src/base/ftmac.c, src/base/ftrfork.c, src/lzw/ftzopen.c,
src/raster/ftrend1.c, src/sfnt/ttpost.c, src/truetype/ttgxvar.c,
src/type42/t42parse.c, src/winfonts/winfnt.c: hardening the code
against out-of-bounds conditions when allocating arrays. This is
for the cases where FT_NEW_ARRAY and FT_RENEW_ARRAY are not used
already. Introducing the new FT_ALLOC_MULT and FT_REALLOC_MULT
macros.
include/freetype/internal/ftmemory.h, src/base/ftdbgmem.c,
src/base/ftutil.c: udpating the memory management functions and
macros to safely deal with array size buffer overflows, this
corresponds to attemps to allocate arrays that are too large. For
an example, consider the following code:
count = read_uint32_from_file();
array = malloc( sizeof(Item) * count );
for ( nn = 0; nn < count; nn++ )
array[nn] = read_item_from_file();
if 'count' is larger than FT_UINT_MAX/sizeof(Item), the multiplication
will overflow and the array allocated will be smaller than the data
read from the file. In this case, the heap will be trashed, and this
can be used as a denial-of-service, or make the engine crash later.
the FT_ARRAY_NEW and FT_ARRAY_RENEW macro now check that the new
count is no more than FT_INT_MAX/item_size, otherwise, a new error,
named 'FT_Err_Array_Too_Large' will be returned.
note that the memory debugger now works again when FT_DEBUG_MEMORY
is defined, and FT_STRICT_ALIASING has disappeared, the corresponding
code being now the default.
msn2@bidyut.com.
* include/freetype/config/ftstdlib.h (FT_CHAR_BIT, FT_FILE,
ft_fopen, ft_fclose, ft_fseek, ft_ftell, ft_fread, ft_smalloc,
ft_scalloc, ft_srealloc, ft_sfree, ft_labs): New wrapper macros for
C library functions. Update all users accordingly (and catch some
other places where the C library function was used instead of the
wrapper functions).
* src/base/ftsystem.c: Don't include stdio.h and stdlib.h.
* src/gzip/zutil.h [MSDOS && !(__TURBOC__ || __BORLANDC__)]: Don't
include malloc.h.
include/freetype/cache/ftccmap.h,
include/freetype/cache/ftcglyph.h
include/freetype/cache/ftcimage.h
include/freetype/cache/ftcmanag.h
include/freetype/cache/ftcmru.h
include/freetype/cache/ftcsbits.h:
removing these header files from the public include directory.
* include/freetype/config/ftheader.h:
changing the definition of FT_CACHE_INTERNAL_XXX_H macros to
redirect to FT_CACHE_H instead
* src/cache/ftcbasic.c, src/cache/ftccache.c, src/cache/ftccache.h,
src/cache/ftccback.h, src/cache/ftccmap.c, src/cache/ftcglyph.c,
src/cache/ftcglyph.h, src/cache/ftcimage.c, src/cache/ftcimage.h,
src/cache/ftcmanag.c, src/cache/ftcmanag.h, src/cache/ftcmru.c,
src/cache/ftcmru.h, src/cache/ftcsbits.c, src/cache/ftcsbits.h:
modifications to prevent using the FT_CACHE_INTERNAL_XXX_H macros,
and grab the headers in 'src/cache' instead (see below).
src/base/ftobjs.c, src/base/ftutil.c, src/cff/cffobjs.c,
src/psaux/afmparse.c, src/sfnt/ttbdf.c, src/tools/apinames.c,
src/truetype/ttdriver.c:
solved compiler warnings as well as C++ compilation problems
documentation.
* include/freetype/ftsynth.h (FT_GlyphSlot_Own_Bitmap),
src/base/ftsynth.c (FT_GlyphSlot_Own_Bitmap): New function to make
sure a glyph slot owns its bitmap. It is also marked experimental and
due to change.
(FT_GlyphSlot_Embolden): Undo the last change. It turns out rendering
the outline confuses some applications.
`width' and `height' to `FT_Long'.
(enum FT_Size_Request_Type), src/base/ftobjs.c (FT_Request_Metrics):
New request type `FT_SIZE_REQUEST_TYPE_SCALES' to specify the scales
directly.
`FT_ORIENTATION_NONE'.
* src/base/ftoutln.c (FT_OUTLINE_GET_CONTOUR, ft_contour_has,
ft_contour_enclosed, ft_outline_get_orientation): Another version of
`FT_Outline_Get_Orientation'. This version differs from the public
one in that each part (contour not enclosed in another contour) of the
outline is checked for orientation.
(FT_Outline_Embolden): Use `ft_outline_get_orientation'.
* src/base/ftsynth.c (FT_GlyphSlot_Embolden): Render the outline and
use bitmap's embolden routine when the outline one failed.
include/internal/services/svtteng.h, src/base/ftobjs.c,
src/truetype/ttdriver.c:
adding a new API named FT_Get_TrueType_Engine_Type to determine
wether we have a patented, unpatented or unimplemented TrueType
bytecode interpreter.
the FT_Get_Module_Flags API was removed consequently.
src/sfnt/ttsbit.h, src/sfnt/ttsbit.c: moving the definition
of 'set_sbit_strike' and 'load_sbit_metrics' to their 2.1.8
location. This is used to support binary compatibility with
the X.Org server's libXfont library.
note that this disables memory optimizations for the embedded
bitmap loader.Sigh....
anymore, this is used to ensure that all FT_BASE internal
functions are available for dynamic linking
* include/freetype/ftcache.h, src/cache/ftcbasic.c,
src/cache/ftccmap.c: try to revive old functions of the
cache sub-system. We also try to support FTC_ImageCache_Lookup
and FTC_ImageCache_SBit with legacy signatures through a gross
hack (hope it works)
unused `max_points' and `max_contours'.
* src/cid/cidobjs.c (cid_face_init), src/type1/t1objs.c
(T1_Face_Init), src/type42/t42objs.c (T42_Face_Init): Update.
* include/freetype/internal/tttypes.h (TT_FaceRec): Remove unused
`max_components'.
* src/truetype/ttinterp.h (TT_ExecContextRec): Remove unused
`loadSize' and `loadStack'.
* src/truetype/ttinterp.c (TT_Done_Context, TT_Load_Context),
src/sfnt/ttload.c (tt_face_load_maxp): Update.
* src/cff/cffobjs.h (cff_size_select), src/sfnt/sfdriver.c
(sfnt_interface), src/truetype/ttdriver.c (tt_size_request): Fix
compiler errors/warnings when TT_CONFIG_OPTION_EMBEDDED_BITMAPS is not
defined.
* src/sfnt/ttmtx.c (tt_face_load_hmtx, tt_face_get_metrics): Fix
possible segment faults for the non-FT_OPTIMIZE_MEMORY'ed versions.
(finally!)
For most OpenType tables, `tt_face_load_xxxx' simply loads the table
and `face->root' is set later in `sfnt_load_face'. Here, we try to
make this work for _all_ tables.
* src/sfnt/ttsbit.c, src/sfnt/ttsbit0.c, src/sfnt/ttload.c,
src/sfnt/ttmtx.c: all `tt_face_load_xxxx' should load the table and
then exit. Error handling or setting face->root is done later in
`sfnt_load_face'.
Pretty trace messages.
* src/sfnt/sfobjs.c (sfnt_load_face): Work harder.
Mac bitmap-only fonts are not scalable.
Check that `face->header.Units_Per_EM' is not zero.
(LOAD_, LOADM_): Pretty trace messages.
* src/sfnt/ttsbit0.c (tt_face_load_strike_metrics): Read metrics from
`eblc'.
* src/sfnt/ttcmap.c (tt_face_build_cmaps), src/sfnt/ttpost.c
(load_format_20, load_format_25, tt_face_get_ps_name): Use
face->max_profile.numGlyphs, instead of face->root.num_glyphs.
documentation that negative strength values are possible.
Give an example call.
* include/freetype/freetype.h (FT_GlyphSlotRec): Improve
documentation of `outline' field.
* src/sfnt/sfobjc.s: Inckude FT_INTERNAL_DEBUG_H.
* src/sfnt/sfdriver.c: Include ttmtx.h.
* src/autofit/afcjk.c: Include aftypes.h and aflatin.h.
directory (offset table and table directory) as a normal table like
the others. This also means that TTC is no longer recognized there,
but in `init_face'.
* include/freetype/internal/sfnt.h (SFNT_Interface),
src/sfnt/sfdriver.c: `load_sfnt_header' and `load_directory' are
combined and renamed to `load_font_dir'.
* src/sfnt/ttload.h, src/sfnt/ttload.c:
s/sfnt_dir_check/check_table_dir/.
`sfnt_init' is moved to sfobjs.c and renamed to `sfnt_open_font'.
`tt_face_load_sfnt_header' and `tt_face_load_directory' are combined
and renamed to `tt_face_load_font_dir'.
* src/sfnt/sfobjs.c (sfnt_init_face): Recognize TTC here.
after the tables' tags; `hdmx' is TrueType-specific and thus the code
is moved to the truetype module; `get_metrics' is moved here from the
truetype module so that the code can be shared with the cff module.
This pass involves no real changes. That is, the code is moved
verbatim mostly. The only exception is the return value of
`tt_face_get_metrics'.
* include/freetype/internal/sfnt.h, src/sfnt/rules.mk,
src/sfnt/sfdriver.c, src/sfnt/sfnt.c, src/sfnt/sfobjs.c,
src/sfnt/ttload.c, src/sfnt/ttload.h, src/sfnt/ttsbit.c,
src/sfnt/ttsbit.h, src/sfnt/ttsbit0.c: Clean up the SFNT_Interface.
* src/sfnt/ttmtx.c, src/sfnt/ttmtx.h: Metrics-related tables' loading
and parsing code is moved here.
Move `tt_face_get_metrics' here from the truetype module. The return
value is changed from `void' to `FT_Error'.
* include/freetype/internal/fttrace.h: New trace: ttmtx.
* src/truetype/ttpload.c, src/truetype/ttpload.h: `hdmx' loading and
parsing code is moved here.
New function `tt_face_load_prep' splitted from `tt_face_load_fpgm'.
`tt_face_load_fpgm' returns `FT_Err_Ok' if `fpgm' doesn't exist.
* src/cff/cffgload.c, src/cff/cffobjs.c: Update.
* src/truetype/ttgload.c, src/truetype/ttobjs.c: Update.
to enable autofit CJK script support. (#define'd by default)
* src/autofit/aflatin.h (AF_LATIN_CONSTANT): New macro.
* src/autofit/aflatin.c (af_latin_metrics_init_widths): Make sure that
`edge_distance_threshold' is always set.
(af_latin_hints_link_segments): Potential divide by 0 bug.
Use latin constant in the scoring formula.
* src/autofit/afcjk.c: Minor updates due to the above three changes.
* docs/TODO, docs/CHANGES: Updated.