See Savannah bug #30975.
* src/cff/cffload.c (cff_index_access_element): `off2', the
offset to the next element is truncated at the end of the
stream to prevent invalid I/O. As `off1', the offset to the
requested element has been checked by FT_STREAM_SEEK(),
`off2' should be checked similarly.
See Savannah bug #30975.
* src/cff/cffload.c (cff_charset_compute_cids): Ignore CID if
greater than 0xFFFFU. CFF font spec does not mention about
maximum CID in the font, but PostScript and PDF spec define
that maximum CID is 0xFFFFU.
See Savannah bug #30975.
* src/cff/cffload.c (cff_charset_compute_cids): Don't increment
max_cid after detecting max CID. The array CFF_Charset->cids
is allocated by max_cid + 1.
(cff_charset_cid_to_gindex): Permit CID is less than or equal
to CFF_Charset->max_cid.
* src/cff/cffobjs.c (cff_face_init): FT_Face->num_glyphs is
calculated as CFF_Charset->max_cid + 1.
* src/truetype/ttpload.c (tt_face_get_location): If `pos1', the
offset to the requested entry in `glyf' exceeds the end of the
table, return offset=0, length=0. If `pos2', the offset to the
next entry in `glyf' exceeds the end of the table, truncate
the entry length at the end of `glyf' table.
See Savannah bug #31040.
* src/sfnt/ttpost.c (load_post_names): Get the length of
`post' table and pass the limit of `post' table to
load_format_20() and load_format_25().
(load_format_20): Stop the parsing when we reached at the
limit of `post' table. If more glyph names are required,
they are filled by NULL names. See Savannah bug #31040.
* src/truetype/ttinterp.c (free_buffer_in_size): Don't duplicate
FT_GlyphZoneRec size->twilight to be freed. If duplicated,
FT_FREE() erases the duplicated pointers only and leave original
pointers. They can cause the double-free crash when the burst
errors occur in TrueType interpreter and free_buffer_in_size()
is invoked repeatedly. See Savannah bug #31040 for detail.
Patch is suggested by Adrian Bunk, to prevent unexpected
reflection of environmental LIBTOOL. See:
http://savannah.nongnu.org/patch/?7290
* builds/unix/unix-cc.in: LIBTOOL is unconditionally set to
$(FT_LIBTOOL_DIR)/libtool. FT_LIBTOOL_DIR is set to $(BUILD_DIR)
by default.
* configure: When configured for the building out of source tee,
FT_LIBTOOL_DIR is set to $(OBJ_DIR).
* src/truetype/ttinterp.c (TT_RunIns): Decrease the trace level
showing the error when the interpreter returns with an error,
from FT_TRACE7() to FT_TRACE1().
* src/truetype/ttinterp.c (free_buffer_in_size): New function to
free the buffer allocated during the interpretation of this glyph.
(TT_RunIns): Unset FT_Face->size->{cvt_ready,bytecode_ready} if
an error occurs in the bytecode interpretation. The interpretation
of invalid bytecode may break the function definitions and referring
them in later interpretation is danger. By unsetting these flags,
`fpgm' and `prep' tables are executed again in next interpretation.
Fix Savannah bug #30798, reported by Robert Swiecki.
* src/cff/cffload.c (cff_charset_load): Fix change from 2009-03-20:
The threshold for SIDs is not applicable here. I misinterpreted the
`SID values 65000 and above are available for implementation use'
sentence in the CFF specification.
Problem reported by Ivan Ninčić <inincic@pdftron.com>.
=========================
Tag sources with `VER-2-4-2'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.4.2
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.4.1/2.4.2/, s/241/242/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 2.
* builds/unix/configure.raw (version_info): Set to 12:0:6.
* src/base/ftobjs.c (FT_Done_Library): Specify the order of font
drivers in face closing process. Type42 faces should be closed
before TrueType faces, because a Type42 face refers another
internal TrueType face which is created from sfnt[] array on the
memory.
* src/truetype/ttinterp.c (BOUNDSL): New macro.
Change `BOUNDS' to `BOUNDSL' where appropriate.
* src/truetype/ttinterp.h (TT_ExecContextRec): Fix type of
`cvtSize'.
=========================
Tag sources with `VER-2-4-1'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.4.1.
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.4.0/2.4.1/, s/240/241/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 11:1:5.
Problem reported by Tobias Wolf <towolf@gmail.com>.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Sigh. I'm apparently too silly to fix this
correctly in less than three tries.
=========================
Tag sources with `VER-2-4-0'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.4.0.
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.3.12/2.4.0/, s/2312/240/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 4.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 11:0:5.
Permit a face for Type1, Type42 and CFF without charmap,
patch by Tor Andersson.
* src/type1/t1objs.c (T1_Face_Init): Reset the error if it
is FT_Err_No_Unicode_Glyph_Name.
* src/type42/t42objs.c (T42_Face_Init): Ditto.
* src/cff/cffobjs.c (cff_face_init): Ditto.
Too serious check of errors by `FT_CMap_New' since 2010-07-04
is fixed. Reported by Tor Andersson.
* include/freetype/fterrdef.h
(PSnames_Err_No_Unicode_Glyph_Name): New error code to
indicate the Unicode charmap synthesis failed because
no Unicode glyph name is found.
* src/psnames/psmodule.c (ps_unicodes_init): Return
PSnames_Err_No_Unicode_Glyph_Name when no Unicode glyph name
is found in the font.
* src/cff/cffcmap.c (cff_cmap_unicode_init): Return
CFF_Err_No_Unicode_Glyph_Name when no SID is available.
* src/type1/t1objs.c (T1_Face_Init): Proceed if `FT_CMap_New'
is failed by the lack of Unicode glyph name.
* src/type42/t42objs.c (T42_Face_Init): Ditto.
* src/cff/cffobjs.c (cff_face_init): Ditto.
Problem reported by malc <av1474@comtv.ru>.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: It is possible that there is just a single byte
after the `hintmask' or `cntrmask', e.g., a `return' instruction.