfm.make.txt: Define FT_MACINTOSH.
* builds/mac/FreeType.m68k_far.make.txt: Ditto.
* builds/mac/FreeType.ppc_classic.make.txt: Ditto.
* builds/mac/FreeType.ppc_carbon.make.txt: Ditto.
* builds/toplevel.mk: Check `/dev/null' to identify the Unix-
like systems without `init' nor `hurd' (e.g. Mac OS X >= 10.4).
* builds/unix/detect.mk: Ditto.
* src/tools/apinames.c (names_add): Change the type of `h' from
int to unsigned int, to prevent undefined behaviour in the
overflow of signed integers (overflow of unsigned int is defined
to be wrap around). Found by clang test suggested by Sean
McBride.
ENCODING now covers the whole Unicode range.
Note, however, that this change is quite expensive since it
increases the size of three arrays by almost 400kByte in total. The
right fix is to replace the logic with something smarter.
Additionally, there exist very old BDFs for three-byte CCCII
encoding which exceeds the range of Unicode (another reason to have
a smarter logic).
* src/bdf/bdf.h (bdf_font_t): Increase size of `nmod' and `umod'
arrays.
* src/bdf/bdflib.c (bdf_parse_t): Increase size of `have' array.
Previously, FreeType misleadingly returned
FT_Err_Unknown_File_Format if a module was missing (or a test was
missing completely).
* include/freetype/fterrdef.h (FT_Err_Missing_Module): Define.
* src/cff/cffobjs.c (cff_face_init), src/cid/cidobjs.c
(cid_face_init), src/sfnt/sfobjs.c (sfnt_init_face),
src/truetype/ttobjs.c (tt_face_init), src/type1/t1objs.c
(T1_Face_Init), src/type42/t42objs.c (T42_Face_Init,
T42_Driver_Init): Updated.
* src/type1/t1afm.c (T1_Read_Metrics), src/type/t1objs.c
(T1_Face_Init), src/type42/t42objs.c (T42_Face_Init): Remove now
redundant test for `psaux'.
This allows a Type 1 font face to be interrogated to retrieve most
of the dictionary keys (keys not relevant to FreeType's Type 1
interpreter are not available).
* include/freetype/internal/services/svpsinfo.h
(PS_GetFontValueFunc): New typedef.
(PSInfo): Add `ps_get_font_value'.
(FT_DEFINE_SERVICE_PSINFOREC): Updated.
* include/freetype/internal/t1types.h (T1_EncodingType): Moved to...
* include/freetype/t1tables.h: Here.
(PS_Dict_Keys): New enumeration.
(FT_Get_PS_Font_Value): New declaration.
* src/base/fttype1.c (FT_Get_PS_Font_Value): New function.
* src/type1/t1driver.c (t1_ps_get_font_value): This new function
does the real job.
(t1_service_ps_info): Add it.
* src/cff/cffdrivr.c (cff_service_ps_info), src/cid/cidriver.c
(cid_service_ps_info), src/type42/t42drivr.c (t42_service_ps_info):
Updated.
* src/cid/cidload.c (cid_load_keyword) <default>,
(parse_font_matrix, parse_expansion_factor): Correctly check number
of dictionaries.
(cid_read_subrs): Protect against invalid values of `num_subrs'.
Assure that the elements of the `offsets' array are ascending.
* src/base/ftbase.h (raccess_rule_by_darwin_vfs): Do not declare
it on native Mac OS X.
* src/base/ftrfork.c (raccess_get_rule_type_from_rule_index):
Hide raccess_get_rule_type_from_rule_index() on native Mac OS X
too.
* include/freetype/config/ftstdlib.h (FT_USHORT_MAX): New macro.
* src/base/ftbitmap.c (FT_Bitmap_Convert): Protect against invalid
value of `target->rows'.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Add check for
flex start.
* src/raster/ftrend1.c (ft_raster1_render): Check `width' and
`height'.
* src/truetype/ttgxvar.c (TT_Vary_Get_Glyph_Deltas): Protect against
invalid values in `localpoints' array.
Problem reported by Nicolas Rougier <Nicolas.Rougier@inria.fr>.
* src/tools/glnames.py (adobe_glyph_list): Add data from AGL's
`zapfdingbats.txt' file.
* src/psnames/pstables.h: Regenerated.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_CODE>:
Ensure that subsequent (modulo garbage byte(s)) LZW_CLEAR codes are
handled as clear codes. This also re-sets old_code and old_char to
predictable values, which is a little better than using `random'
ones if the code following LZW_CLEAR is invalid.
Stack larger than 1<<LZW_MAX_BITS is never needed if prefix table is
constructed correctly. It's even less than that, see e.g.
libarchive code comment for a better size upper bound:
http://code.google.com/p/libarchive/source/browse/trunk/libarchive/archive_read_support_filter_compress.c?r=3635#121
This patch adds explicit stack size limit, enforced when stack is
realloced.
An alternative is to ensure that code < state->prefix[code - 256]
when traversing prefix table. Such check is less efficient and
should not be required if prefix table is constructed correctly in
the first place.
* src/lzw/ftzopen.c (ft_lzwstate_stack_grow): Implement it.
LZW decompressor did not sufficiently check codes read from the
input LZW stream. A specially-crafted or corrupted input could
create a loop in the prefix table, which leads to memory usage
spikes, as there's no decompression stack size limit.
* src/lzw/ftzopen.c (ft_lzwstate_io) <FT_LZW_PHASE_START>: First
code in valid LZW stream must be 0..255.
<FT_LZW_PHASE_CODE>: In the special KwKwK case, code == free_ent,
code > free_ent is invalid.
* src/cff/cfftypes.h (CFF_FontRecDictRec): New member
`has_font_matrix'.
* src/cff/cffparse.c (cff_parse_font_matrix): Set it.
Update tracing output.
* src/cff/cffobjs.c (cff_face_init): Use it so that the heuristics
can be removed.
Found with font fuzzying.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
`decoder->buildchar'.
* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
When shifting right a signed value, it is not defined by the
C standard whether one gets a sign extension or not. Use a macro to
do an explicit cast from a signed short (assuming that this is
16bit) to an int.
* src/psaux/t1decode.c (Fix2Int): New macro.
Use it where appropriate.
We want to unset FT_FACE_FLAG_SCALABLE only if there are bitmap
strikes in the font.
* src/truetype/ttobjs.c (tt_face_init): Implement it.
* docs/CHANGES: Updated.
The main problems
-----------------
o If FT_STROKER_LINEJOIN_BEVEL was specified, unlimited miter
joins (not bevel joins) were generated. Indeed, the meanings of
`miter' and `bevel' were incorrectly reversed (consistently) in
both the code and comments.
o The way bevel joins were constructed (whether specified
explicitly, or created as a result of exceeding the miter limit)
did not match what is required for stroked text in PostScript or
PDF.
The main fixes
--------------
o The behaviour of FT_STROKER_LINEJOIN_BEVEL has been corrected.
o A new line join style, FT_STROKER_LINEJOIN_MITER_FIXED, has been
introduced to support PostScript and PDF miter joins.
o FT_STROKER_LINEJOIN_MITER_VARIABLE has been introduced as an
alias for FT_STROKER_LINEJOIN_MITER.
Additionally, a variety of stroking errors have been fixed. These
would cause various artifacts (including points `at infinity'),
especially when stroking poor quality fonts.
See
http://lists.gnu.org/archive/html/freetype-devel/2011-07/msg00001.html
for example documents. The FreeType stroker now produces results
very similar to that produced by GhostScript and Distiller for these
fonts.
Other problems
--------------
The following problems have been resolved:
o Inside corners could be generated incorrectly. Intersecting the
inside corner could cause a missing triangular area and other
effects.
The intersection point can only be used if the join is between
two lines and both lines are long enough. The `optimization'
condition in `ft_stroker_inside' has been corrected; this
requires the line length to be passed into various functions and
stored in `FT_StrokerRec'.
o Incorrect cubic curves could be generated. The angle
calculations in `FT_Stroker_CubicTo' have been corrected to
handle the case of the curve crossing the +/-PI direction.
o If the border radius was greater than the radius of curvature of
a curve, then the negative sector would end up outside (not
inside) the border. This situation is now recognized and the
negative sector is circumnavigated in the opposite direction.
(If round line joins are being used, this code is disabled
because the line join will always cover the negative sector.)
o When a curve is split, the arcs may not join smoothly (especially
if the curve turns sharply back on itself). Changes in
direction between adjacent arcs were not handled. A round
corner is now added if the deviation from one arc to the next is
greater than a suitable threshold.
o The current direction wasn't retained if a the outline contained
a zero length lineto or a curve that was determined to be
`basically a point'. This could cause a spurious join to be
added.
o Cubics with close control points could be mishandled. All eight
cases are now distinguished correctly.
Other improvements
------------------
o Borders for cubic curves could be too `flat'.
FT_SMALL_CUBIC_THRESHOLD has been reduced a little to prevent
this.
o The handling and use of movable points has been simplified a
little.
o Various values are now computed only if the results are actually
needed.
o The directions of the outer and inner borders have been swapped,
as recommended by Graham Asher.
* src/base/ftstroke.c: Revised.
* include/freetype/ftstroke.h: Updated.