These tests should mainly help avoid unnecessarily large memory
allocations in case of malformed fonts.
* src/truetype/ttgxvar.c (ft_var_readpackedpoints,
ft_var_readpackeddeltas): Check number of points against stream
size.
(ft_var_load_avar): Check `pairCount' against table length.
(ft_var_load_gvar): Check `globalCoordCount' and `glyphCount'
against table length.
(tt_face_vary_cvt): Check `tupleCount' and `offsetToData'.
Fix trace.
(TT_Vary_Apply_Glyph_Deltas): Fix trace.
Free `sharedpoints' to avoid memory leak.
This implementation renders the entire line segment at once without
subdividing it into scanlines. The main speed improvement comes from
reducing the number of divisions to just two per line segment, which
is a bare minimum to calculate cell coverage in a smooth rasterizer.
Notably, the progression from cell to cell does not itself require any
divisions at all. The speed improvement is more noticeable at larger
sizes.
* src/smooth/ftgrays.c (gray_render_line): New implementation.
=========================
Tag sources with `VER-2-6-1'.
* docs/VERSION.DLL: Update documentation and bump version number to
2.6.1.
* README, Jamfile (RefDoc), builds/windows/vc2005/freetype.vcproj,
builds/windows/vc2005/index.html,
builds/windows/vc2008/freetype.vcproj,
builds/windows/vc2008/index.html,
builds/windows/vc2010/freetype.vcxproj,
builds/windows/vc2010/index.html,
builds/windows/visualc/freetype.dsp,
builds/windows/visualc/freetype.vcproj,
builds/windows/visualc/index.html,
builds/windows/visualce/freetype.dsp,
builds/windows/visualce/freetype.vcproj,
builds/windows/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.6/2.6.1/, s/26/261/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 18:1:12.
* CMakeLists.txt (VERSION_PATCH): Set to 1.
* src/autofit/afmodule.c [AF_DEBUG_AUTOFIT]: Ensure C linking for
dumping functions.
* src/bzip2/ftbzip2.c (ft_bzip2_file_fill_input), src/gzip/ftgzip.c
(ft_gzip_file_fill_input): In case of an error, adjust the limit to
avoid copying uninitialized memory.
* src/bzip2/ftbzip2.c (ft_bzip2_file_fill_output), src/gzip/ftgzip.c
(ft_gzip_file_fill_output): In case of an error, adjust the limit to
avoid copying uninitialized memory.
* src/sfnt/ttcmap.c (tt_cmap4_char_map_linear): Add code to better
skip invalid segments.
If searching the next character, provide a more efficient logic to
speed up the code.
Thanks to Danh Hong <danhhong@gmail.com> for guidance with blue zone
characters!
* src/autofit/afblue.dat: Add blue zone data for Lao.
* src/autofit/afblue.c, src/autofit/afblue.h: Regenerated.
* src/autofit/afscript.h: Add Lao standard characters.
* src/autofit/afranges.c: Add Lao data.
* src/autofit/afstyles.h: Add Lao data.
open_face_from_buffer() frees passed buffer if valid font
is not found. But if copying to the buffer is failed,
the allocated buffer should be freed within the caller.
* src/base/ftobjs.c (open_face_PS_from_sfnt_stream): Free
the buffer `sfnt_ps' if an error caused before calling
open_face_from_buffer().
(Mac_Read_sfnt_Resource): Free the buffer `sfnt_data' if
an error caused before calling open_face_from_buffer();
Suggested by Hin-Tak Leung.
* src/bzip2/ftbzip2.c (ft_bzip2_stream_io), src/gzip/ftgzip.c
(ft_gzip_stream_io), src/lzw/ftlzw.c (ft_lzw_stream_io): Do it.
While the current code in `FT_Get_Next_Char' correctly rejects
out-of-bounds glyph indices, it can be extremely slow for malformed
cmaps that use 32bit values. This commit tries to improve that.
* src/sfnt/ttcmap.c (tt_cmap8_char_next, tt_cmap12_next,
tt_cmap12_char_map_binary, tt_cmap13_next,
tt_cmap13_char_map_binary): Reject glyph indices larger than or
equal to the number of glyphs.
* src/base/ftobjs.c (FT_Get_Char_Index): Don't return out-of-bounds
glyph indices.
(FT_Get_First_Char): Updated.
* src/sfnt/ttcmap.c (tt_cmap6_char_next): Don't return character
codes greater than 0xFFFF.
(tt_cmap8_char_index): Avoid integer overflow in computation of
glyph index.
(tt_cmap8_char_next): Avoid integer overflows in computation of
both next character code and glyph index.
(tt_cmap10_char_index): Fix unsigned integer logic.
(tt_cmap10_char_next): Avoid integer overflow in computation of
next character code.
(tt_cmap12_next): Avoid integer overflows in computation of both
next character code and glyph index.
(tt_cmap12_char_map_binary): Ditto.
(tt_cmap12_char_next): Simplify.
(tt_cmap13_char_map_binary): Avoid integer overflow in computation
of next character code.
(tt_cmap13_char_next): Simplify.
* src/base/ftbase.h (FT_MAC_RFORK_MAX_LEN): Maximum length
of the resource fork for Mac OS. The resource fork larger
than 16 MB can be written but could not be handled
correctly, at least in Carbon routine.
See https://support.microsoft.com/en-us/kb/130437
* src/base/ftobjs.c (Mac_Read_POST_Resource): No need `0x'
for `%p' formatter.
* src/base/ftbase.c (Mac_Read_POST_Resource): Check the
fragment and total size of the concatenated POST resource
before buffer allocation.
(Mac_Read_sfnt_Resource): Check the declared size of
sfnt resource before buffer allocation.
* src/base/ftmac.c (read_lwfn, FT_New_Face_From_SFNT):
Check the total resource size before buffer allocation.
This patch fixes weaknesses in function `tt_face_load_font_dir'.
- It incorrectly assumed that valid tables are always at the
beginning. As a consequence, some valid tables after invalid
entries (which are ignored) were never seen.
- Duplicate table entries (this is, having the same tag) were not
rejected.
- The number of valid tables was sometimes too large, leading to
access of invalid tables.
* src/sfnt/ttload.c (check_table_dir): Add argument to return number
of valid tables.
Add another tracing message.
(tt_face_load_font_dir): Only allocate table array for valid
entries as returned by `check_table_dir'.
Reject duplicate tables and adjust number of valid tables
accordingly.
Werner Lemberg