* src/truetype/ttinterp.c (free_buffer_in_size): Don't duplicate
FT_GlyphZoneRec size->twilight to be freed. If duplicated,
FT_FREE() erases the duplicated pointers only and leave original
pointers. They can cause the double-free crash when the burst
errors occur in TrueType interpreter and free_buffer_in_size()
is invoked repeatedly. See Savannah bug #31040 for detail.
Patch is suggested by Adrian Bunk, to prevent unexpected
reflection of environmental LIBTOOL. See:
http://savannah.nongnu.org/patch/?7290
* builds/unix/unix-cc.in: LIBTOOL is unconditionally set to
$(FT_LIBTOOL_DIR)/libtool. FT_LIBTOOL_DIR is set to $(BUILD_DIR)
by default.
* configure: When configured for the building out of source tee,
FT_LIBTOOL_DIR is set to $(OBJ_DIR).
* src/truetype/ttinterp.c (TT_RunIns): Decrease the trace level
showing the error when the interpreter returns with an error,
from FT_TRACE7() to FT_TRACE1().
* src/truetype/ttinterp.c (free_buffer_in_size): New function to
free the buffer allocated during the interpretation of this glyph.
(TT_RunIns): Unset FT_Face->size->{cvt_ready,bytecode_ready} if
an error occurs in the bytecode interpretation. The interpretation
of invalid bytecode may break the function definitions and referring
them in later interpretation is danger. By unsetting these flags,
`fpgm' and `prep' tables are executed again in next interpretation.
Fix Savannah bug #30798, reported by Robert Swiecki.
* src/cff/cffload.c (cff_charset_load): Fix change from 2009-03-20:
The threshold for SIDs is not applicable here. I misinterpreted the
`SID values 65000 and above are available for implementation use'
sentence in the CFF specification.
Problem reported by Ivan Ninčić <inincic@pdftron.com>.
=========================
Tag sources with `VER-2-4-2'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.4.2
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.4.1/2.4.2/, s/241/242/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 2.
* builds/unix/configure.raw (version_info): Set to 12:0:6.
* src/base/ftobjs.c (FT_Done_Library): Specify the order of font
drivers in face closing process. Type42 faces should be closed
before TrueType faces, because a Type42 face refers another
internal TrueType face which is created from sfnt[] array on the
memory.
* src/truetype/ttinterp.c (BOUNDSL): New macro.
Change `BOUNDS' to `BOUNDSL' where appropriate.
* src/truetype/ttinterp.h (TT_ExecContextRec): Fix type of
`cvtSize'.
=========================
Tag sources with `VER-2-4-1'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.4.1.
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.4.0/2.4.1/, s/240/241/.
* include/freetype/freetype.h (FREETYPE_PATCH): Set to 1.
* builds/unix/configure.raw (version_info): Set to 11:1:5.
Problem reported by Tobias Wolf <towolf@gmail.com>.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: Sigh. I'm apparently too silly to fix this
correctly in less than three tries.
=========================
Tag sources with `VER-2-4-0'.
* docs/CHANGES: Updated.
* docs/VERSION.DLL: Update documentation and bump version number to
2.4.0.
* README, Jamfile (RefDoc),
builds/win32/vc2005/freetype.vcproj, builds/win32/vc2005/index.html,
builds/win32/vc2008/freetype.vcproj, builds/win32/vc2008/index.html,
builds/win32/visualc/freetype.dsp,
builds/win32/visualc/freetype.vcproj,
builds/win32/visualc/index.html, builds/win32/visualce/freetype.dsp,
builds/win32/visualce/freetype.vcproj,
builds/win32/visualce/index.html,
builds/wince/vc2005-ce/freetype.vcproj,
builds/wince/vc2005-ce/index.html,
builds/wince/vc2008-ce/freetype.vcproj,
builds/wince/vc2008-ce/index.html: s/2.3.12/2.4.0/, s/2312/240/.
* include/freetype/freetype.h (FREETYPE_MINOR): Set to 4.
(FREETYPE_PATCH): Set to 0.
* builds/unix/configure.raw (version_info): Set to 11:0:5.
Permit a face for Type1, Type42 and CFF without charmap,
patch by Tor Andersson.
* src/type1/t1objs.c (T1_Face_Init): Reset the error if it
is FT_Err_No_Unicode_Glyph_Name.
* src/type42/t42objs.c (T42_Face_Init): Ditto.
* src/cff/cffobjs.c (cff_face_init): Ditto.
Too serious check of errors by `FT_CMap_New' since 2010-07-04
is fixed. Reported by Tor Andersson.
* include/freetype/fterrdef.h
(PSnames_Err_No_Unicode_Glyph_Name): New error code to
indicate the Unicode charmap synthesis failed because
no Unicode glyph name is found.
* src/psnames/psmodule.c (ps_unicodes_init): Return
PSnames_Err_No_Unicode_Glyph_Name when no Unicode glyph name
is found in the font.
* src/cff/cffcmap.c (cff_cmap_unicode_init): Return
CFF_Err_No_Unicode_Glyph_Name when no SID is available.
* src/type1/t1objs.c (T1_Face_Init): Proceed if `FT_CMap_New'
is failed by the lack of Unicode glyph name.
* src/type42/t42objs.c (T42_Face_Init): Ditto.
* src/cff/cffobjs.c (cff_face_init): Ditto.
Problem reported by malc <av1474@comtv.ru>.
* src/cff/cffgload.c (cff_decoder_parse_charstrings)
<cff_op_hintmask>: It is possible that there is just a single byte
after the `hintmask' or `cntrmask', e.g., a `return' instruction.
Fix for Savannah bug #30059.
* src/cache/ftccmap.c (FTC_CMapCache_Lookup): Replace `16' the
minimum character code passed by a legacy rogue client by...
* include/freetype/config/ftoption.h (FT_MAX_CHARMAP_CACHEABLE):
This. It is undefined when FT_CONFIG_OPTION_OLD_INTERNALS is
undefined (thus the rogue client compatibility is not required).
* src/cff/cffobjs.c (cff_face_init): Abort the automatic
selection or synthesis of Unicode cmap subtable when the charmap
index exceeds FT_MAX_CHARMAP_CACHEABLE.
* src/sfnt/ttcmap.c (tt_face_build_cmaps): Issue error message
when the charmap index exceeds FT_MAX_CHARMAP_CACHEABLE.
* src/base/ftobjs.c (find_unicode_charmap): When Unicode charmap
is found after FT_MAX_CHARMAP_CACHEABLE, ignore it and search
earlier one.
(find_variant_selector_charmap): When UVS charmap is found after
FT_MAX_CHARMAP_CACHEABLE, ignore it and search earlier one.
(FT_Select_Charmap): When a charmap matching with requested
encoding but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Set_Charmap): When a charmap matching with requested
charmap but after FT_MAX_CHARMAP_CACHEABLE, ignore and search
earlier one.
(FT_Get_Charmap_Index): When a requested charmap is found
after FT_MAX_CHARMAP_CACHEABLE, return the inverted charmap
index.
* src/base/ftobjs.c (Mac_Read_POST_Resource): If the type
of the POST fragment is 0, the segment is completely ignored.
The declared length of the segment is not cared at all.
According to Adobe Technical Note 5040, type 0 segment is
comment only and should not be loaded for the interpreter.
Reported by Robert Swiecki.